Hi, I'm working on a creating a secure web service with
Tomcat/Axis/wss4j and an associated client with .NET 1.1 and WSE2. I
have a few questions:
1. Is there a tutorial available that describes accessing authenticated
and encrypted wss4j web services from .NET? Most tutorials I've found
assume Axis is being used to consume the service?
2. When following the main wss4j tutorial for adding Username token
authentication, I ran into the following strange scenario:
Using the requestFlow and PWCallback examples from the tutorial, I've
set up a web service that requires username 'wss4j' and password
'security'. When accessing this service from .NET, things behave
differently given the scenario:
- Token sent with password hashed: When the password is correct, the
service works; when the password is incorrect, the service doesn't work
and throws an exception. This is the expected behavior.
- Request sent without a token: Exception thrown. This is the expected
behavior.
- Token sent with password as plaintext: When I do this it works *even
when the password is incorrect*. How can this be prevented?
Thanks so much for the help,
-Joshua Kuritzky
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
