• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

SOAP cfhttpparam header syntax

New Here ,
Jan 09, 2013 Jan 09, 2013

Copy link to clipboard

Copied

I need to make a secure SOAP request with Coldfusion , and I'm having trouble implementing the headers properly so the service can use it.


There are two structure examples I was given

Example 1:

This is a sample soap request:

POST /WebService/EmployerWebServiceV24.asmx HTTP/1.1

Host: stage.e-verify.uscis.gov

Content-Type: text/xml; charset=utf-8

Content-Length: length

SOAPAction: "https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection"

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />

  </soap:Body>

</soap:Envelope>

Example 2:

An example SOAP authentication HEADER would look something like:

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/2001/XMLSchema"

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

    <soap:Header>

        <wsse:Security soap:mustUnderstand="1">

            <wsse:UsernameToken namespaces>

                <wsse:Username>username</wsse:Username>

                <wsse:Password Type="type info">password</wsse:Password>

                <wsse:Nonce>nonce</wsse:Nonce>

                <wsu:Created>date created</wsu:Created>

            </wsse:UsernameToken>

        <wsse:Security>

    </soap:Header>

    <soap:Body>

        <WebServiceMethodName xmlns="Web Service Namespace" />

    </soap:Body>

</soap:Envelope>

Important:

I was able to create a successful connection to this web service without including header information.

To use other functions I need a properly working header which works.

This is my code for the successful connection without the headers. (So you can reproduce it)

<cfsavecontent variable="request_xml">

<cfoutput>

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />

  </soap:Body>

</soap:Envelope>

</cfoutput>

</cfsavecontent>

<!--- Make Request --->

<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">

  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />

  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />

  <cfhttpparam type="body" value="#trim(request_xml)#" />

</cfhttp>

<!--- Show Response --->

<cfdump var="#httpResponse#" label="httpResponse">

<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

PROBLEM:

When I insert my header into the request, then it throws me an error saying "code:InvalidSecurityToken"

(Replace cfsavecontent with this)

<!--- Define Nonce --->

<cfscript>

  strNonce = ToBase64(createUUID());

</cfscript>

<cfsavecontent variable="request_xml">

<cfoutput>

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Header>

    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsse:Username>myUsername</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>

            <wsse:Nonce>#strNonce#</wsse:Nonce>

            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>

        </wsse:UsernameToken>

    </wsse:Security>

  </soap:Header>

  <soap:Body>

    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />

  </soap:Body>

</soap:Envelope>

</cfoutput>

</cfsavecontent>

OTHER SOLUTIONS I HAVE TRIED:

I have tried to use createObject + AddSOAPRequestHeader + cfinvoke but nothing seems to work for me

WHAT I NEED

I need some ideas on how to get that secure header working using a cfhttp method.

After 8 hours of researching I have found nothing.


Views

2.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 12, 2013 Jan 12, 2013

Copy link to clipboard

Copied

LATEST

<cfscript>

  strNonce = ToBase64(createUUID());

</cfscript>

<cfsavecontent variable="request_xml">

<cfoutput>

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />

  </soap:Body>

</soap:Envelope>

</cfoutput>

</cfsavecontent>

<cfsavecontent variable="header_xml">

<cfoutput>

  <soap:Header>

    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsse:Username>myUsername</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>

            <wsse:Nonce>#strNonce#</wsse:Nonce>

            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>

        </wsse:UsernameToken>

    </wsse:Security>

  </soap:Header>

</cfoutput>

</cfsavecontent>

<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">

  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />

  <cfhttpparam type="header" name="security" value="#header_xml#"/>

  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />

  <cfhttpparam type="body" value="#trim(request_xml)#" />

</cfhttp>

<!--- Show Response --->

<cfdump var="#httpResponse#" label="httpResponse">

<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation