WSE 3.0: Usernametoken Without nonce and timestamp and signinging the body
Question
So i have a provider that opened a Web Service so i can consult him. The problem is that it only supports WSE (yep i tried in WCF but it just aint happening due to the security restrictions) for .net clients. and he has put out some special characteristics on the security of the message. It must be authenticated via Usernametoken, but without sending the nocne and timestamp. also he needs the body to be signed... anyone who knows how to do that with WSE.
Thanks in advance
1 answers
solution1
0 2014-03-21 21:10:36
So after a day or two doing research i fount out how to do that. WSE3 is based on policies, so i made up a Custom PolicyAssertion for adding the usernametoken header and deleting the nonce and timestamp of the header following this tutorial http://www.codeproject.com/Articles/12189/Custom-WSE-Policy-Assertions-for-Signing-and-E
And then Used a Custom SecurityPolicyAssertion to do the signing.
Then through the wse3policy config i called first the custom SecurityPolicyAssertion and then the custom PolicyAssertion.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.