Stuck connecting to remote SOAP service with credentials
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.
Connection is OK when using SoapUI.
Connection is KO when calling from my .net application.
Errors : The username is not provided. Specify username in ClientCredentials.
My application and the remote application are both running on IIS.
Here is the remote binding :
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
SoapUI works with the following configuration :
- Authorization : Basic
- Username: DOMAINusername
- Password : pwd
- Pre-Emptive authentication
When I check the raw request from SoapUI, it's sending this :
POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
Content-Length: 1371
Host: proxy-int.part.lan.net
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
<wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
<wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
<wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://UIR/getUser</wsa:Action>
</soap:Header>
<soap:Body>
<v2:getUser>
<!--Optional:-->
<v2:id>200785</v2:id>
</v2:getUser>
</soap:Body>
</soap:Envelope>
Everything above is working.
Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.
Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :
- a SOAP header
<wsse:Security />
- a Authorization: Basic http header.
Here are the details of the implementation.
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
</basicHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="LocalWsBehavior">
<callbackDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<localSecurity/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
<!--<headers>
<wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
<wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
<wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
<wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>-->
</client>
</system.serviceModel>
Down the chain of c# class, we find this code :
void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
{
// nothing to do here
}
object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
{
SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
request.Headers.Add(header);
HttpRequestMessageProperty httpRequestMessage;
object httpRequestMessageObject;
if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
{
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
{
httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
}
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
else
{
httpRequestMessage = new HttpRequestMessageProperty();
httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
return header.Id;
}
The resulting SOAP envelope at the remote server side* is this :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
<a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
<wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
<wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
<wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
</s:Header>
<s:Body>
<getUser xmlns="http://url">
<id>200472</id>
</getUser>
</s:Body>
</s:Envelope>
I have followed many blog and documentation to make it until this point and I am still stuck :D
*To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.
I tried to play with the bindings configuration but no luck so far.
- What is wrong with my current configuration ?
- With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)
The username is not provided. Specify username in ClientCredentials.An error occurred when verifying security for the message. - With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :
the error :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
Many thanks for having read so far :)
Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.
Edit : The calling binding was wrong, it is now :
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
With that new binding my error is now :
{"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}
I find no content about this error, what is happening :/
Edit : Solved the error by re-adding establishSecurityContext="false"
in the binding.
Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config
It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.
wcf soap binding soapui wcf-binding
add a comment |
I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.
Connection is OK when using SoapUI.
Connection is KO when calling from my .net application.
Errors : The username is not provided. Specify username in ClientCredentials.
My application and the remote application are both running on IIS.
Here is the remote binding :
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
SoapUI works with the following configuration :
- Authorization : Basic
- Username: DOMAINusername
- Password : pwd
- Pre-Emptive authentication
When I check the raw request from SoapUI, it's sending this :
POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
Content-Length: 1371
Host: proxy-int.part.lan.net
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
<wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
<wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
<wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://UIR/getUser</wsa:Action>
</soap:Header>
<soap:Body>
<v2:getUser>
<!--Optional:-->
<v2:id>200785</v2:id>
</v2:getUser>
</soap:Body>
</soap:Envelope>
Everything above is working.
Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.
Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :
- a SOAP header
<wsse:Security />
- a Authorization: Basic http header.
Here are the details of the implementation.
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
</basicHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="LocalWsBehavior">
<callbackDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<localSecurity/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
<!--<headers>
<wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
<wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
<wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
<wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>-->
</client>
</system.serviceModel>
Down the chain of c# class, we find this code :
void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
{
// nothing to do here
}
object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
{
SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
request.Headers.Add(header);
HttpRequestMessageProperty httpRequestMessage;
object httpRequestMessageObject;
if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
{
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
{
httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
}
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
else
{
httpRequestMessage = new HttpRequestMessageProperty();
httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
return header.Id;
}
The resulting SOAP envelope at the remote server side* is this :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
<a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
<wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
<wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
<wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
</s:Header>
<s:Body>
<getUser xmlns="http://url">
<id>200472</id>
</getUser>
</s:Body>
</s:Envelope>
I have followed many blog and documentation to make it until this point and I am still stuck :D
*To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.
I tried to play with the bindings configuration but no luck so far.
- What is wrong with my current configuration ?
- With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)
The username is not provided. Specify username in ClientCredentials.An error occurred when verifying security for the message. - With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :
the error :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
Many thanks for having read so far :)
Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.
Edit : The calling binding was wrong, it is now :
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
With that new binding my error is now :
{"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}
I find no content about this error, what is happening :/
Edit : Solved the error by re-adding establishSecurityContext="false"
in the binding.
Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config
It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.
wcf soap binding soapui wcf-binding
add a comment |
I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.
Connection is OK when using SoapUI.
Connection is KO when calling from my .net application.
Errors : The username is not provided. Specify username in ClientCredentials.
My application and the remote application are both running on IIS.
Here is the remote binding :
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
SoapUI works with the following configuration :
- Authorization : Basic
- Username: DOMAINusername
- Password : pwd
- Pre-Emptive authentication
When I check the raw request from SoapUI, it's sending this :
POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
Content-Length: 1371
Host: proxy-int.part.lan.net
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
<wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
<wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
<wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://UIR/getUser</wsa:Action>
</soap:Header>
<soap:Body>
<v2:getUser>
<!--Optional:-->
<v2:id>200785</v2:id>
</v2:getUser>
</soap:Body>
</soap:Envelope>
Everything above is working.
Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.
Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :
- a SOAP header
<wsse:Security />
- a Authorization: Basic http header.
Here are the details of the implementation.
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
</basicHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="LocalWsBehavior">
<callbackDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<localSecurity/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
<!--<headers>
<wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
<wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
<wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
<wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>-->
</client>
</system.serviceModel>
Down the chain of c# class, we find this code :
void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
{
// nothing to do here
}
object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
{
SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
request.Headers.Add(header);
HttpRequestMessageProperty httpRequestMessage;
object httpRequestMessageObject;
if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
{
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
{
httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
}
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
else
{
httpRequestMessage = new HttpRequestMessageProperty();
httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
return header.Id;
}
The resulting SOAP envelope at the remote server side* is this :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
<a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
<wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
<wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
<wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
</s:Header>
<s:Body>
<getUser xmlns="http://url">
<id>200472</id>
</getUser>
</s:Body>
</s:Envelope>
I have followed many blog and documentation to make it until this point and I am still stuck :D
*To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.
I tried to play with the bindings configuration but no luck so far.
- What is wrong with my current configuration ?
- With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)
The username is not provided. Specify username in ClientCredentials.An error occurred when verifying security for the message. - With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :
the error :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
Many thanks for having read so far :)
Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.
Edit : The calling binding was wrong, it is now :
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
With that new binding my error is now :
{"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}
I find no content about this error, what is happening :/
Edit : Solved the error by re-adding establishSecurityContext="false"
in the binding.
Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config
It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.
wcf soap binding soapui wcf-binding
I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.
Connection is OK when using SoapUI.
Connection is KO when calling from my .net application.
Errors : The username is not provided. Specify username in ClientCredentials.
My application and the remote application are both running on IIS.
Here is the remote binding :
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
SoapUI works with the following configuration :
- Authorization : Basic
- Username: DOMAINusername
- Password : pwd
- Pre-Emptive authentication
When I check the raw request from SoapUI, it's sending this :
POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
Content-Length: 1371
Host: proxy-int.part.lan.net
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
<wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
<wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
<wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://UIR/getUser</wsa:Action>
</soap:Header>
<soap:Body>
<v2:getUser>
<!--Optional:-->
<v2:id>200785</v2:id>
</v2:getUser>
</soap:Body>
</soap:Envelope>
Everything above is working.
Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.
Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :
- a SOAP header
<wsse:Security />
- a Authorization: Basic http header.
Here are the details of the implementation.
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
</basicHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="LocalWsBehavior">
<callbackDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<localSecurity/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
<!--<headers>
<wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
<wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
<wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
<wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>-->
</client>
</system.serviceModel>
Down the chain of c# class, we find this code :
void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
{
// nothing to do here
}
object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
{
SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
request.Headers.Add(header);
HttpRequestMessageProperty httpRequestMessage;
object httpRequestMessageObject;
if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
{
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
{
httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
}
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
else
{
httpRequestMessage = new HttpRequestMessageProperty();
httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
return header.Id;
}
The resulting SOAP envelope at the remote server side* is this :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
<a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
<wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
<wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
<wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
</s:Header>
<s:Body>
<getUser xmlns="http://url">
<id>200472</id>
</getUser>
</s:Body>
</s:Envelope>
I have followed many blog and documentation to make it until this point and I am still stuck :D
*To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.
