如何通过SOAP执行Windows Live身份验证(RST)
[英]How to do Windows Live Authentication (RST) via SOAP
问题描述
Does anybody has any pointer regarding this? 
有人对此有任何指示吗?
We are currently trying with Java SOAP API. 我们目前正在尝试使用Java SOAP API。 The URL used for windows live authentication is: https://login.live.com/RST2.srf Windows Live身份验证使用的URL是: https : //login.live.com/RST2.srf
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<s:Header>
<wsa:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action>
<wsa:To s:mustUnderstand="1">HTTPS://login.live.com:443//RST2.srf</wsa:To>
<wsa:MessageID>1265627255</wsa:MessageID>
<ps:AuthInfo xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" Id="PPAuthInfo">
<ps:HostingApp>{52B7DF4E-8D6F-49B5-BA7A-2E77B06DF104}</ps:HostingApp>
<ps:BinaryVersion>5</ps:BinaryVersion>
<ps:UIVersion>1</ps:UIVersion>
<ps:Cookies/>
<ps:RequestParams>AQAAAAIAAABsYwQAAAAxMDMz</ps:RequestParams>
</ps:AuthInfo>
<wsse:Security>
<wsse:UsernameToken wsu:Id="user">
<wsse:Username>harvinder_singh@persistent.co.in</wsse:Username>
<wsse:Password>jigsaw</wsse:Password>
</wsse:UsernameToken>
<wsu:Timestamp Id="Timestamp">
<wsu:Created>2010-02-08T11:07:36Z</wsu:Created>
<wsu:Expires>2010-02-08T11:12:36Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</s:Header>
<s:Body>
<wst:RequestSecurityToken Id="RST0">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsp:PolicyReference URI="MBI_SSL"/>
</wst:RequestSecurityToken>
</s:Body>
</s:Envelope>
2 个解决方案
解决方案1
2 2012-02-28 19:16:09
This is what worked for me: 这对我有用:
Request 请求
curl -v -X POST \
-A 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; IDCRL 4.100.313.1; IDCRL-cfg 4.0.5633.0; App msnmsgr.exe, 8.1.178.0, {7108E71A-9926-4FCB-BCC9-9A9D3F32E423})' \
-H 'Content-Type: text/xml' \
--data @soap-envelope.xml \
https://login.live.com/RST.srf
SOAP Envelope (soap-envelope.xml) SOAP信封(soap-envelope.xml)
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wssc="http://schemas.xmlsoap.org/ws/2004/04/sc" xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
<Header>
<ps:AuthInfo xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" Id="PPAuthInfo">
<ps:HostingApp>{7108E71A-9926-4FCB-BCC9-9A9D3F32E423}</ps:HostingApp>
<ps:BinaryVersion>4</ps:BinaryVersion>
<ps:UIVersion>1</ps:UIVersion>
<ps:Cookies/>
<ps:RequestParams>AQAAAAIAAABsYwQAAAAyMDUy</ps:RequestParams>
</ps:AuthInfo>
<wsse:Security>
<wsse:UsernameToken Id="user">
<wsse:Username>user@hotmail.com</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</Header>
<Body>
<ps:RequestMultipleSecurityTokens xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" Id="RSTS">
<wst:RequestSecurityToken Id="RST0">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityToken>
<wst:RequestSecurityToken Id="RST1">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference URI="?MBI_KEY_OLD"/>
</wst:RequestSecurityToken>
</ps:RequestMultipleSecurityTokens>
</Body>
</Envelope>
Response 响应
<?xml version="1.0" encoding="utf-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header>
<psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
<psf:serverVersion>1</psf:serverVersion>
<psf:PUID>00064000ACB2DA4B</psf:PUID>
<psf:configVersion>10.000.17163.00</psf:configVersion>
<psf:uiVersion>3.100.2179.0</psf:uiVersion>
<psf:mobileConfigVersion>7.0.13347.0</psf:mobileConfigVersion>
<psf:authstate>0x48803</psf:authstate>
<psf:reqstatus>0x0</psf:reqstatus>
<psf:serverInfo Path="Live1" RollingUpgradeState="ExclusiveNew" LocVersion="0" ServerTime="2012-02-28T18:02:53Z">BAYIDSLGN1M23 2012.01.05.13.58.58</psf:serverInfo>
<psf:cookies/>
<psf:browserCookies>
<psf:browserCookie Name="MH" URL="http://www.msn.com">MSFT; path=/; domain=.msn.com; expires=Wed, 30-Dec-2037 16:00:00 GMT</psf:browserCookie>
<psf:browserCookie Name="MHW" URL="http://www.msn.com">; path=/; domain=.msn.com; expires=Thu, 30-Oct-1980 16:00:00 GMT</psf:browserCookie>
<psf:browserCookie Name="MH" URL="http://www.live.com">MSFT; path=/; domain=.live.com; expires=Wed, 30-Dec-2037 16:00:00 GMT</psf:browserCookie>
<psf:browserCookie Name="MHW" URL="http://www.live.com">; path=/; domain=.live.com; expires=Thu, 30-Oct-1980 16:00:00 GMT</psf:browserCookie>
</psf:browserCookies>
<psf:credProperties>
<psf:credProperty Name="MainBrandID">MSFT</psf:credProperty>
<psf:credProperty Name="BrandIDList"/>
<psf:credProperty Name="IsWinLiveUser">true</psf:credProperty>
<psf:credProperty Name="CID">[cid]</psf:credProperty>
<psf:credProperty Name="AuthMembername">user@hotmail.com</psf:credProperty>
<psf:credProperty Name="Country">US</psf:credProperty>
