Solved

How to send client certificate along with SOAP request in Classic ASP?

Posted on 2014-10-10
8
666 Views
Last Modified: 2016-02-16
I have a Classic ASP application and now we are including the online Payment functionality.
The Payment Provider has given us the WEB Service and also a Certificate that we need to present for authentication along with the Payment Requests we send from our application.
How do I use this certificate in Classic ASP code to send the SOAP Request using XMLServerHTTP?
Are there any better methods using Classic ASP to accomplish this.
I know it is pretty old technology, but that is what we have to live with just for this project.

Thanks in Advance.
spraocs
0
Comment
Question by:spraocs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 200 total points
ID: 40373146
I have a sample soap call below.  But when you say certificate, do you mean an ssl certificate?  or are they talking about some form of authenticating?  What gateway are you using?

http:Q_28293687.html#a39646834
function searchTransactions(SalesOrderID, clientip,hash,seed,hashtype,sourcekey,SalesOrderID )

' build the xml 

strRequest =""
strRequest =strRequest&"<?xml version=""1.0"" encoding=""UTF-8""?>"
strRequest =strRequest&"<SOAP-ENV:Envelope xmlns:SOAP-ENV=""http://schemas.xmlsoap.org/soap/envelope/"" "
strRequest =strRequest&"xmlns:ns1=""urn:usaepay"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"" "
strRequest =strRequest&"xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" "
strRequest =strRequest&"xmlns:SOAP-ENC=""http://schemas.xmlsoap.org/soap/encoding/"" "
strRequest =strRequest&"SOAP-ENV:encodingStyle=""http://schemas.xmlsoap.org/soap/encoding/"">"
strRequest =strRequest&"<SOAP-ENV:Body>"

strRequest =strRequest&"<ns1:searchTransactions> "

strRequest =strRequest&"<Token xsi:type=""ns1:ueSecurityToken"">"
strRequest =strRequest&"<ClientIP xsi:type=""xsd:string"">"& clientip &"</ClientIP>"
strRequest =strRequest&"<PinHash xsi:type=""ns1:ueHash"">"
strRequest =strRequest&"<HashValue xsi:type=""xsd:string"">"& hash &"</HashValue>"
strRequest =strRequest&"<Seed xsi:type=""xsd:string"">"& seed &"</Seed>"
strRequest =strRequest&"<Type xsi:type=""xsd:string"">"& hashtype &"</Type>"
strRequest =strRequest&"</PinHash>"
strRequest =strRequest&"<SourceKey xsi:type=""xsd:string"">"& sourcekey &"</SourceKey>"
strRequest =strRequest&"</Token>"

strRequest =strRequest&"<Search SOAP-ENC:arrayType=""ns1:SearchParam[1]"" xsi:type=""ns1:SearchParamArray""> "
strRequest =strRequest&"<item xsi:type=""ns1:SearchParam""> "
strRequest =strRequest&"<Field xsi:type=""xsd:string"">Invoice</Field> "
strRequest =strRequest&"<Type xsi:type=""xsd:string"">eq</Type> "
strRequest =strRequest&"<Value xsi:type=""xsd:string"">"&SalesOrderID&"</Value> "
strRequest =strRequest&"</item> "
strRequest =strRequest&"</Search> "
strRequest =strRequest&"<MatchAll xsi:type=""xsd:boolean"">true</MatchAll> "
strRequest =strRequest&"<Start xsi:type=""xsd:integer"">0</Start> "
strRequest =strRequest&"<Limit xsi:type=""xsd:integer"">10</Limit>" 
strRequest =strRequest&"<Sort xsi:type=""xsd:string"">created</Sort> "

strRequest =strRequest&"</ns1:searchTransactions> "

strRequest =strRequest&"</SOAP-ENV:Body> "
strRequest =strRequest&"</SOAP-ENV:Envelope>"



Dim objXMLHTTP
set objXMLHTTP = Server.CreateObject("MSXML2.ServerXMLHTTP.3.0")

strURL = PostToUrl


objXMLHTTP.setTimeouts 10000, 60000 , 60000, 360000 
   objXMLHTTP.open "POST", "" & strURL & "" , False
   objXMLHTTP.setRequestHeader "Content-Type", "text/xml; charset=utf-8"
   objXMLHTTP.setRequestHeader "Content-Length", Len(strRequest)
   objXMLHTTP.send(strRequest)
   strResult = objXMLHTTP.responseText



' get the response
   
dim getCustPayMethText
   getCustPayMethText=strResult
    Set objReturn = CreateObject("MSXML2.DOMDocument.3.0")
    objReturn.loadXML objXMLHTTP.responseText


