WCF client configuration for 3rd party SOAP 1.1 service with plain text username credentials over SSL

浪子不回头ぞ 提交于 2019-12-07 10:05:19

问题


I am trying to connect to a third party SOAP 1.1 service that requires SSL security and username/password credentials. An example of what is expected is:

<soapenv:Header>
    <wsse:Security>
        <wsse:UsernameToken>
            <wsse:Username>username</wsse:Username>
            <wsse:Password>password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

My client configuration is as follows:

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="thirdpartyservicebindingconfig">
                <security mode="TransportWithMessageCredential">
                    <message clientCredentialType="UserName"
                             algorithmSuite="Default" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://..." 
                  binding="basicHttpBinding"
                  bindingConfiguration="thirdpartyservicebindingconfig"
                  contract="thirdpartyservicecontract" 
                  name="thirdpartyserviceendpoint" />
    </client>
</system.serviceModel>

Service client code is:

var client = new thirdpartyservicecontractclient();

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";

var result = client.DoSomething();

I'm getting the following fault exception message:

Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security..

EDIT:
If I reconfigure security mode to "Transport":
<security mode="TransportWithMessageCredential">
I get an error from the third party service:

com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found.

How can I configure my client to connect to this service?

  • WS Security using plain text passwords over SSL

回答1:


It just so happens Rick Strahl had the same problem. Here's the link to his blog post describing and solving the problem.

Issue:

The issue is that WCF expects a TimeStamp Soap header in the response. If you look at the outbound response and the Soap headers you'll see that there's a timestamp there. The timestamp is expected to be returned on the return Soap response. Note that this is not a requirement of WS-Security so WCF is doing something 'special' here that is in effect breaking this service call.

Solution:

BindingElementCollection elements = client.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;
client.Endpoint.Binding = new CustomBinding(elements);

The above code modifies the Binding configuration by explicitly removing the Timestamp from the outbound call which removes the requirement for the server to return it. And this makes WCF happy and the call goes through.



来源:https://stackoverflow.com/questions/12026768/wcf-client-configuration-for-3rd-party-soap-1-1-service-with-plain-text-username

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!