C
casey chesnut
full framework if you dont want to install WSE.
or compact framework where it doesnt exist.
casey
----------------------------------------------------------------------------
------
//SecurityHeader.cs
using System;
using System.Xml;
using System.Xml.Serialization;
using System.Web.Services.Protocols;
using System.Text;
/*
//outgoing SoapHeader will look something like this
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<wsse:UsernameToken
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="SecurityToken-9cda5cb3-f5c6-4ddf-b9fa-30ff0bcc97f5">
<wsse:Username>PZh3EOz8/GWV+PQel2OaZtrNv2x3/dBk</wsse:Username>
<wsse
assword
Type="wsseasswordDigest">aDmrV1Ek7pHKnFGiuc/WLQJMoiY=</wsseassword>
<wsse:Nonce>rXl+0wUmcdMNbeMFmqGDiw==</wsse:Nonce>
<wsu:Created>2003-07-23T19:51:24Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
//add public member to the auto gen'd webReference proxy
public bNb.WebServices.SecurityHeader securityHeader;
//add to WebMethod that will be called on auto gen'd webReference proxy
[System.Web.Services.Protocols.SoapHeaderAttribute("securityHeader")]
//change client code to set UsernameToken info
webReference.securityHeader = new bNb.WebServices.SecurityHeader();
webReference.securityHeader.UsernameToken.SetUserPass(username, password,
PasswordOption.SendHashed);
//Guid and Sha1 wrapper classes are needed based on platform:
//FULL FRAMEWORK
//guid = System.Guid.NewGuid();
//System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new
// System.Security.Cryptography.SHA1CryptoServiceProvider();
//bHash = sha1.ComputeHash(buffer);
//COMPACT FRAMEWORK
//guid - http://smartdevices.microsoftdev.com/Learn/Articles/507.aspx
//sha1 - http://www.learnmobile.net/MobileClient/Tutorials/cfWSE/
*/
namespace bNb
{
[XmlRoot(Namespace=NsConstants.wsse, ElementName="Security")]
public class SecurityHeader : SoapHeader
{
public SecurityHeader()
{
this.MustUnderstand = true;
this.UsernameToken = new UsernameToken();
}
[XmlElement(Namespace=NsConstants.wsse)]
public UsernameToken UsernameToken;
}
public class UsernameToken
{
public UsernameToken() {}
public void SetUserPass(string username, string password, PasswordOption
passType)
{
this.Username = username;
System.Guid g = Guid.NewGuid();
this.Id = "SecurityToken-" + g.ToString("D");
if(passType == PasswordOption.SendNone)
{
this.Password = null;
}
this.Password = new Password();
if(passType == PasswordOption.SendPlainText)
{
this.Password.Type = "wsseasswordText";
this.Password.Text = password;
}
if(passType == PasswordOption.SendHashed)
{
this.Password.Type = "wsseasswordDigest";
DateTime dtCreated = DateTime.UtcNow;
this.Created = XmlConvert.ToString(dtCreated, "yyyy-MM-ddTHH:mm:ssZ");
byte [] baCreated = Encoding.UTF8.GetBytes(this.Created);
//TODO crypto strength random number generator
this.Nonce = new Nonce();
Random r = new Random(Environment.TickCount);
byte [] baNonce = new byte[20];
r.NextBytes(baNonce);
this.Nonce.Text = Convert.ToBase64String(baNonce, 0, baNonce.Length);
byte [] baPassword = Encoding.UTF8.GetBytes(password);
int baDigestLength = baNonce.Length + baCreated.Length +
baPassword.Length;
byte [] baDigest = new byte[baDigestLength];
Array.Copy(baNonce, 0, baDigest, 0, baNonce.Length);
Array.Copy(baCreated, 0, baDigest, baNonce.Length, baCreated.Length);
Array.Copy(baPassword, 0, baDigest, baNonce.Length + baCreated.Length,
baPassword.Length);
byte [] hash = Sha1.ComputeHash(baDigest);
this.Password.Text = Convert.ToBase64String(hash, 0, hash.Length);
}
}
//required
[XmlElement(Namespace=NsConstants.wsse)]
public string Username;
[XmlAttribute(Namespace=NsConstants.wsu)]
public string Id;
//optional
[XmlElement(Namespace=NsConstants.wsse)]
public Password Password;
[XmlElement(Namespace=NsConstants.wsse)]
public Nonce Nonce;
[XmlElement(Namespace=NsConstants.wsu)]
public string Created;
}
public class Nonce
{
public Nonce(){}
[XmlText()]
public string Text;
//TODO handle hexEncode scenario
[XmlAttribute()]
public string EncodingType;
}
public class Password
{
public Password() {}
[XmlText()]
public string Text;
[XmlAttribute()]
public string Type;
}
public class NsConstants
{
public const string wsse = "http://schemas.xmlsoap.org/ws/2002/07/secext";
public const string wsu = "http://schemas.xmlsoap.org/ws/2002/07/utility";
}
public enum PasswordOption
{
SendHashed,
SendNone,
SendPlainText,
}
public enum EncodingType
{
Base64Binary,
HexBinary,
}
}
or compact framework where it doesnt exist.
