Stuck connecting to remote SOAP service with credentials





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.



Connection is OK when using SoapUI.
Connection is KO when calling from my .net application.



Errors : The username is not provided. Specify username in ClientCredentials.



My application and the remote application are both running on IIS.



Here is the remote binding :



<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>


SoapUI works with the following configuration :




  • Authorization : Basic

  • Username: DOMAINusername

  • Password : pwd

  • Pre-Emptive authentication


When I check the raw request from SoapUI, it's sending this :



POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
Content-Length: 1371
Host: proxy-int.part.lan.net
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
<wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
<wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
<wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://UIR/getUser</wsa:Action>
</soap:Header>
<soap:Body>
<v2:getUser>
<!--Optional:-->
<v2:id>200785</v2:id>
</v2:getUser>
</soap:Body>
</soap:Envelope>


Everything above is working.





Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.



Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :




  • a SOAP header <wsse:Security />

  • a Authorization: Basic http header.


Here are the details of the implementation.



<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="Transport">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
</basicHttpBinding>
</bindings>
<extensions>
<behaviorExtensions>
<add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="LocalWsBehavior">
<callbackDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<localSecurity/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
<!--<headers>
<wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
<wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
<wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
<wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>-->
</client>
</system.serviceModel>


Down the chain of c# class, we find this code :



    void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
{
// nothing to do here
}

object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
{
SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
request.Headers.Add(header);
HttpRequestMessageProperty httpRequestMessage;
object httpRequestMessageObject;
if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
{
httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
{
httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
}
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
else
{
httpRequestMessage = new HttpRequestMessageProperty();
httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
}
return header.Id;
}


The resulting SOAP envelope at the remote server side* is this :



<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
<a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
<wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
<wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
<wsse:Username>PARTsvc-iisbackend</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
<wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
<a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
</s:Header>
<s:Body>
<getUser xmlns="http://url">
<id>200472</id>
</getUser>
</s:Body>
</s:Envelope>


I have followed many blog and documentation to make it until this point and I am still stuck :D



*To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.



I tried to play with the bindings configuration but no luck so far.




  • What is wrong with my current configuration ?

  • With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)The username is not provided. Specify username in ClientCredentials. An error occurred when verifying security for the message.

  • With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :


the error :



<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>


Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
Many thanks for having read so far :)



Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.



Edit : The calling binding was wrong, it is now :



<binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" />
<message clientCredentialType="UserName" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>


With that new binding my error is now :



{"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}


I find no content about this error, what is happening :/



Edit : Solved the error by re-adding establishSecurityContext="false" in the binding.



Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config



It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.










share|improve this question































    0















    I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.



    Connection is OK when using SoapUI.
    Connection is KO when calling from my .net application.



    Errors : The username is not provided. Specify username in ClientCredentials.



    My application and the remote application are both running on IIS.



    Here is the remote binding :



    <bindings>
    <wsHttpBinding>
    <binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
    <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None" />
    <message clientCredentialType="UserName" establishSecurityContext="false" />
    </security>
    </binding>
    </wsHttpBinding>
    </bindings>


    SoapUI works with the following configuration :




    • Authorization : Basic

    • Username: DOMAINusername

    • Password : pwd

    • Pre-Emptive authentication


    When I check the raw request from SoapUI, it's sending this :



    POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
    Accept-Encoding: gzip,deflate
    Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
    Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
    Content-Length: 1371
    Host: proxy-int.part.lan.net
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
    <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
    <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
    <wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
    <wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
    <wsse:Username>PARTsvc-iisbackend</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
    <wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    <wsa:Action>http://UIR/getUser</wsa:Action>
    </soap:Header>
    <soap:Body>
    <v2:getUser>
    <!--Optional:-->
    <v2:id>200785</v2:id>
    </v2:getUser>
    </soap:Body>
    </soap:Envelope>


    Everything above is working.





    Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.



    Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :




    • a SOAP header <wsse:Security />

    • a Authorization: Basic http header.


