Passing Extra Information in WS-Security UserNameToken

(This post is a continuation of the previous post Using WSE 3.0 for Web Service Authentication)

Sometimes, apart from the user credential information passed in the WSE UserNameToken we might need to pass additional informaion in the UserNameToken. For example, in a recent scenario I had to implement multiple levels of authentication. The consumer of the service was required to pass a service level username and password which it can pass in the UserNameToken and also the service required additional Business User Authentication, so the consumer is required to pass this additional Business User credentials.

The Microsoft Implementation of WSE allows you to insert extra xml in the UserNameToken using the UserNameToken.AnyElements property of the Microsoft.Web.Services3.Security.Tokens.UsernameToken class. See the following code which is adding the ExtraUser XML in the UserNameToken.

Dim U As New Microsoft.Web.Services3.Security.Tokens.UsernameToken(“<User_Name>”, “<Password>”, Security.Tokens.PasswordOption.SendHashed)
Dim xmldoc As New System.Xml.XmlDocument()
Dim xmlElement As System.Xml.XmlElement = xmldoc.CreateElement(“ExtraUser”)
Dim xmlElement1 As System.Xml.XmlElement = xmldoc.CreateElement(“UserId”)
xmlElement1.InnerText = “testuser”
Dim xmlElement2 As System.Xml.XmlElement = xmldoc.CreateElement(“UserPass”)
xmlElement2.InnerText = “123”
xmlElement.AppendChild(xmlElement1)
xmlElement.AppendChild(xmlElement2)
U.AnyElements.Add(xmlElement)

This username token can then be passed in the WS-Security. The Service Provider needs to modify its CustomTokenManager class to authenticate the ExtraUser information. The following UserNameToken passed in the SOAP envelop shows how the additional informaiton is passed with the UserNameToken.

<wsse:UsernameToken xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd” wsu:Id=”SecurityToken-2ee318dd-56ef-4f26-877d-2a199ff5b4e3″>
<wsse:Username>aleem</wsse:Username>
<wsse:Password Type=”
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest”>CyI4oSXQgRMdYF416fHcD0IDpIE=</wsse:Password>
<wsse:Nonce>NVU8Adj9tEMZQpBPoPfJMw==</wsse:Nonce>
<wsu:Created>2007-09-18T13:10:30Z</wsu:Created>
<ExtraUser><UserId>testuser</UserId><UserPass>123</UserPass></ExtraUser>
</wsse:UsernameToken>

Advertisements

2 thoughts on “Passing Extra Information in WS-Security UserNameToken

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s