How to add security header to a SOAP message?

StackOverflow https://stackoverflow.com/questions/5833539

  •  27-10-2019
  •  | 
  •  

Question

I'm trying to consume a WebService written in Java by our provider from our C# App. When it's time to communicate, I get this:

WSDoAllReceiver: Incoming message does not contain required Security header

Since yesterday I'm trying to find out how to add security header to a SOAP message.

Yes, I read this ( Clueless about how to create SOAP <wsse:Security> header ) but it did not work.

I looked around and this seems to be a rather asked question. I wonder if I can get some help here, some pointers, some code, to get me started.

Was it helpful?

Solution

I actually managed to achieve that by using WSE. The funny thing is that the provider's Web Services would not work with WSE 3.0, but they did with WSE 2.0. Here are the steps

  • Get WSE 2.0
  • Add the Web Reference to the project
  • In the Web Reference proxy implementation:

Replace

public partial class UserWS : System.Web.Services.Protocols.SoapHttpClientProtocol

by 

public partial class UserWS : Microsoft.Web.Services2.WebServicesClientProtocol
  • Before calling the Web Service:

Set the authentication info

UsernameToken token = new UsernameToken("user", "pwd", PasswordOption.SendPlainText);
yourProxy.RequestSoapContext.Security.Tokens.Add(token);

And that's it! FYI, the provider is a Blackboard instance.

OTHER TIPS

Try this. No need to webreference and Web.Services2 implementation.

var client = "Your Service Client"; 
using (var scope = new OperationContextScope(client.InnerChannel))
{
    System.Xml.XmlDocument document = new XmlDocument();
    XmlElement element = document.CreateElement("wsse", "UsernameToken", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");

    XmlElement newChild = null;
    newChild = document.CreateElement("wsse", "Username", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    newChild.InnerText = "finance";
    element.AppendChild(newChild);

    newChild = document.CreateElement("wsse", "CorporationCode", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    newChild.InnerText = "387";
    element.AppendChild(newChild);

    MessageHeader messageHeader = MessageHeader.CreateHeader("UsernameToken", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", 
        element, false);

// shouldn't MessageHeader be Security?
//  MessageHeader messageHeader = MessageHeader.CreateHeader("Security", ...

    OperationContext.Current.OutgoingMessageHeaders.Add(messageHeader);

    var result = client.GetCorporations(new CorporationType { pageNo = 1 });
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top