[英]Handle WS-Security PasswordDigest mode in a c++ WWSAPI web service
I inherited an existing and working web service written in c++ with WWSAPI.我继承了一个使用 WWSAPI 用 C++ 编写的现有和可用的 Web 服务。 I must implement the security mechanism based on WS-Security using passworddigest in the soap header, like this one:
我必须在soap标头中使用passworddigest实现基于WS-Security的安全机制,如下所示:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-5094D0E1418B986BF215754539660332">
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">sqPh/Bap7ER6j+n+2iYlI+4Qt9A=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">1ROYkV/ZftvGi17KmsvgnQ==</wsse:Nonce>
<wsu:Created>2019-12-04T10:06:06.032Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
I'm neither a web service expert nor a WWSAPI expert, but I understand the basics of a web service.我既不是 Web 服务专家,也不是 WWSAPI 专家,但我了解 Web 服务的基础知识。 I tried to understand the WWSAPI documentation, but didn't understand where to start to implement this security.
我试图理解 WWSAPI 文档,但不知道从哪里开始实现这种安全性。
I tested by using the binding WS_STRING_USERNAME_MESSAGE_SECURITY_BINDING_TYPE, for which I can define a password validator callback, which seems to work with a simple user/password scheme.我通过使用绑定 WS_STRING_USERNAME_MESSAGE_SECURITY_BINDING_TYPE 进行了测试,为此我可以定义一个密码验证器回调,它似乎适用于一个简单的用户/密码方案。 But where/how to define a password digest security mechanism ?
但是在哪里/如何定义密码摘要安全机制?
With the API, I was expecting a simple setting to define the basic digest mechanism and a callback to receive the nonce, the date created, the username, and the password, but I don't understand where to start.使用 API,我期待一个简单的设置来定义基本的摘要机制和一个回调来接收随机数、创建日期、用户名和密码,但我不知道从哪里开始。 I don't understand if this needs simple declarations (bindings + properties + callback), or if I need to write some code, for example to manually parse the xml header.
我不明白这是否需要简单的声明(绑定 + 属性 + 回调),或者我是否需要编写一些代码,例如手动解析 xml 标头。
As someone implemented a WWSAAPI web service with WS-Security and how ?有人使用 WS-Security 实现了 WWSAAPI Web 服务,如何实现?
Ok, so, nobody seems to implement web services in pure c++ ?好的,那么,似乎没有人在纯 C++ 中实现 Web 服务? Anyway, I found the answer: this must be done (pratically) by hand.
无论如何,我找到了答案:这必须(实际上)手动完成。 The main points are:
要点是:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.