' parse the response

if not objReturn.getElementsByTagName("TransactionsMatched").Item(0) is Nothing  then
	TransactionsMatched=			objReturn.getElementsByTagName("TransactionsMatched").Item(0).text
	else
	TransactionsMatched="0"
end if
if cdbl(TransactionsMatched)>0 then
for x = 0 to cint(TransactionsMatched)-1

if not objReturn.getElementsByTagName("RefNum").Item(x) is Nothing  then
	RefNum=			objReturn.getElementsByTagName("RefNum").Item(x).text
	else
	RefNum="N/A"
end if

if not objReturn.getElementsByTagName("Result").Item(x) is Nothing  then
	Result=			objReturn.getElementsByTagName("Result").Item(x).text
	else
	Result="N/A"
end if

if not objReturn.getElementsByTagName("ResultCode").Item(x) is Nothing  then
	ResultCode=			objReturn.getElementsByTagName("ResultCode").Item(x).text
	else
	ResultCode="N/A"
end if

if not objReturn.getElementsByTagName("CardNumber").Item(x) is Nothing  then
	CardNumber=			objReturn.getElementsByTagName("CardNumber").Item(x).text
	else
	CardNumber="NA/A"
end if

if not objReturn.getElementsByTagName("TransactionType").Item(x) is Nothing  then
	TransactionType=			objReturn.getElementsByTagName("TransactionType").Item(x).text
	else
	TransactionType="0"
end if

searchTransactions="TransactionsMatched,"&"RefNum,"&"Result,"&"ResultCode,"&"CardNumber,"&"TransactionType"&

end Function

Open in new window

0
 
LVL 33

Accepted Solution

by:
Big Monty earned 300 total points
ID: 40373151
to set up a SOAP object,, first create a xmlHTTP object like so:

Dim objXMLHTTP
set objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")

Open in new window


to set your certificate, you need to use the setOption method:

dim SXH_OPTION_SELECT_CLIENT_SSL_CERT : SXH_OPTION_SELECT_CLIENT_SSL_CERT = 3
objXMLHTTP.setOption SXH_OPTION_SELECT_CLIENT_SSL_CERT, "LOCAL_MACHINE\<path to certificate>"

Open in new window


next, you need to make the call to the URL:

objXMLHTTP.open "post", "https://www.abc.com"

Open in new window


once completed, send over your request:

dim msg : msg = "your request data goes here"
Call objXMLHTTP.send( msg ) 

Open in new window


and if you want to get your result, you would use the ResponseText property:

dim strResult : strResult = objXMLHTTP.responseText
Response.Write strResult

Open in new window


make sure you follow these instructions to make sure your certificate is installed properly

Use this page as a reference to all of the code above
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 40373157
One thing to note, in classic asp, you have to build the xml as I did in my sample, then send that xml through the xmlhttpost.

What may be an easier route is to use php JUST FOR SENDING PAYMENT and code that on a separate page.   Many gateways  have sample code and libraries in php ready to go. Then you can just post to the php page and let it do all the work.

If you are using authorize.net, they have sample code in multiple languages including classic asp http://developer.authorize.net/downloads/samplecode/
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:spraocs
ID: 40375101
Thank you very much Scott Fell and Big Monty for a detailed information about this. I have earlier worked on an ASP classic website that consumed a web service. However, that was much simpler than what I am currently doing now. That was a direct web service call without a certificate.

Now I have to use a x509 certificate that I need to present while sending the SOAP requests. Thanks to Big Monty for providing the necessary code to set the certificate. And I see that both of you have pointed to the article that tells how to install the client certificate on IIS.

I used setOptions in my code and now I get the message

msxml6.dll error '80072f0c'

A certificate is required to complete client authentication

I have a few more details and questions now.

I am running the application on a Windows 2008 R2 server with IIS 7.5. The version of MSXML on the server is 6

Is the client certificate installation methods you provided applicable to the above scenario? I haev imported the certificate and it is in the 'Other People' Store. There is a 'Personal' store but I don't see a 'My' store as mentioned in some of the other examples I searched.

So, I want to start with the most appropriate thing to do here. Is it certificate installation or checking the IIS settings or something else?

Thanks
Pandu
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 40375112
That is something different. I have only done this in PHP with a framework.  In classic asp you will need to build the xml.

I think it will be dependent in part on the api you are using.  But the sample would be
<wsse:Security
         xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
  <wsse:BinarySecurityToken
          ValueType="wsse:X509v3"
          EncodingType="wsse:Base64Binary">
     Hg6GHjis1 ...  
  </wsse:BinarySecurityToken>
</wsse:Security>

Open in new window

referenced from http://msdn.microsoft.com/en-us/library/ff648643.aspx
0
 
LVL 1

Author Comment

by:spraocs
ID: 40380640
Thanks Scott, Are you saying that I need to include the certificate manually as a string like how we see it when we open it in a notepad?

And, where should I include this? Here is my sample soap request code built.

        SampleCall = "<soap:Envelope xmlns:soap=""http://www.w3.org/2003/05/soap-envelope"" xmlns:samp=""http://www.testwebsite.com/epayments/ws/schemas/samplecall"">" _
        & "<soap:Header></soap:Header>" _
        & "<soap:Body>" _
        & "<samp:SampleCallRequest/>" _
        & "</soap:Body>" _
        & "</soap:Envelope>"
0
 
LVL 1

Author Comment

by:spraocs
ID: 40381096
I tried to include the wsse:security as you mentioned above and also included the text of the certificate. I could be wrong here. But, that is not working.
0
 
LVL 1

Author Closing Comment

by:spraocs
ID: 40581104
The issue is resolved. The problem was in the certificate installation. It worked after installing the certificate into correct certificate store.
Thanks
spraocs
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Select case on click 3 27
Html Table Looping (part 2) 5 35
Prevent certain words from being typed in a form 6 31
Boolean 13 28
These instructions are based on installing Owncloud on your new raspberry pi connected with a usb HDD. What do you need Part A? A Raspberry Pi, model B. A boot SD card for the Raspberry Pi. A usb HDD An Ethernet cable to connect to the lo…
Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question