    Here are the details of the implementation.



    <system.serviceModel>
    <bindings>
    <wsHttpBinding>
    <binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
    <security mode="Transport">
    <transport clientCredentialType="None"/>
    </security>
    <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
    </binding>
    <binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
    <security mode="Transport">
    <transport clientCredentialType="Basic" />
    <message clientCredentialType="UserName" />
    </security>
    <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
    </binding>
    </wsHttpBinding>
    <basicHttpBinding>
    <binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
    </basicHttpBinding>
    </bindings>
    <extensions>
    <behaviorExtensions>
    <add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
    </behaviorExtensions>
    </extensions>
    <behaviors>
    <endpointBehaviors>
    <behavior name="LocalWsBehavior">
    <callbackDebug includeExceptionDetailInFaults="true" />
    <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
    <localSecurity/>
    </behavior>
    </endpointBehaviors>
    </behaviors>
    <client>
    <endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
    <!--<headers>
    <wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
    <wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
    <wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
    <wsse:Username>PARTsvc-iisbackend</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
    <wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    </headers>
    </endpoint>-->
    </client>
    </system.serviceModel>


    Down the chain of c# class, we find this code :



        void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
    {
    // nothing to do here
    }

    object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
    {
    SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
    request.Headers.Add(header);
    HttpRequestMessageProperty httpRequestMessage;
    object httpRequestMessageObject;
    if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
    {
    httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
    if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
    {
    httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
    }
    request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
    }
    else
    {
    httpRequestMessage = new HttpRequestMessageProperty();
    httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
    request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
    }
    return header.Id;
    }


    The resulting SOAP envelope at the remote server side* is this :



    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
    <s:Header>
    <a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
    <a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
    <a:ReplyTo>
    <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
    <wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
    <wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
    <wsse:Username>PARTsvc-iisbackend</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
    <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
    <wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>
    <a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
    </s:Header>
    <s:Body>
    <getUser xmlns="http://url">
    <id>200472</id>
    </getUser>
    </s:Body>
    </s:Envelope>


    I have followed many blog and documentation to make it until this point and I am still stuck :D



    *To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.



    I tried to play with the bindings configuration but no luck so far.




    • What is wrong with my current configuration ?

    • With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)The username is not provided. Specify username in ClientCredentials. An error occurred when verifying security for the message.

    • With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :


    the error :



    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
    <s:Header>
    <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
    <a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
    </s:Header>
    <s:Body>
    <s:Fault>
    <s:Code>
    <s:Value>s:Sender</s:Value>
    <s:Subcode>
    <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
    </s:Subcode>
    </s:Code>
    <s:Reason>
    <s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
    </s:Reason>
    </s:Fault>
    </s:Body>
    </s:Envelope>


    Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
    Many thanks for having read so far :)



    Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.



    Edit : The calling binding was wrong, it is now :



    <binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
    <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="Basic" />
    <message clientCredentialType="UserName" />
    </security>
    <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
    </binding>


    With that new binding my error is now :



    {"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}


    I find no content about this error, what is happening :/



    Edit : Solved the error by re-adding establishSecurityContext="false" in the binding.



    Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config



    It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.










    share|improve this question



























      0












      0








      0








      I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.



      Connection is OK when using SoapUI.
      Connection is KO when calling from my .net application.



      Errors : The username is not provided. Specify username in ClientCredentials.



      My application and the remote application are both running on IIS.



      Here is the remote binding :



      <bindings>
      <wsHttpBinding>
      <binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="None" />
      <message clientCredentialType="UserName" establishSecurityContext="false" />
      </security>
      </binding>
      </wsHttpBinding>
      </bindings>


      SoapUI works with the following configuration :




      • Authorization : Basic

      • Username: DOMAINusername

      • Password : pwd

      • Pre-Emptive authentication


      When I check the raw request from SoapUI, it's sending this :



      POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
      Accept-Encoding: gzip,deflate
      Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
      Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
      Content-Length: 1371
      Host: proxy-int.part.lan.net
      Connection: Keep-Alive
      User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

      <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
      <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
      <wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
      <wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
      <wsse:Username>PARTsvc-iisbackend</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
      <wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      <wsa:Action>http://UIR/getUser</wsa:Action>
      </soap:Header>
      <soap:Body>
      <v2:getUser>
      <!--Optional:-->
      <v2:id>200785</v2:id>
      </v2:getUser>
      </soap:Body>
      </soap:Envelope>


      Everything above is working.





      Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.



      Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :




      • a SOAP header <wsse:Security />

      • a Authorization: Basic http header.


      Here are the details of the implementation.



      <system.serviceModel>
      <bindings>
      <wsHttpBinding>
      <binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="Transport">
      <transport clientCredentialType="None"/>
      </security>
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      </binding>
      <binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="Transport">
      <transport clientCredentialType="Basic" />
      <message clientCredentialType="UserName" />
      </security>
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      </binding>
      </wsHttpBinding>
      <basicHttpBinding>
      <binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
      </basicHttpBinding>
      </bindings>
      <extensions>
      <behaviorExtensions>
      <add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
      </behaviorExtensions>
      </extensions>
      <behaviors>
      <endpointBehaviors>
      <behavior name="LocalWsBehavior">
      <callbackDebug includeExceptionDetailInFaults="true" />
      <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
      <localSecurity/>
      </behavior>
      </endpointBehaviors>
      </behaviors>
      <client>
      <endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
      <!--<headers>
      <wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
      <wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
      <wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
      <wsse:Username>PARTsvc-iisbackend</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
      <wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      </headers>
      </endpoint>-->
      </client>
      </system.serviceModel>


      Down the chain of c# class, we find this code :



          void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
      {
      // nothing to do here
      }

      object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
      {
      SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
      request.Headers.Add(header);
      HttpRequestMessageProperty httpRequestMessage;
      object httpRequestMessageObject;
      if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
      {
      httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
      if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
      {
      httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
      }
      request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
      }
      else
      {
      httpRequestMessage = new HttpRequestMessageProperty();
      httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
      request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
      }
      return header.Id;
      }


      The resulting SOAP envelope at the remote server side* is this :



      <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
      <a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
      <a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
      <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
      </a:ReplyTo>
      <wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
      <wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
      <wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
      <wsse:Username>PARTsvc-iisbackend</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
      <wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      <a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
      </s:Header>
      <s:Body>
      <getUser xmlns="http://url">
      <id>200472</id>
      </getUser>
      </s:Body>
      </s:Envelope>


      I have followed many blog and documentation to make it until this point and I am still stuck :D



      *To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.



      I tried to play with the bindings configuration but no luck so far.




      • What is wrong with my current configuration ?

      • With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)The username is not provided. Specify username in ClientCredentials. An error occurred when verifying security for the message.

      • With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :


      the error :



      <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
      <a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
      </s:Header>
      <s:Body>
      <s:Fault>
      <s:Code>
      <s:Value>s:Sender</s:Value>
      <s:Subcode>
      <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
      </s:Subcode>
      </s:Code>
      <s:Reason>
      <s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
      </s:Reason>
      </s:Fault>
      </s:Body>
      </s:Envelope>


      Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
      Many thanks for having read so far :)



      Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.



      Edit : The calling binding was wrong, it is now :



      <binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="Basic" />
      <message clientCredentialType="UserName" />
      </security>
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      </binding>


      With that new binding my error is now :



      {"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}


      I find no content about this error, what is happening :/



      Edit : Solved the error by re-adding establishSecurityContext="false" in the binding.



      Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config



      It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.










      share|improve this question
















      I need to connect to a remote SOAP service. For several days that I have been trying all the many configurations without success.



      Connection is OK when using SoapUI.
      Connection is KO when calling from my .net application.



      Errors : The username is not provided. Specify username in ClientCredentials.



      My application and the remote application are both running on IIS.



