Click here to Skip to main content
13,797,500 members
Rate this:
Please Sign up or sign in to vote.
See more:
I am working on a project that would consume a 3rd party web service for certain functionality. We have got 2 WSDL files 1) WSDL file related to security token service 2) WSDL file related to certain functionality that our application uses. We are also provided with client certificate in PKCS-12 format, which they say is used by Security Token Service system to generate run time tokens for accessing their service.

We have also been informed that during run time the authorization token issued by Security Token Service system should be requested by our application using SOAP libraries and WS-TRUST protocols and also they mention some SOAP libraries will automatically request this token and pass it to service using WS-TRUST protocols.

Can anyone please suggest on below questions and help me understand concepts on certificate file and authorization tokens.

1) As per their documentation, is there any SOAP library which can automatically request service token and pass into actual service.? 2) How should the certificate be passed using SOAP to generate security token?

What I have tried:

Since am new to security concepts, I have been trying to research on this for quite a long time but couldn't find relevant information.
Posted 10-Jan-17 1:09am
Updated 10-Jan-17 1:51am

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Hope you are calling the third party web service from your server end, your integration should look like;

[Browser] ---[your server]---when token not present---[third party security toke service]
[Browser] ---[your server]---when token present---[third party service]

your server should use a http-client to call the third party service, where you should add the certificate when calling the security token service. This should return a token which should be set in your browser cookies.

code snippet:
WebRequestHandler handler = new WebRequestHandler();
X509Certificate2 certificate = GetMyX509Certificate();
HttpClient client = new HttpClient(handler);
AbishekAlva 10-Jan-17 7:02am
Thank you for your response Anup. My application is a windows based application which is integrated with 3rd party application for certain functionality. Since the 3rd party has come up with hosted service, we need to modify our design to handle this hosted service. So we need to pass in the certificate provided by them, that is installed in our system to get the authorization token which in turn is used to access their service for desired functionality.
anup.bhunia 10-Jan-17 7:35am
in that case you could keep the security token, once generated in your application memory to avoid overhead of generating it everytime you call the actual service.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Cookies | Terms of Service
Web04 | 2.8.181207.3 | Last Updated 10 Jan 2017
Copyright © CodeProject, 1999-2018
All Rights Reserved.
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100