Board index » delphi » WS-Security

WS-Security


2006-02-02 12:52:28 AM
delphi234
Hi There,
I have a Asp.Net Web Service that uses UserNameToken (WS-Security) and I need to send the authenticantion data using WS-Security specification. Is there any way to do that in Delphi 7?
TIA
 
 

Re:WS-Security

Hello everyone,
I know that it is not supported out-of-the-box but I was wondering if
anybody's had any experience getting a Delphi (Win32, not .NET) client to
talk to a WSE (.NET) Web Service using the WS-Security extensions. This
would be using Delphi 7.
It seems doable enough using some custom header classes, and I think
cryptlib ought to be able to handle the message signing/encryption, but I'm
not fully up to speed on all aspects of the spec and so I thought I would see
if it is already been done before I reread all 100 pages of the WSS and
X.509 Token specs.
The setup is nothing too fancy - just message signing and encryption with
an X.509 cert, along with the regular WSA headers. The .NET clients use
Secure Conversation but the Delphi client doesn't have to. The solution
does not need to be fully extensible, even hard-coded headers are fine, I
really just want to get one or two messages sent across.
Please let me know!
Thanks,
Aaron
 

Re:WS-Security

Hello Aaron,
I have not done any work with WS-Security but, as you mentioned already, the
core of the issue would be to compute the data for the headers. Delphi SOAP
has a limitation with headers - it does not support simple types as
headers - but I don't think this will be a problem with WS-Security.
I believe that WS-Security allows for the SOAP body to be encrypted. That
would not be easy to merge with Delphi SOAP as it is invasive. However, other
elements that involve just additional headers (username, signature, custom,
etc) should be workable.
Cheers,
Bruneau.
 

Re:WS-Security

The closest you can get to doing that...i have tried something similiar with
a C# webservice a time ago, is to extend the class THTTPRIO in delphi, and
override it is Before and After Response methods and control the data stream
just before it is actually proccessed, then allow it to go on to it's
inherited routine to continue.
"Jean-Marie Babet" <XXXX@XXXXX.COM>writes
Quote
Hello Aaron,

I have not done any work with WS-Security but, as you mentioned already,
the
core of the issue would be to compute the data for the headers. Delphi
SOAP
has a limitation with headers - it does not support simple types as
headers - but I don't think this will be a problem with WS-Security.

I believe that WS-Security allows for the SOAP body to be encrypted. That
would not be easy to merge with Delphi SOAP as it is invasive. However,
other
elements that involve just additional headers (username, signature,
custom,
etc) should be workable.

Cheers,

Bruneau.


 

Re:WS-Security

"Net" <XXXX@XXXXX.COM>wrote in
Quote
The closest you can get to doing that...i have tried something
similiar with a C# webservice a time ago, is to extend the class
THTTPRIO in delphi, and override it is Before and After Response
methods and control the data stream just before it is actually
proccessed, then allow it to go on to it is inherited routine to
continue.
Ah, was hoping for an easier way or some existing tool... seemed like a
common enough scenario for one to exist. It definitely does have to
encrypt the message body so I could see this as being rather complicated.
I think it would take less time to just write a .NET proxy service that
listens on a TCP port. The client always operates from within the private
network anyway. Not very elegant, but not many options either...
Thanks again,
Aaron
 

Re:WS-Security

How can I add Ws-security in header in delphi 7 like
<wsse:Security soapenv:mustUnderstand="true">
<wsu:Timestamp wsu:Id="Timestamp-27789929">
<wsu:Created>2008-02-06T14:04:08Z</wsu:Created>
<wsu:Expires>2008-02-06T14:09:08Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-32278793">
<wsse:Username>KullaniciAdi</wsse:Username>
<wsse:Password
Type="docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0">PXCtyKVi+1fzkVZaKYgD+lENgbs=</wsse:Password>
<wsse:Nonce>/qmJdpfcepocmQ19ntGmVw==</wsse:Nonce>
<wsu:Created>2008-02-06T14:04:08Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>