<psf:credProperty Name="Language">1033</psf:credProperty>
<psf:credProperty Name="FirstName">User</psf:credProperty>
<psf:credProperty Name="LastName">Name</psf:credProperty>
<psf:credProperty Name="Flags">40100443</psf:credProperty>
<psf:credProperty Name="IP">[ip]</psf:credProperty>
<psf:credProperty Name="AssociatedForStrongAuth">0</psf:credProperty>
</psf:credProperties>
<psf:extProperties>
<psf:extProperty Name="ANON" Expiry="Sun, 16-Sep-2012 01:02:53 GMT" Domains="bing.com;atdmt.com" IgnoreRememberMe="false">A=E594CCB6E68C3EE6D7791CA6FFFFFFFF&E=c58&W=1</psf:extProperty>
<psf:extProperty Name="NAP" Expiry="Fri, 08-Jun-2012 01:02:53 GMT" Domains="bing.com;atdmt.com" IgnoreRememberMe="false">V=1.9&E=bfe&C=m2GHblEqDDQP4-wYJOPUUAHW4oDsyX97spFHjQr-H1qHHQVZ4qfpgQ&W=1</psf:extProperty>
<psf:extProperty Name="LastUsedCredType">1</psf:extProperty>
<psf:extProperty Name="WebCredType">1</psf:extProperty>
<psf:extProperty Name="CID">[cid]</psf:extProperty>
</psf:extProperties>
<psf:response/>
</psf:pp>
</S:Header>
<S:Body>
<wst:RequestSecurityTokenResponseCollection xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust" xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo xmlns:wsa="http://schemas.xml soap.org/ws/2004/03/addressing">
<wsa:EndpointReference>
<wsa:Address>http://Passport.NET/tb</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2012-02-28T18:02:53Z</wsu:Created>
<wsu:Expires>2012-02-29T18:02:53Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="BinaryDAToken0" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>http://Passport.NET/STS</ds:KeyName>
</ds:KeyInfo>
<CipherData>
<CipherValue>[cipher]</CipherValue>
</CipherData>
</EncryptedData>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier ValueType="urn:passport"/>
<wsse:Reference URI="#BinaryDAToken0"/>
</wst:RequestedTokenReference>
<wst:RequestedProofToken>
<wst:BinarySecret>[secret]</wst:BinarySecret>
</wst:RequestedProofToken>
</wst:RequestSecurityTokenResponse>
<wst:RequestSecurityTokenResponse>
<wst:TokenType>urn:passport:legacy</wst:TokenType>
<wsp:AppliesTo xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing">
<wsa:EndpointReference>
<wsa:Address>messenger.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Created>2012-02-28T18:02:53Z</wsu:Created>
<wsu:Expires>2012-02-28T18:11:13Z</wsu:Expires>
</wst:LifeTime>
<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken Id="PPToken1">t=[token]</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>
<wst:RequestedTokenReference>
<wsse:KeyIdentifier ValueType="urn:passport"/>
<wsse:Reference URI="#PPToken1"/>
</wst:RequestedTokenReference>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</S:Body>
</S:Envelope>
I redacted sensitive bits with [foo] -style substitutions. 我用[foo]风格的替换来编辑敏感位。
解决方案2
1 2010-06-18 09:05:47
Use consent 使用同意
https://consent.live.com/Delegation.aspx?
ps = Passport service you want (Contacts.update|Contacts.index....)
ru = Return URL
pl = Policy url
app = your appid+timestamp+signature
If you link your users to this, Microsoft Live Service will authenticate your app then send a token as a base64 encrypted parameter to Return URL, you can parse that to get the Delegated Token for the user, their live id, the life-expectancy of the token, the permissions available and various other bits of information 如果您将用户链接到此,Microsoft Live Service将对您的应用程序进行身份验证,然后将令牌作为base64加密参数发送到Return URL,您可以解析该令牌以获得该用户的委派令牌,他们的实时ID,预期寿命令牌,可用权限以及其他各种信息
Have a look here for more information 在这里查看更多信息
http://msdn.microsoft.com/en-us/library/cc287637.aspx http://msdn.microsoft.com/en-us/library/cc287637.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何在基于SOAP的Web服务客户端中进行抢占式身份验证 - How to do Preemptive Authentication in SOAP Based Web Service Client
如何通过集成Windows身份验证防止来宾用户登录提示? - How to prevent login prompt for guest users via Integrated Windows Authentication?
如何在标头中包含SOAP身份验证详细信息? - How to include SOAP authentication details in header?
如何将Authentication Header传递给JAXWS SOAP客户端 - How to pass Authentication Header to JAXWS SOAP client
如何在现有的SOAP Web服务上添加“身份验证”? - How to add “Authentication” on existing SOAP web services?
如何在Soap Web服务中管理身份验证 - How to manage authentication in a soap web service
如何使用Selenium处理Windows身份验证 - How do I handle a Windows Authentication using Selenium
如何通过Soap / Java在Magento中创建具有其他属性的产品 - How do I create a product with additional attributes in Magento via Soap/Java
如何在 TCP 握手后立即阻止 Windows 操作系统自动 RST 数据包 - How to Block Windows OS automatic RST packet right after TCP handshake
如何通过HTTPS / SSL连接到Soap Web服务? - How to connect to a soap webservice via HTTPS/SSL?
相关标签