Solved

Coldfusion: SOAP Security Header Problem

Posted on 2013-01-09
4
1,385 Views
Last Modified: 2016-02-10
OVERVIEW
I need to make a secure SOAP request with Coldfusion , and I'm having trouble implementing the headers properly so the service can use it.

There are two structure examples I was given

Example 1:
This is a sample soap request:

POST /WebService/EmployerWebServiceV24.asmx HTTP/1.1
Host: stage.e-verify.uscis.gov
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>

Open in new window


Example 2:
An example SOAP authentication HEADER would look something like:

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header>
        <wsse:Security soap:mustUnderstand="1">
            <wsse:UsernameToken namespaces>
                <wsse:Username>username</wsse:Username>
                <wsse:Password Type="type info">password</wsse:Password>
                <wsse:Nonce>nonce</wsse:Nonce>
                <wsu:Created>date created</wsu:Created>
            </wsse:UsernameToken>
        <wsse:Security>
    </soap:Header>
    <soap:Body>
        <WebServiceMethodName xmlns="Web Service Namespace" />
    </soap:Body>
</soap:Envelope>

Open in new window


IMPORTANT
I was able to create a successful connection to this web service without including header information.
To use other functions I need a properly working header which works.
This is my code for the successful connection without the headers. (So you can reproduce it)


<cfsavecontent variable="request_xml">
<cfoutput>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>
</cfoutput>
</cfsavecontent>
<!--- Make Request --->
<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">
  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />
  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />
  <cfhttpparam type="body" value="#trim(request_xml)#" />
</cfhttp>
<!--- Show Response --->
<cfdump var="#httpResponse#" label="httpResponse">
<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

Open in new window


PROBLEM

When I insert my header into the request, then it throws me an error saying "code:InvalidSecurityToken"
(Replace cfsavecontent with this)

<!--- Define Nonce --->
<cfscript>
  strNonce = ToBase64(createUUID());
</cfscript>
<cfsavecontent variable="request_xml">
<cfoutput>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
	<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
		<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>ARIC1124</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>
            <wsse:Nonce>#strNonce#</wsse:Nonce> 
            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>
		</wsse:UsernameToken>
	</wsse:Security>
  </soap:Header>
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>
</cfoutput>
</cfsavecontent>

Open in new window


OTHER SOLUTIONS I HAVE TRIED:
I have tried to use createObject + AddSOAPRequestHeader + cfinvoke but nothing seems to work for me

WHAT I AM LOOKING FOR FROM THE EXPERTS:
I want a complete cfm code file which would include my header that works.

*Email address removed by Netminder 15 Jan 2013*
0
Comment
Question by:Totalpackage612
4 Comments
 

Accepted Solution

by:
Totalpackage612 earned 0 total points
ID: 38782649
I cancelled my membership to this site because this is a complete joke!
I have a working example above, and not one of your "experts" could even bother to copy paste that to check it out. Just admit that your site doesn't even attempt to help people. It's just a money making scheme.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
microsoft access - xml 10 58
Transform XML to Excel using XSL 1 23
Authentication of Web Services 3 53
REReplaceNoCase help 1 17
New Relic recently released its Synthetics product that allows for the creation of performance monitors that periodically test a site's performance. If you wish to test an interactive workflow New Relic employs Selenium WebDriverJS to run those test…
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now