RE: Consume https web service with userid and password.

[John Rusling <jrusling@xxxxxxxxxxxxxxxxxxx>]

Thanks Mike, checking out the links..

SoapUI, after interrogating the wsdl, generated the request that included a nonce,
and I just pasted/pieced into rpg source, and it worked.

"(but it might take reading it more than once)" .. heh heh heh - yep.

John


-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mike Krebs
Sent: Friday, April 18, 2014 11:24 AM
To: HTTPAPI and FTPAPI Projects
Subject: RE: Consume https web service with userid and password.

I don't think the Nonce is an encrypted password. Nonces are usually used as part of a "conversation" to hold a value that helps ensure only that conversation (the login) is valid and when ended, it is no longer valid.

The wiki on cryptographic_nonce has a diagram that shows how it usually works and the description of it is pretty good (but it might take reading it more than once). 
http://en.wikipedia.org/wiki/Cryptographic_nonce

That said, I am surprised you could just fill in the Nonce and get it to work.

The authentication documents that describe the general process that web service is using are here:
http://docs.oasis-open.org/wss/2004/01/

From a quick read in the security one, implementations are flexible and open to interpretation.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------