WCF client configuration for 3rd party SOAP 1.1 service with plain text username credentials over SSL
https://stackoverflow.com/questions/12026768
-
27-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to connect to a third party SOAP 1.1 service that requires SSL security and username/password credentials. An example of what is expected is:
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
My client configuration is as follows:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="thirdpartyservicebindingconfig">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"
algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://..."
binding="basicHttpBinding"
bindingConfiguration="thirdpartyservicebindingconfig"
contract="thirdpartyservicecontract"
name="thirdpartyserviceendpoint" />
</client>
</system.serviceModel>
Service client code is:
var client = new thirdpartyservicecontractclient();
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
var result = client.DoSomething();
I'm getting the following fault exception message:
Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security..
EDIT:
If I reconfigure security mode to "Transport":
<security mode="TransportWithMessageCredential">
I get an error from the third party service:
com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found.
How can I configure my client to connect to this service?
- WS Security using plain text passwords over SSL
Solution
It just so happens Rick Strahl had the same problem. Here's the link to his blog post describing and solving the problem.
Issue:
The issue is that WCF expects a TimeStamp Soap header in the response. If you look at the outbound response and the Soap headers you'll see that there's a timestamp there. The timestamp is expected to be returned on the return Soap response. Note that this is not a requirement of WS-Security so WCF is doing something 'special' here that is in effect breaking this service call.
Solution:
BindingElementCollection elements = client.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;
client.Endpoint.Binding = new CustomBinding(elements);
The above code modifies the Binding configuration by explicitly removing the Timestamp from the outbound call which removes the requirement for the server to return it. And this makes WCF happy and the call goes through.