I tried to play with the bindings configuration but no luck so far.
- What is wrong with my current configuration ?
- With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)
The username is not provided. Specify username in ClientCredentials.An error occurred when verifying security for the message. - With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :
the error :
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
Many thanks for having read so far :)
Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.
Edit : The calling binding was wrong, it is now :
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
With that new binding my error is now :
{"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}
I find no content about this error, what is happening :/
Edit : Solved the error by re-adding establishSecurityContext="false"
in the binding.
Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config
It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.
wcf soap binding soapui wcf-binding
wcf soap binding soapui wcf-binding
edited Nov 23 '18 at 16:31
Poutrathor
asked Nov 23 '18 at 14:39
PoutrathorPoutrathor
99921432
99921432
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
To add a username and password to the Service, you would need to do the following when setting up the service
// Instantiate the proxy
Service1Client proxy = new Service1Client();
// Set the user’s credentials on the proxy
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302
You can read up more on from Microsoft
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
add a comment |
Solved !!!
So much frustration, but writing a SO post and keeping it updated helped a lot.
I go celebrated and I will come back to detail the solution.
In short, use the implementation from the link I add in my edits, not my previous way.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448687%2fstuck-connecting-to-remote-soap-service-with-credentials%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
To add a username and password to the Service, you would need to do the following when setting up the service
// Instantiate the proxy
Service1Client proxy = new Service1Client();
// Set the user’s credentials on the proxy
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302
You can read up more on from Microsoft
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
add a comment |
To add a username and password to the Service, you would need to do the following when setting up the service
// Instantiate the proxy
Service1Client proxy = new Service1Client();
// Set the user’s credentials on the proxy
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302
You can read up more on from Microsoft
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
add a comment |
To add a username and password to the Service, you would need to do the following when setting up the service
// Instantiate the proxy
Service1Client proxy = new Service1Client();
// Set the user’s credentials on the proxy
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302
You can read up more on from Microsoft
To add a username and password to the Service, you would need to do the following when setting up the service
// Instantiate the proxy
Service1Client proxy = new Service1Client();
// Set the user’s credentials on the proxy
proxy.ClientCredentials.UserName.UserName = username;
proxy.ClientCredentials.UserName.Password = password;
This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302
You can read up more on from Microsoft
answered Nov 23 '18 at 15:54
mahlatsemahlatse
1,012519
1,012519
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
add a comment |
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
I can't do that, I have no proxy or serviceclient in my code.
– Poutrathor
Nov 23 '18 at 15:54
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
How do you instantiate your service then?
– mahlatse
Nov 23 '18 at 15:56
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
With a unity container registering the remote service and injections
– Poutrathor
Nov 23 '18 at 15:59
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
Can you show the bit of code where you tie your service with the EndpointBehavior?
– mahlatse
Nov 23 '18 at 16:05
add a comment |
Solved !!!
So much frustration, but writing a SO post and keeping it updated helped a lot.
I go celebrated and I will come back to detail the solution.
In short, use the implementation from the link I add in my edits, not my previous way.
add a comment |
Solved !!!
So much frustration, but writing a SO post and keeping it updated helped a lot.
I go celebrated and I will come back to detail the solution.
In short, use the implementation from the link I add in my edits, not my previous way.
add a comment |
Solved !!!
So much frustration, but writing a SO post and keeping it updated helped a lot.
I go celebrated and I will come back to detail the solution.
In short, use the implementation from the link I add in my edits, not my previous way.
Solved !!!
So much frustration, but writing a SO post and keeping it updated helped a lot.
I go celebrated and I will come back to detail the solution.
In short, use the implementation from the link I add in my edits, not my previous way.
answered Nov 23 '18 at 16:53
PoutrathorPoutrathor
99921432
99921432
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448687%2fstuck-connecting-to-remote-soap-service-with-credentials%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown