-
Notifications
You must be signed in to change notification settings - Fork 0
Basic SOAP Authentication
Tobias Bittner edited this page Jan 12, 2021
·
2 revisions
In the following the scheme of a basic SOAP Digest authentication (as specified in RFC 2069) is explained, digest in this case simply means, that we will work with multiple rounds of (MD5-)hashing.
At first we start with 6 strings, which are:
- the username
- the password
- the realm, given by the server
- the request-method we used (e.g. GET or POST)
- the URI we want to access
- the nonce, given by the server
The first Md5-Hash we calculate from the username, the realm and the password, all separated by a colon, like so (pseudo code):
hash1 = md5(username + ":" + realm + ":" + password)The second hash is calculated from the method (often uppercase) and the URI, also separated by a semicolon:
hash2 = md5(method + ":" + uri)The last hash no combines the first to and includes the nonce:
response = md5(hash1 + ":" + nonce + ":" +hash2)Note: The MD5 hashes must always be in their hexadecimal string representation.
The response hash can now be send to the server.
© 2021 Tobias Bittner