How to pass UserNameToken to ASMX service?

StackOverflow https://stackoverflow.com/questions/12943015

  •  08-07-2021
  •  | 
  •  

Question

I have an asmx web service and a test console app. I have added web service reference to the console app and calling it like this

Employee.Employee e = new TestService.Employee.Employee();
e.SomeMethod();

On every web service call there is a validation check which looks like this 

    private bool IsUserNameTokenPresent()
    {
        //Get current SOAP context
        SoapContext ctxt = RequestSoapContext.Current;
        UsernameToken user = null;
        if (ctxt == null)
        {
            //This request is using a different protocol other than SOAP.
            return false;
        }

        //Iterate through all Security tokens
        foreach(SecurityToken tok in ctxt.Security.Tokens)
        {
            if (tok is UsernameToken)
            {
                user = (UsernameToken)tok;

            }
        }
        if (user == null)
            return false;

        return true;
    }

Question: How do I pass the Security Token so that I can test this service. Its always null.

Was it helpful?

Solution

Finally found the answer for this. I had to create my own SOAP header manually and pass it with the request. Here is some code. I had to create Nonce dynamically for every call, I will post it here if someone wants the code for that.

            XmlDocument doc = new XmlDocument();

            doc.InnerXml = @"<?xml version='1.0' encoding='utf-8'?>
                                <soap:Envelope 
                                xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' 
                                xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' 
                                xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
                                <soap:Header>
                                <wsse:Security soap:mustUnderstand='1'>
                                <wsse:UsernameToken wsu:Id='uuid_faf0159a-6b13-4139-a6da-cb7b4100c10c'>
                                <wsse:Username>UserID</wsse:Username>
                                <wsse:Password>Pass</wsse:Password>
                                <wsse:Nonce>" + nonce + @"</wsse:Nonce>
                                <wsu:Created>" + date + @"</wsu:Created>
                                </wsse:UsernameToken>
                                </wsse:Security>
                                </soap:Header>
                                <soap:Body>
                                <FindBySelfId>
                                <specification>
                                <LastName>" + lastname + @"</LastName>
                                <FirstName>" + firstname + @"</FirstName>
                                <DateOfBirth>" + dob + @"</DateOfBirth>
                                <HomeZipCode>" + zip + @"</HomeZipCode>
                                <SSN4>" + ssn + @"</SSN4>
                                </specification>
                                </FindBySelfId  >
                                </soap:Body>
                                </soap:Envelope>";

            HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://localhost/Employee/employee.asmx");

            req.Headers.Add("SOAPAction", "https://<Namespace here>");

            req.ContentType = "text/xml;charset=\"utf-8\"";
            req.Accept = "text/xml";

            req.Method = "POST";
            Stream stm = req.GetRequestStream();
            doc.Save(stm);
            stm.Close();
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top