Board index » delphi » WS-Security
otavio
Delphi Developer |
otavio
Delphi Developer |
WS-Security2006-02-02 12:52:28 AM delphi234 Hi There, I have a Asp.Net Web Service that uses UserNameToken (WS-Security) and I need to send the authenticantion data using WS-Security specification. Is there any way to do that in Delphi 7? TIA |
A.G.
Delphi Developer |
2007-01-06 01:48:17 AM
Re:WS-Security
Hello everyone,
I know that it is not supported out-of-the-box but I was wondering if anybody's had any experience getting a Delphi (Win32, not .NET) client to talk to a WSE (.NET) Web Service using the WS-Security extensions. This would be using Delphi 7. It seems doable enough using some custom header classes, and I think cryptlib ought to be able to handle the message signing/encryption, but I'm not fully up to speed on all aspects of the spec and so I thought I would see if it is already been done before I reread all 100 pages of the WSS and X.509 Token specs. The setup is nothing too fancy - just message signing and encryption with an X.509 cert, along with the regular WSA headers. The .NET clients use Secure Conversation but the Delphi client doesn't have to. The solution does not need to be fully extensible, even hard-coded headers are fine, I really just want to get one or two messages sent across. Please let me know! Thanks, Aaron |
Jean-Marie Babet
Delphi Developer |
2007-01-10 01:24:54 AM
Re:WS-Security
Hello Aaron,
I have not done any work with WS-Security but, as you mentioned already, the core of the issue would be to compute the data for the headers. Delphi SOAP has a limitation with headers - it does not support simple types as headers - but I don't think this will be a problem with WS-Security. I believe that WS-Security allows for the SOAP body to be encrypted. That would not be easy to merge with Delphi SOAP as it is invasive. However, other elements that involve just additional headers (username, signature, custom, etc) should be workable. Cheers, Bruneau. |
Net
Delphi Developer |
2007-01-13 10:50:03 PM
Re:WS-Security
The closest you can get to doing that...i have tried something similiar with
a C# webservice a time ago, is to extend the class THTTPRIO in delphi, and override it is Before and After Response methods and control the data stream just before it is actually proccessed, then allow it to go on to it's inherited routine to continue. "Jean-Marie Babet" <XXXX@XXXXX.COM>writes QuoteHello Aaron, |
A.G.
Delphi Developer |
2007-01-23 06:00:35 AM
Re:WS-Security
"Net" <XXXX@XXXXX.COM>wrote in
QuoteThe closest you can get to doing that...i have tried something encrypt the message body so I could see this as being rather complicated. I think it would take less time to just write a .NET proxy service that listens on a TCP port. The client always operates from within the private network anyway. Not very elegant, but not many options either... Thanks again, Aaron |
sait sari
Delphi Developer |
2008-03-27 03:53:18 AM
Re:WS-Security
How can I add Ws-security in header in delphi 7 like
<wsse:Security soapenv:mustUnderstand="true"> <wsu:Timestamp wsu:Id="Timestamp-27789929"> <wsu:Created>2008-02-06T14:04:08Z</wsu:Created> <wsu:Expires>2008-02-06T14:09:08Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="UsernameToken-32278793"> <wsse:Username>KullaniciAdi</wsse:Username> <wsse:Password Type="docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0">PXCtyKVi+1fzkVZaKYgD+lENgbs=</wsse:Password> <wsse:Nonce>/qmJdpfcepocmQ19ntGmVw==</wsse:Nonce> <wsu:Created>2008-02-06T14:04:08Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> |