Skip to main content
T
totalpackage612
Participant
January 9, 2013
Question

SOAP cfhttpparam header syntax

  • January 9, 2013
  • 1 reply
  • 2095 views

I need to make a secure SOAP request with Coldfusion , and I'm having trouble implementing the headers properly so the service can use it.


There are two structure examples I was given

Example 1:

This is a sample soap request:

POST /WebService/EmployerWebServiceV24.asmx HTTP/1.1
Host: stage.e-verify.uscis.gov
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>

Example 2:

An example SOAP authentication HEADER would look something like:

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header>
        <wsse:Security soap:mustUnderstand="1">
            <wsse:UsernameToken namespaces>
                <wsse:Username>username</wsse:Username>
                <wsse:Password Type="type info">password</wsse:Password>
                <wsse:Nonce>nonce</wsse:Nonce>
                <wsu:Created>date created</wsu:Created>
            </wsse:UsernameToken>
        <wsse:Security>
    </soap:Header>
    <soap:Body>
        <WebServiceMethodName xmlns="Web Service Namespace" />
    </soap:Body>
</soap:Envelope>

Important:

I was able to create a successful connection to this web service without including header information.

To use other functions I need a properly working header which works.

This is my code for the successful connection without the headers. (So you can reproduce it)

<cfsavecontent variable="request_xml">
<cfoutput>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>
</cfoutput>
</cfsavecontent>
<!--- Make Request --->
<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">
  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />
  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />
  <cfhttpparam type="body" value="#trim(request_xml)#" />
</cfhttp>
<!--- Show Response --->
<cfdump var="#httpResponse#" label="httpResponse">
<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

PROBLEM:

When I insert my header into the request, then it throws me an error saying "code:InvalidSecurityToken"

(Replace cfsavecontent with this)

<!--- Define Nonce --->
<cfscript>
  strNonce = ToBase64(createUUID());
</cfscript>
<cfsavecontent variable="request_xml">
<cfoutput>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>myUsername</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>
            <wsse:Nonce>#strNonce#</wsse:Nonce> 
            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />
  </soap:Body>
</soap:Envelope>
</cfoutput>
</cfsavecontent>

OTHER SOLUTIONS I HAVE TRIED:

I have tried to use createObject + AddSOAPRequestHeader + cfinvoke but nothing seems to work for me

WHAT I NEED

I need some ideas on how to get that secure header working using a cfhttp method.

After 8 hours of researching I have found nothing.


This topic has been closed for replies.

1 reply

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
January 12, 2013

<cfscript>

  strNonce = ToBase64(createUUID());

</cfscript>

<cfsavecontent variable="request_xml">

<cfoutput>

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

    <EmpCpsVerifyConnection xmlns="https://www.vis-dhs.com/EmployerWebService/" />

  </soap:Body>

</soap:Envelope>

</cfoutput>

</cfsavecontent>

<cfsavecontent variable="header_xml">

<cfoutput>

  <soap:Header>

    <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

        <wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsse:Username>myUsername</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0##PasswordText">myPassword</wsse:Password>

            <wsse:Nonce>#strNonce#</wsse:Nonce>

            <wsu:Created>#Dateformat(Now(),'yyyy-mm-ddThh:mm:ss')#Z</wsu:Created>

        </wsse:UsernameToken>

    </wsse:Security>

  </soap:Header>

</cfoutput>

</cfsavecontent>

<cfhttp url="https://stage.e-verify.uscis.gov/WebService/EmployerWebServiceV24.asmx?wsdl" method="post" result="httpResponse">

  <cfhttpparam type="header" name="SOAPAction" value="https://www.vis-dhs.com/EmployerWebService/EmpCpsVerifyConnection" />

  <cfhttpparam type="header" name="security" value="#header_xml#"/>

  <cfhttpparam type="header" name="accept-encoding" value="no-compression" />

  <cfhttpparam type="body" value="#trim(request_xml)#" />

</cfhttp>

<!--- Show Response --->

<cfdump var="#httpResponse#" label="httpResponse">

<cfdump var="#xmlParse( httpResponse.fileContent )#" label="soapResponse">

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices