SOAP API HTTPS - 与经典 ASP 连接 [英] SOAP API HTTPS - Connecting with Classic ASP
问题描述
我知道有很多关于将经典 ASP 客户端连接到 SOAP Web 服务的讨论,但我对连接到启用 HTTPS 的 SOAP 服务很感兴趣.
I know there are plenty of discussions relating to connecting a classic ASP client to a SOAP web service, but I'm interesting in connecting to a HTTPS enabled SOAP service.
我们有一个用 WCF 编写的现有 SOAP Web 服务,它工作得很好……适用于 .NET 客户端.我们收到了一位新客户的请求,我们使用经典 ASP - 我们如何连接到您的 Web 服务 API?"我不知道从哪里开始,我开始意识到我不知道实际 SOAP 消息的结构是什么.
We have an existing SOAP Web service written in WCF and it works great...for .NET clients. We've had a request from a new customer, "We use classic ASP - how do we connect to your Web Service API?" I didn't have a clue where to start, and it started to dawn on me that I had no idea what the structure of the actual SOAP messages are.
我在网络上看到了经典 ASP 与 SOAP Web 服务聊天的示例,但没有一个通过 HTTPS 交换消息.我们在 WCF 绑定上使用消息级别的安全性.
I've seen the examples of classic ASP chatting to SOAP web services on the web, but none which exchange messages over HTTPS. We're using message level security on the WCF bindings.
这是一个失败的原因 - WS-Security 会阻止经典 ASP 与 HTTPS SOAP 服务交互吗?
Is this a lost cause - does WS-Security prevent classic ASP from interfacing with a HTTPS SOAP Service?
提前致谢.
推荐答案
经过一番调查,我想出了以下几点:
After a bit of investigation I came up with the following:
WCF 消息安全不能与经典 ASP 一起使用
WCF Message security can't be used with classic ASP
我在具有以下绑定的服务上创建了第二个端点:
I created a second endpoint on the service which had the following bindings:
<basicHttpBinding>
<binding name="SecureBasic" >
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>"
关于这个的几点说明 -
Few notes about this -
您需要使用 HTTPS(即安装自我证书)
You'll need to use HTTPS (i.e. install a self-certificate)
这不是在 Internet 上使用的首选安全方法 - 理想情况下,您应该使用消息安全.
It's not the preffered method of security to use over the internet - ideally you should use Message security.
我使用客户用户名和密码验证器来验证客户端请求
I used a customer username and password validator to authentciate the client request
以下 ASP 代码可以很好地调用此服务:
The following ASP code works well calling this service:
soapServer = "YourSOAPAddress"
soapMessage = "Put Your SOAP Message in here use Charlies / Fiddler to determine the message"
Set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP.3.0")
xmlhttp.setOption(2) = 13056
xmlhttp.open "POST", soapServer, False
xmlhttp.setRequestHeader "SOAPAction", "urn:Alpha.Services.API.DeviceService/IDeviceService/GetDevices"
xmlhttp.setRequestHeader "Content-Type", "text/xml; charset=utf-8"
xmlhttp.send(soapMessage)
Response.Write "<br>Finished calling Web Service."
Response.Write "<br>Status = " & xmlhttp.statusText
Response.Write "<br>ResponseText = " & xmlhttp.responseText
对于使用不支持 WS-Security 的语言(例如 ASP)的客户端系统,这是一种可能的解决方案.
For client systems that use a language that does not support WS-Security (such as ASP) this is one possible solution.
这篇关于SOAP API HTTPS - 与经典 ASP 连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
