(This post is a continuation of the previous post Using WSE 3.0 for Web Service Authentication)
Sometimes, apart from the user credential information passed in the WSE UserNameToken we might need to pass additional informaion in the UserNameToken. For example, in a recent scenario I had to implement multiple levels of authentication. The consumer of the service was required to pass a service level username and password which it can pass in the UserNameToken and also the service required additional Business User Authentication, so the consumer is required to pass this additional Business User credentials.
The Microsoft Implementation of WSE allows you to insert extra xml in the UserNameToken using the UserNameToken.AnyElements property of the Microsoft.Web.Services3.Security.Tokens.UsernameToken class. See the following code which is adding the ExtraUser XML in the UserNameToken.
Dim U As New Microsoft.Web.Services3.Security.Tokens.UsernameToken(“<User_Name>”, “<Password>”, Security.Tokens.PasswordOption.SendHashed)
Dim xmldoc As New System.Xml.XmlDocument()
Dim xmlElement As System.Xml.XmlElement = xmldoc.CreateElement(“ExtraUser”)
Dim xmlElement1 As System.Xml.XmlElement = xmldoc.CreateElement(“UserId”)
xmlElement1.InnerText = “testuser”
Dim xmlElement2 As System.Xml.XmlElement = xmldoc.CreateElement(“UserPass”)
xmlElement2.InnerText = “123”
xmlElement.AppendChild(xmlElement1)
xmlElement.AppendChild(xmlElement2)
U.AnyElements.Add(xmlElement)
This username token can then be passed in the WS-Security. The Service Provider needs to modify its CustomTokenManager class to authenticate the ExtraUser information. The following UserNameToken passed in the SOAP envelop shows how the additional informaiton is passed with the UserNameToken.
<wsse:UsernameToken xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd” wsu:Id=”SecurityToken-2ee318dd-56ef-4f26-877d-2a199ff5b4e3″>
<wsse:Username>aleem</wsse:Username>
<wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>CyI4oSXQgRMdYF416fHcD0IDpIE=</wsse:Password>
<wsse:Nonce>NVU8Adj9tEMZQpBPoPfJMw==</wsse:Nonce>
<wsu:Created>2007-09-18T13:10:30Z</wsu:Created>
<ExtraUser><UserId>testuser</UserId><UserPass>123</UserPass></ExtraUser>
</wsse:UsernameToken>
Aleem's Weblog 
Developing web services eh? You know who else could use a webservice client? 😀
How do you use this type of UserNameToken addition with WCF?