WCF: Adding Nonce to UsernameToken?

To create the nonce, I had to change a few things.

To create the nonce, I had to change a few things First, added a custom binding in my config Then, take this code found here: social.msdn.microsoft.com/Forums/en-US/w... and modify it to create the nonce (just a random hash, base-64 encoded) protected override void WriteTokenCore(System.Xml. XmlWriter writer, System.IdentityModel.Tokens. SecurityToken token) { Random r = new Random(); string tokennamespace = "o"; DateTime created = DateTime.

Now; string createdStr = created. ToString("yyyy-MM-ddThh:mm:ss. FffZ"); string nonce = Convert.

ToBase64String(Encoding.ASCII. GetBytes(SHA1Encrypt(created + r.Next().ToString()))); System.IdentityModel.Tokens. UserNameSecurityToken unToken = (System.IdentityModel.Tokens.

UserNameSecurityToken)token; writer. WriteRaw(String. Format( "" + "" + unToken.

UserName + "" + "" + unToken. Password + "" + "" + nonce + "" + "" + createdStr + "", tokennamespace)); } protected String ByteArrayToString(byte inputArray) { StringBuilder output = new StringBuilder(""); for (int I = 0; I Append(inputArrayi. ToString("X2")); } return output.ToString(); } protected String SHA1Encrypt(String phrase) { UTF8Encoding encoder = new UTF8Encoding(); SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider(); byte hashedDataBytes = sha1Hasher.

ComputeHash(encoder. GetBytes(phrase)); return ByteArrayToString(hashedDataBytes); }.

Thanks for the answer. I'm not in the position to give it a go at the moment, but it seems ok, so I'll accept it. – snomag Nov 16 '10 at 9:48 May be an old answer, but it just may have solved a problem I'm having, talking to a Java shop's web service!

Thanks! The one missing piece was in the Microsoft page linked, after adding the custom behavior, the username and password have to be set (in the service. ClientCredentials.

UserName field) – John T Nov 16 at 20:56.

I had the same problem. Instead of the custom token serializer I used a MessageInspector to add the correct UsernameToken in the BeforeSendRequest method. I then used a custom behavior to apply the fix.

The entire process is documented (with a demo project) in my blog post Supporting the WS-I Basic Profile Password Digest in a WCF client proxy. Alternatively, you can just read the PDF. If you want to follow my progress through to the solution, you'll find it on StackOverflow titled, "Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme.

This article provides sample with full integration of UserNameToken Profile with digested password into WCF security pipeline.

And this answer lead me to be able to use a digest password :) – John T Nov 16 at 21:34.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.