      Here is the remote binding :



      <bindings>
      <wsHttpBinding>
      <binding name="WsHttpBinding_Default" maxReceivedMessageSize="524288000" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="None" />
      <message clientCredentialType="UserName" establishSecurityContext="false" />
      </security>
      </binding>
      </wsHttpBinding>
      </bindings>


      SoapUI works with the following configuration :




      • Authorization : Basic

      • Username: DOMAINusername

      • Password : pwd

      • Pre-Emptive authentication


      When I check the raw request from SoapUI, it's sending this :



      POST https://domain.name/TestNode/V_ServicePartenaireDS/v5.svc HTTP/1.1
      Accept-Encoding: gzip,deflate
      Content-Type: application/soap+xml;charset=UTF-8;action="http://URI/getUser"
      Authorization: Basic UEFSVFxzdmMtaWlzYmsdfsdfsdfphZG1pbjEyMy0t
      Content-Length: 1371
      Host: proxy-int.part.lan.net
      Connection: Keep-Alive
      User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

      <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v2="http://cnc.fr/Circe/Partenaires/v2.7">
      <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154297086643492">
      <wsu:Created>2018-11-23T11:01:06Z</wsu:Created>
      <wsu:Expires>2018-11-23T16:34:26Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154297086643491">
      <wsse:Username>PARTsvc-iisbackend</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">yi71/jQzUJw/lzReixSgOA==</wsse:Nonce>
      <wsu:Created>2018-11-23T11:01:06.434Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      <wsa:Action>http://UIR/getUser</wsa:Action>
      </soap:Header>
      <soap:Body>
      <v2:getUser>
      <!--Optional:-->
      <v2:id>200785</v2:id>
      </v2:getUser>
      </soap:Body>
      </soap:Envelope>


      Everything above is working.





      Now, what am I doing in my .net 4.6.1 application ? I am trying to send the same request that SoapUI is sending.



      Here is how I do : web.config with endpoints, bindings and behaviour extension. The extended behaviour implements an EndPoint Behaviour that calls an Inspector (from ApplyClientBehavior) from which I use the BeforeSendRequest to add two things :




      • a SOAP header <wsse:Security />

      • a Authorization: Basic http header.


      Here are the details of the implementation.



      <system.serviceModel>
      <bindings>
      <wsHttpBinding>
      <binding name="WsHttpBinding_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="Transport">
      <transport clientCredentialType="None"/>
      </security>
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      </binding>
      <binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="Transport">
      <transport clientCredentialType="Basic" />
      <message clientCredentialType="UserName" />
      </security>
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      </binding>
      </wsHttpBinding>
      <basicHttpBinding>
      <binding name="BasicHttp_Default" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00" />
      </basicHttpBinding>
      </bindings>
      <extensions>
      <behaviorExtensions>
      <add name="localSecurity" type="Users.UsersImplementation.Service.ImplementationCommon.BehaviorExtensionBasicAuthent, Users.UsersImplementation"/>
      </behaviorExtensions>
      </extensions>
      <behaviors>
      <endpointBehaviors>
      <behavior name="LocalWsBehavior">
      <callbackDebug includeExceptionDetailInFaults="true" />
      <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
      <localSecurity/>
      </behavior>
      </endpointBehaviors>
      </behaviors>
      <client>
      <endpoint address="https://domain/TestNode/V_ServiceUser/v5.svc" behaviorConfiguration="LocalWsBehavior" binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_Authentication" contract="App.UserDSContract.IServiceUserDS" name="" />
      <!--<headers>
      <wsse:Security xmlns:soap="schemas.xmlsoap.org/soap/envelope" soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="TS-268FDC1861EA4F5F3C154289160250080">
      <wsu:Created>2018-11-22T15:15:02Z</wsu:Created>
      <wsu:Expires>2018-11-22T18:33:22Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken wsu:Id="UsernameToken-268FDC1861EA4F5F3C154289160250079">
      <wsse:Username>PARTsvc-iisbackend</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pws</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">NcDsjgc1/cRNuHVMR7kJBw==</wsse:Nonce>
      <wsu:Created>2018-11-22T15:15:02.499Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      </headers>
      </endpoint>-->
      </client>
      </system.serviceModel>


      Down the chain of c# class, we find this code :



          void IClientMessageInspector.AfterReceiveReply(ref Message reply, object correlationState)
      {
      // nothing to do here
      }

      object IClientMessageInspector.BeforeSendRequest(ref Message request, IClientChannel channel)
      {
      SoapSecurityHeader header = new SoapSecurityHeader("PART\svc-iisbackend", "pwd");
      request.Headers.Add(header);
      HttpRequestMessageProperty httpRequestMessage;
      object httpRequestMessageObject;
      if (request.Properties.TryGetValue(HttpRequestMessageProperty.Name, out httpRequestMessageObject))
      {
      httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
      if (string.IsNullOrEmpty(httpRequestMessage.Headers[HttpRequestHeader.Authorization]))
      {
      httpRequestMessage.Headers[HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--"));
      }
      request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
      }
      else
      {
      httpRequestMessage = new HttpRequestMessageProperty();
      httpRequestMessage.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes("PART\svc-iisbackend-sagre" + ":" + "admin123--")));
      request.Properties.Add(HttpRequestMessageProperty.Name, httpRequestMessage);
      }
      return header.Id;
      }


      The resulting SOAP envelope at the remote server side* is this :



      <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
      <a:Action s:mustUnderstand="1">http://UIR/getUser</a:Action>
      <a:MessageID>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:MessageID>
      <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
      </a:ReplyTo>
      <wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsu:Timestamp wsu:Id="TS-f7abfe27c28e4209b8c028ef78bdf739">
      <wsu:Created>2018-11-23T14:37:46.59Z</wsu:Created>
      <wsu:Expires>2018-11-23T16:37:46.59Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken wsu:Id="UsernameToken-aff0ea1c178c4843babf4afa5cd280f6">
      <wsse:Username>PARTsvc-iisbackend</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">pwd</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qdiFSufkRLuPRHTwDYPzBDTu1/o=</wsse:Nonce>
      <wsu:Created>2018-11-23T14:37:46.593Z</wsu:Created>
      </wsse:UsernameToken>
      </wsse:Security>
      <a:To s:mustUnderstand="1">https://domain.url/V_ServiceUser/v5.svc</a:To>
      </s:Header>
      <s:Body>
      <getUser xmlns="http://url">
      <id>200472</id>
      </getUser>
      </s:Body>
      </s:Envelope>


      I have followed many blog and documentation to make it until this point and I am still stuck :D



      *To get the message to hit the server I need to use the default binding configuration WsHttpBinding_Default. When I am using the WsHttpBinding_Authentication the request does not seem to be processed by the remote server.



      I tried to play with the bindings configuration but no luck so far.




      • What is wrong with my current configuration ?

      • With WsHttpBinding_Authentication I got the said error (edited : wrong error copied pasted)The username is not provided. Specify username in ClientCredentials. An error occurred when verifying security for the message.

      • With WsHttpBinding_Default, the remote server processed a bit of the request and reject it with the following error :


      the error :



      <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
      <a:RelatesTo>urn:uuid:2b66b328-778f-4967-925a-01b75d9ab607</a:RelatesTo>
      </s:Header>
      <s:Body>
      <s:Fault>
      <s:Code>
      <s:Value>s:Sender</s:Value>
      <s:Subcode>
      <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
      </s:Subcode>
      </s:Code>
      <s:Reason>
      <s:Text xml:lang="fr-FR">Une erreur s'est produite lors de la vérification de la sécurité du message.</s:Text>
      </s:Reason>
      </s:Fault>
      </s:Body>
      </s:Envelope>


      Sorry for the wall of text, I hope everything needed to get a clear view of my issue is here.
      Many thanks for having read so far :)



      Edit : as you can see I also tried to put the header directly in the xml endpoint but no success so far.



      Edit : The calling binding was wrong, it is now :



      <binding name="WsHttpBinding_Authentication" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
      <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="Basic" />
      <message clientCredentialType="UserName" />
      </security>
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
      </binding>


      With that new binding my error is now :



      {"globalErrors":["Message with Action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT' is unknown and cannot be forwarded to the recipient. This may happen if message Action was changed, or if operation was disabled or deleted from the service contract."]}


      I find no content about this error, what is happening :/



      Edit : Solved the error by re-adding establishSecurityContext="false" in the binding.



      Edit : To add credentials I am using that post answers : Set WCF ClientCredentials in App.config



      It seems to work, I am making progress toward an old error : An error occurred when verifying security for the message.







      wcf soap binding soapui wcf-binding






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 23 '18 at 16:31







      Poutrathor

















      asked Nov 23 '18 at 14:39









      PoutrathorPoutrathor

      99921432




      99921432
























          2 Answers
          2






          active

          oldest

          votes


















          0














          To add a username and password to the Service, you would need to do the following when setting up the service



          // Instantiate the proxy  
          Service1Client proxy = new Service1Client();

          // Set the user’s credentials on the proxy
          proxy.ClientCredentials.UserName.UserName = username;
          proxy.ClientCredentials.UserName.Password = password;


          This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302



          You can read up more on from Microsoft






          share|improve this answer
























          • I can't do that, I have no proxy or serviceclient in my code.

            – Poutrathor
            Nov 23 '18 at 15:54











          • How do you instantiate your service then?

            – mahlatse
            Nov 23 '18 at 15:56











          • With a unity container registering the remote service and injections

            – Poutrathor
            Nov 23 '18 at 15:59











          • Can you show the bit of code where you tie your service with the EndpointBehavior?

            – mahlatse
            Nov 23 '18 at 16:05



















          0














          Solved !!!



          So much frustration, but writing a SO post and keeping it updated helped a lot.



          I go celebrated and I will come back to detail the solution.



          In short, use the implementation from the link I add in my edits, not my previous way.






          share|improve this answer
























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448687%2fstuck-connecting-to-remote-soap-service-with-credentials%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            To add a username and password to the Service, you would need to do the following when setting up the service



            // Instantiate the proxy  
            Service1Client proxy = new Service1Client();

            // Set the user’s credentials on the proxy
            proxy.ClientCredentials.UserName.UserName = username;
            proxy.ClientCredentials.UserName.Password = password;


            This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302



            You can read up more on from Microsoft






            share|improve this answer
























            • I can't do that, I have no proxy or serviceclient in my code.

              – Poutrathor
              Nov 23 '18 at 15:54











            • How do you instantiate your service then?

              – mahlatse
              Nov 23 '18 at 15:56











            • With a unity container registering the remote service and injections

              – Poutrathor
              Nov 23 '18 at 15:59











            • Can you show the bit of code where you tie your service with the EndpointBehavior?

              – mahlatse
              Nov 23 '18 at 16:05
















            0














            To add a username and password to the Service, you would need to do the following when setting up the service



            // Instantiate the proxy  
            Service1Client proxy = new Service1Client();

            // Set the user’s credentials on the proxy
            proxy.ClientCredentials.UserName.UserName = username;
            proxy.ClientCredentials.UserName.Password = password;


            This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302



            You can read up more on from Microsoft






            share|improve this answer
























            • I can't do that, I have no proxy or serviceclient in my code.

              – Poutrathor
              Nov 23 '18 at 15:54











            • How do you instantiate your service then?

              – mahlatse
              Nov 23 '18 at 15:56











            • With a unity container registering the remote service and injections

              – Poutrathor
              Nov 23 '18 at 15:59











            • Can you show the bit of code where you tie your service with the EndpointBehavior?

              – mahlatse
              Nov 23 '18 at 16:05














            0












            0








            0







            To add a username and password to the Service, you would need to do the following when setting up the service



            // Instantiate the proxy  
            Service1Client proxy = new Service1Client();

            // Set the user’s credentials on the proxy
            proxy.ClientCredentials.UserName.UserName = username;
            proxy.ClientCredentials.UserName.Password = password;


            This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302



            You can read up more on from Microsoft






            share|improve this answer













            To add a username and password to the Service, you would need to do the following when setting up the service



            // Instantiate the proxy  
            Service1Client proxy = new Service1Client();

            // Set the user’s credentials on the proxy
            proxy.ClientCredentials.UserName.UserName = username;
            proxy.ClientCredentials.UserName.Password = password;


            This is when you are using standard WS username and password, I have added an answer to my own question after experiencing the exact same thing as well, The link is WCF Service inside aspnet webforms throwing 302



            You can read up more on from Microsoft







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 23 '18 at 15:54









            mahlatsemahlatse

            1,012519




            1,012519













            • I can't do that, I have no proxy or serviceclient in my code.

              – Poutrathor
              Nov 23 '18 at 15:54











            • How do you instantiate your service then?

              – mahlatse
              Nov 23 '18 at 15:56











            • With a unity container registering the remote service and injections

              – Poutrathor
              Nov 23 '18 at 15:59











            • Can you show the bit of code where you tie your service with the EndpointBehavior?

              – mahlatse
              Nov 23 '18 at 16:05



















            • I can't do that, I have no proxy or serviceclient in my code.

              – Poutrathor
              Nov 23 '18 at 15:54











            • How do you instantiate your service then?

              – mahlatse
              Nov 23 '18 at 15:56











            • With a unity container registering the remote service and injections

              – Poutrathor
              Nov 23 '18 at 15:59











            • Can you show the bit of code where you tie your service with the EndpointBehavior?

              – mahlatse
              Nov 23 '18 at 16:05

















            I can't do that, I have no proxy or serviceclient in my code.

            – Poutrathor
            Nov 23 '18 at 15:54





            I can't do that, I have no proxy or serviceclient in my code.

            – Poutrathor
            Nov 23 '18 at 15:54













            How do you instantiate your service then?

            – mahlatse
            Nov 23 '18 at 15:56





            How do you instantiate your service then?

            – mahlatse
            Nov 23 '18 at 15:56













            With a unity container registering the remote service and injections

            – Poutrathor
            Nov 23 '18 at 15:59





            With a unity container registering the remote service and injections

            – Poutrathor
            Nov 23 '18 at 15:59













            Can you show the bit of code where you tie your service with the EndpointBehavior?

            – mahlatse
            Nov 23 '18 at 16:05





            Can you show the bit of code where you tie your service with the EndpointBehavior?

            – mahlatse
            Nov 23 '18 at 16:05













            0














            Solved !!!



            So much frustration, but writing a SO post and keeping it updated helped a lot.



            I go celebrated and I will come back to detail the solution.



            In short, use the implementation from the link I add in my edits, not my previous way.






            share|improve this answer




























              0














              Solved !!!



              So much frustration, but writing a SO post and keeping it updated helped a lot.



              I go celebrated and I will come back to detail the solution.



              In short, use the implementation from the link I add in my edits, not my previous way.






              share|improve this answer


























                0












                0








                0







                Solved !!!



                So much frustration, but writing a SO post and keeping it updated helped a lot.



                I go celebrated and I will come back to detail the solution.



                In short, use the implementation from the link I add in my edits, not my previous way.






                share|improve this answer













                Solved !!!



                So much frustration, but writing a SO post and keeping it updated helped a lot.



                I go celebrated and I will come back to detail the solution.



                In short, use the implementation from the link I add in my edits, not my previous way.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 23 '18 at 16:53









                PoutrathorPoutrathor

                99921432




                99921432






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53448687%2fstuck-connecting-to-remote-soap-service-with-credentials%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    Xamarin.form Move up view when keyboard appear

                    Post-Redirect-Get with Spring WebFlux and Thymeleaf

                    Anylogic : not able to use stopDelay()