implementing Ws-security within WCF proxy

Question

I have imported an axis based wsdl into a VS 2008 project as a service reference.

I need to be able to pass security details such as username/password and nonce values t

Answer 1

In order to call these kind of services, you will typically use either basicHttpBinding (that's SOAP 1.1 without WS-* implementations) or then wsHttpBinding (SOAP 1.2, with WS-* implementations).

The main issue will be getting all the security parameters right. I have a similar web service (Java-based) that I need to call - here's my settings and code:

app./web.config

<system.serviceModel>
   <bindings>
      <basicHttpBinding>
         <binding name="SoapWithAuth" useDefaultWebProxy="false">
            <security mode="TransportCredentialOnly">
              <transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
            </security>
         </binding>
      </basicHttpBinding>
   </bindings>
   <client>
    <endpoint name="SoapWithAuth"
                  address="http://yourserver:port/YourService"
                  binding="basicHttpBinding" 
                  bindingConfiguration="SoapWithAuth"
                  contract="IYourService" />
   </client>
</system.serviceModel>

and then in your client's code when calling the service, you need this snippet of code:

IYourServiceClient client = new IYourServiceClient();

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "top-secret"; 

Does that help at all?

Answer 2

The WCF client proxy doesn't support the password digest option. The only way to do this is to build the UsernameToken yourself and then inject it into the SOAP headers before the message is sent.

I had a similar problem which is described here, which should be enough to help you solve your same issue.

I ended up using the old WSE3.0 library for the UsernameToken, rather than coding the hashing algorithm myself and then using a custom behavior to alter the SOAP headers.