Set security for a standard Web Service

Relevant for: API testing only

This task describes how to configure security settings for a standard Web Service. This mode lets you define the HTTP transport information and security elements such as tokens.

Create a Web Service scenario

  1. Open the Security Settings dialog in one of the following ways:

    • To set security on a port level, right-click a Web Service port in the Toolbox and choose Security Settings.

    • To set security for a specific Web Service step already on the canvas, select the step and open the Security Settings tab in the Properties pane. Clear the use the port's security settings option.

    • For a SOAP Request step, click the Security Settings tab in the Properties pane.

  2. In the Security Settings dialog box, select Web Service from the Service Details dropdown list (default).

  3. Back to top

Configure the HTTP settings

In the main window of the Security Settings dialog box, select the HTTP tab, and set the transport and proxy information.

Back to top

Add transport level security using TLS

Use TLS protocol to secure your Web Service in your API test.

Note: TLS 1.3 is not supported on Windows 7, Windows Server 2016, and Windows Server 2012.

To secure a Web Service with TLS 1.0, 1.1, or 1.2 on a Windows OS

  1. Select a Web Service step already on the canvas and open the Event tab in the Properties pane.

  2. In the Event tab, in the BeforeExecuteStepEvent row, click the down arrow and select Create a default handler.

    The TestUserCode.cs tab opens in the document pane, and a section of code is added to this file for the BeforeExecuteStepEvent event.

  3. In the TestUserCode.cs tab, import System.Net and System.Net.Security.

    The imported code should look like this:

  4. Within the brackets, replace the //TODO: Add your code here... string with a statement that instructs UFT One to use the TLS protocol and specifies the version to use:

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls<version>

    Note:  

    • To specify TLS 1.0, use an empty version string.

    • To specify TLS 1.1, use the version string 11.

    • To specify TLS 1.2, use the version string 12.

To secure a Web Service with TLS 1.3 on Windows 10 or 11

  1. To run your API test on Windows 10, create DWORD registry values "Enabled" and "DisabledByDefault" in the following registry path:

    Registry path:

    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client

    For detailed information, see TLS, DTLS, and SSL protocol version settings.

  2. Select a Web Service step already on the canvas and open the Event tab in the Properties pane.

  3. In the Event tab, in the BeforeExecuteStepEvent row, click the down arrow and select Create a default handler.

    The TestUserCode.cs tab opens in the document pane, and a section of code is added to this file for the BeforeExecuteStepEvent event.

  4. In the TestUserCode.cs tab, import System.Net and System.Net.Security.

    The imported code should look like this:

  5. Within the brackets, replace the //TODO: Add your code here... string with a statement that instructs UFT One to use the TLS protocol:

    ServicePointManager.SecurityProtocol = SecurityProtocolType.SystemDefault;

    Note: We recommend that you use SystemDefault instead of directly specifying the TLS version.

Back to top

Add message level security with a Username Token

To send a message level username/password token (a UserName token):

  1. In the Security Settings dialog box, from the Service Details dropdown list, select the Web Service scenario.

  2. In the main part of the Security Settings dialog box, click the WS-Security tab.

  3. In the WS-Security tab, click the Add Token button and add a Username token.

  4. In the lower pane, customize the token details, such as username and password.

Back to top

Add message level security by signing with an X.509 Certificate

  1. In the Security Settings dialog box, select the Web Service scenario from the Service Details dropdown list.

  2. In the main part of the Security Settings dialog box, click the WS-Security tab.

  3. In the WS-Security tab, click the Add Token button and select X509 Certificate from the dropdown list

  4. In the lower pane, enter the token name.

  5. Click the Browse button to navigate to your certificate file. The certificate must be installed in the Windows certificate store.

  6. Select a Reference type. Since this token is used for a signature, the most common type is BinarySecurityToken.

  7. Click the Add Message Signature button .

  8. In the Signing Token dropdown list, select the token you entered in the previous steps.

  9. To sign a specific element with the certificate, scroll down to the XPath field and provide an XPath expression.

    You cannot use an XPath expression to sign a timestamp or token that is under the security element of a SOAP request.

    • To sign a SOAP Body, Timestamp, or WS-Addressing, select the check box in the Predefined parts area.

    • To sign tokens within the security element, select a token in the Token (optional) field, in the What to sign area.

    Note: The certificate needs to be installed in the Windows certificate store. In the example above, you need to set the actual store name, store location, and subject name of your certificate.

Back to top

Encrypt a Web service message using a Certificate

To encrypt a message using a service certificate:

  1. In the Security Settings dialog box, select the Web Service scenario from the Service Details dropdown list,

  2. In the main part of the Security Settings dialog box, select the WS-Security tab.

  3. In the WS-Security tab, click the Add Token button and select the appropriate token from the Security Token drop down list.

  4. Enter token name and set the token or certificate properties.

  5. Click the Add Message Encryption button . In the drop down list, select the token you created in the previous steps.

  6. Scroll down to the XPath field. Enter an XPath expression to the elements to encrypt, for example: // *[local-name(.)='Body'].

Back to top

Send a username token and encrypt the token with an X.509 Certificate

The following section describes how to send a Username token to the service and encrypt it with the server's X.509 certificate:

  1. In the Security Settings dialog box, select the Web Service scenario from the Service Details dropdown list.

  2. In the main part of the Security Settings dialog box, select the WS-Security stab.

  3. In the WS-Security tab, click the Add Token button and select Username Token from the Security Token drop down list.

  4. In the lower pane, Provide the token details for the Username token.

  5. Click the Add Token button again and select X509 Certificate Token from the Security Token drop down list.

  6. In the lower pane, enter the token details to reference the server's public certificate. Since this token is used for encryption, use Reference as the Reference type.

  7. Click the Add Message Encryption button . In the drop down list, select the X.509 token you created in the previous steps.

  8. To encrypt a specific message, scroll down to the XPath field. Enter an XPath expression, for example:, // *[local-name(.)='Body'].

Back to top

Configure the WS-Addressing (optional)

  1. In the main pane of the Security settings dialog box, click the WS-Addressing tab.

  2. In the WS-Addressing tab, select the relevant version or None if WS-Addressing is not used.

  3. In the Reply to field, provide an alternate destination.

Back to top