[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Consume https web service with userid and password.
Thanks Mike, checking out the links..
SoapUI, after interrogating the wsdl, generated the request that included a nonce,
and I just pasted/pieced into rpg source, and it worked.
"(but it might take reading it more than once)" .. heh heh heh - yep.
John
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Mike Krebs
Sent: Friday, April 18, 2014 11:24 AM
To: HTTPAPI and FTPAPI Projects
Subject: RE: Consume https web service with userid and password.
I don't think the Nonce is an encrypted password. Nonces are usually used as part of a "conversation" to hold a value that helps ensure only that conversation (the login) is valid and when ended, it is no longer valid.
The wiki on cryptographic_nonce has a diagram that shows how it usually works and the description of it is pretty good (but it might take reading it more than once).
http://en.wikipedia.org/wiki/Cryptographic_nonce
That said, I am surprised you could just fill in the Nonce and get it to work.
The authentication documents that describe the general process that web service is using are here:
http://docs.oasis-open.org/wss/2004/01/
From a quick read in the security one, implementations are flexible and open to interpretation.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------