casey
----------------------------------------------------------------------------
------
//SecurityHeader.cs
using System;
using System.Xml;
using System.Xml.Serialization;
using System.Web.Services.Protocols;
using System.Text;
/*
//outgoing SoapHeader will look something like this
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<wsse:UsernameToken
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="SecurityToken-9cda5cb3-f5c6-4ddf-b9fa-30ff0bcc97f5">
<wsse:Username>PZh3EOz8/GWV+PQel2OaZtrNv2x3/dBk</wsse:Username>
<wsse
asswordType="wsse
asswordDigest">aDmrV1Ek7pHKnFGiuc/WLQJMoiY=</wsseassword><wsse:Nonce>rXl+0wUmcdMNbeMFmqGDiw==</wsse:Nonce>
<wsu:Created>2003-07-23T19:51:24Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
//add public member to the auto gen'd webReference proxy
public bNb.WebServices.SecurityHeader securityHeader;
//add to WebMethod that will be called on auto gen'd webReference proxy
[System.Web.Services.Protocols.SoapHeaderAttribute("securityHeader")]
//change client code to set UsernameToken info
webReference.securityHeader = new bNb.WebServices.SecurityHeader();
webReference.securityHeader.UsernameToken.SetUserPass(username, password,
PasswordOption.SendHashed);
//Guid and Sha1 wrapper classes are needed based on platform:
//FULL FRAMEWORK
//guid = System.Guid.NewGuid();
//System.Security.Cryptography.SHA1CryptoServiceProvider sha1 = new
// System.Security.Cryptography.SHA1CryptoServiceProvider();
//bHash = sha1.ComputeHash(buffer);
//COMPACT FRAMEWORK
//guid - http://smartdevices.microsoftdev.com/Learn/Articles/507.aspx
//sha1 - http://www.learnmobile.net/MobileClient/Tutorials/cfWSE/
*/
namespace bNb
{
[XmlRoot(Namespace=NsConstants.wsse, ElementName="Security")]
public class SecurityHeader : SoapHeader
{
public SecurityHeader()
{
this.MustUnderstand = true;
this.UsernameToken = new UsernameToken();
}
[XmlElement(Namespace=NsConstants.wsse)]
public UsernameToken UsernameToken;
}
public class UsernameToken
{
public UsernameToken() {}
public void SetUserPass(string username, string password, PasswordOption
passType)
{
this.Username = username;
System.Guid g = Guid.NewGuid();
this.Id = "SecurityToken-" + g.ToString("D");
if(passType == PasswordOption.SendNone)
{
this.Password = null;
}
this.Password = new Password();
if(passType == PasswordOption.SendPlainText)
{
this.Password.Type = "wsse
asswordText";this.Password.Text = password;
}
if(passType == PasswordOption.SendHashed)
{
this.Password.Type = "wsse
asswordDigest";DateTime dtCreated = DateTime.UtcNow;
this.Created = XmlConvert.ToString(dtCreated, "yyyy-MM-ddTHH:mm:ssZ");
byte [] baCreated = Encoding.UTF8.GetBytes(this.Created);
//TODO crypto strength random number generator
this.Nonce = new Nonce();
Random r = new Random(Environment.TickCount);
byte [] baNonce = new byte[20];
r.NextBytes(baNonce);
this.Nonce.Text = Convert.ToBase64String(baNonce, 0, baNonce.Length);
byte [] baPassword = Encoding.UTF8.GetBytes(password);
int baDigestLength = baNonce.Length + baCreated.Length +
baPassword.Length;
byte [] baDigest = new byte[baDigestLength];
Array.Copy(baNonce, 0, baDigest, 0, baNonce.Length);
Array.Copy(baCreated, 0, baDigest, baNonce.Length, baCreated.Length);
Array.Copy(baPassword, 0, baDigest, baNonce.Length + baCreated.Length,
baPassword.Length);
byte [] hash = Sha1.ComputeHash(baDigest);
this.Password.Text = Convert.ToBase64String(hash, 0, hash.Length);
}
}
//required
[XmlElement(Namespace=NsConstants.wsse)]
public string Username;
[XmlAttribute(Namespace=NsConstants.wsu)]
public string Id;
//optional
[XmlElement(Namespace=NsConstants.wsse)]
public Password Password;
[XmlElement(Namespace=NsConstants.wsse)]
public Nonce Nonce;
[XmlElement(Namespace=NsConstants.wsu)]
public string Created;
}
public class Nonce
{
public Nonce(){}
[XmlText()]
public string Text;
//TODO handle hexEncode scenario
[XmlAttribute()]
public string EncodingType;
}
public class Password
{
public Password() {}
[XmlText()]
public string Text;
[XmlAttribute()]
public string Type;
}
public class NsConstants
{
public const string wsse = "http://schemas.xmlsoap.org/ws/2002/07/secext";
public const string wsu = "http://schemas.xmlsoap.org/ws/2002/07/utility";
}
public enum PasswordOption
{
SendHashed,
SendNone,
SendPlainText,
}
public enum EncodingType
{
Base64Binary,
HexBinary,
}
}