Consume a Web Service that requires WS-Security from ASP.NET 4.5 Application
Solution 1
There is general information on all types of security and bindings here: http://msdn.microsoft.com/en-us/library/system.servicemodel.wshttpbinding.aspx
But you need to configure WS-Security in your web.config file as outlined here: http://msdn.microsoft.com/en-us/library/ms734663.aspx
For example, instead of <basicHttpBinding>
you might use something like:
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator" />
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8000/ServiceModelSamples/Service/CalculatorService"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICalculator"
contract="ServiceReference1.ICalculator" name="WSHttpBinding_ICalculator">
<identity>
<userPrincipalName value="[email protected]" />
</identity>
</endpoint>
</client>
Here's a nice little tutorial on the subject as well: http://msdn.microsoft.com/en-us/library/ff648431.aspx
Hope this helps!
Solution 2
You can use custom binding like this:
<customBinding>
<binding name="WSHttpBinding_TereService">
<security authenticationMode="CertificateOverTransport"
defaultAlgorithmSuite="Basic128Rsa15"
enableUnsecuredResponse="true">
</security>
<textMessageEncoding messageVersion="Soap11WSAddressing10"/>
<httpsTransport/>
</binding>
</customBinding>
And setting your httpsTransport options
Diane
Updated on August 07, 2022Comments
-
Diane over 1 year
I need to consume a web service that requires WS-Security based on X.509 certificates from ASP.NET 4.5 application. So far i have created the web reference but i don't know how implement WS-Security. I have no problem with getting the certificate, but i don't know how to use it in this case, i need to get advice on how to proceed.
My code so far is very basic, i need to add WS-Security to it:
var tere = new serviciotereSoapClient(); tere.ClientCredentials.ClientCertificate.Certificate = myCert; var response = tere.agregarGuia( guia );
Service configuration:
<system.serviceModel> <bindings> <basicHttpBinding> <binding name="serviciotereSoapBinding" > <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere" binding="basicHttpBinding" bindingConfiguration="serviciotereSoapBinding" contract="TEREReference.serviciotereSoap" name="serviciotereSoap" /> </client> </system.serviceModel>
EDIT 1
Based on the answer of @TrevorBrooks i came with the following implementation:
- Create a service proxy using SvcUtil.exe
- Add wsHttpBinding to web.config
- Changed the endpoint to use the binding added in step 2.
- Changed the code to use the new WCF client.
The web.config now looks like this:
<system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_TereService" > <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_TereService" contract="serviciotereSoap" name="WSHttpBinding_TereService" /> </client> </system.serviceModel>
Now when invoking the service i get ProtocolException with the message:
The content type text / xml; charset = UTF-8 of the response message does not match the content type of the binding (application / soap + xml; charset = utf-8). If using a custom encoder, be sure that the method is implemented properly IsContentTypeSupported. The first 372 bytes of the response were:
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header> </ env: Header> <env: Body > <env: Fault xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <faultcode>env:Server</faultcode> <faultstring> org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing </ faultstring>. </ Env: Fault> </env:Body> </env:Envelope>
This error is a step forward for me because with basicHttpBinding the exception was more horrible
The problem is because the Service requires WS-Security and need to sign the message with a certificate, that is my problem and i cannot yet figure out how to do it. In this other question i gave the details too.EDIT 2: I was now provided a sample envelope that works for the service.
<soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-B259DAB3D28E48CB6A140000796019094">MIIC9TCCAd2gAwIBAgIIUiM4nWs8kfcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTkxMTIwWhcNMTgxMjIwMTQzNzEzWjBBMRQwEgYDVQQDDAtjb3VyaWVyLnRudDEOMAwGA1UECwwFc29maWExDDAKBgNVBAoMA2RuYTELMAkGA1UEBhMCcHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOS71x5+ChwGzWs4VlLgkePbU8/zFHUrrE8nFNVsukMCc5q5hCK8/CeNM+mxImilLdJrGoC2/000lQetB9B3AqIrAdOfBFU4/qsAlgWI+kt2jnUsJMLRjQfxhAKMeX4RUb0CmTcsnXtWlFvYFFjiUi9nUJVSxCsmldVFgLIAHRPjAgMBAAGjfzB9MB0GA1UdDgQWBBTCwBBmU7f/4SmNz7GNJ25ILkPuhjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDF+1hOSdgg2DFOUofnnXdx9TxjeMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAALVVGGNsTSMcfDBwkkNQH3MpfiNTo/mhH8ahqUVN1+5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt/93f74B3a3oMpBtbVEiku2BKUp5cJfkYe2c5zPOxk3nzmQwcEoB++RgX9DJOtUkKA/It2IM9/8ggUyjceJQCpBRiA9Kg7+h3HfmOKNn+9/pNu498JXhSRKa8Jr4pp/1udYRk+W8sKGEBtAU9MvL3y0AbvLhUD+MZyvpHGB17fslC8Nnd5EBQH8hQD+DWGepyCBIlb0NA13YEoLMcRKDcWvSPd0UGWo2G0IOeUZaGuzzIz2n04QrXvnqQKAOFd9yH2VfGtWE=</wsse:BinarySecurityToken> <ds:Signature Id="SIG-96" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ec:InclusiveNamespaces PrefixList="soapenv web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod> <ds:Reference URI="#id-95" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ec:InclusiveNamespaces PrefixList="web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">whvAdAkypsWVXHXbIz/T54n0dBw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> MdHy5mceNtQWUD5WmVOzZU8roxD3EQkQmcZA9LsfhBcp3cFAD3P1qJJ9EyrRFBs5yCiYDY716Wzh M+tFybt1+EujXZZ3ytk4XaahkexNAG51iup1wvw0Km+nsj4u/x8DzTA/J9EG3ZdTSUrIVBsFcEQa TF4BwUAgGBS87xqL5zc= </ds:SignatureValue> <ds:KeyInfo Id="KI-B259DAB3D28E48CB6A140000796019095"> <wsse:SecurityTokenReference wsu:Id="STR-B259DAB3D28E48CB6A140000796019096" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#X509-B259DAB3D28E48CB6A140000796019094" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="TS-94"> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:06:00.188Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:07:00.188Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header>
This is the one im passing that is not working:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPowmum40QT95GqsY7XPKT7LIAAAAAvMwgorinWU+AVOWH+3TPjP6NBU03AZtHqle8GLRYcYAACQAA</VsDebuggerCausalityData> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2014-05-15T21:30:20.723Z</u:Created> <u:Expires>2014-05-15T21:35:20.723Z</u:Expires> </u:Timestamp> <o:BinarySecurityToken u:Id="uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC9jCCAd6gAwIBAgIINNZyZplkQHgwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTgzMjQ3WhcNMTgxMjIwMTQzNzEzWjBCMRUwEwYDVQQDDAxjb3Vycmllci5kaGwxDDAKBgNVBAsMA09QUzEOMAwGA1UECgwFREhMUFkxCzAJBgNVBAYTAlBZMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGoP0dxByIfto/hqJCOhobTdwQJ3AxJkqUeSNFnprAH8zi6HjBJhzkXptqXiR9GZR1H4U3UaN6aczKVh2PaPqU8ooTxjST0ywWBgXA1WP3ukrybUKxpSvqmiRJ/cANAYLovL+gmh2v/fqPiLs7vsgT+zj1330wRGqtrokYPMjlbQIDAQABo38wfTAdBgNVHQ4EFgQU6IHB4XfP7+rbryy1Ru8kFcfSDqcwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQxftYTknYINgxTlKH5513cfU8Y3jAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQB3NQC+0/VmC7A1MStKdc2NctTo7P+mhvIBe54U/Vs8I5vXiatKz01BzHIbl7chjP063V4YTtehDCGkwUTtARqpkua7RfdlMqsmcr1s3qnD4lUpGuAeVW0Wsrhu1xGjPf02fTBdD3yyGWCeUiNvKuoweeATlGyB/VlHJaZHN4HuJCnWlPic6uUUMBYqrOOa+wJr/OCFHqkEiBsUihD6ergj7AeAAFcG41GI2ZjVWK/PEB71sbQqqGgLpigAS9f8PNMm+TnQuizrvLPKm3hanOKYr9ORrbWjZCL3dva1YobK4ykvUYpncj6YsOtuDi62RcHYjT7IF9UoeZHBE2vePc+K</o:BinarySecurityToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>pM8KraJSLZumo77gD9+JF2f8eBU=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MZ9ZTKeGj5KNUEn4R6cQhRhOdK0frNK1O5KRGbM+YqfvzlVwVKQ6n7p9rncbtrdGsLg3CVwUVwB7PBF78tDx3p0LjF/Eg015t6qouSyK/92qL3oRz/8TbqLKpe/1uySdmGhrqPrVlTDF2rHuFGwmQVSILyUVLg/nW7K+EDwS/Lg=</SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:Reference URI="#uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2"/> </o:SecurityTokenReference> </KeyInfo> </Signature> </o:Security> </s:Header> </s:Envelope>
-
Diane almost 10 yearsOk i will be trying to get all this pieces together and let you know. BTW in those links does not talk about signing with certificates. That is the main issue i have.
-
Diane almost 10 yearsWell, i put all the info you gave me and now i get ProtocolException, the content type text/xml;charset=UTF-8 of the response message does not match the content type of the binding (application/soap+xml;charset=utf-8)... : '<env:Envelope xmlns:env='schemas.xmlsoap.org/soap/envelope'> <env:Header> </env:Header> <env:Body> <env:Fault xmlns:env='schemas.xmlsoap.org/soap/envelope/…: This service requires <wsse:Security>, which is missing </faultstring>. </Env:Fault> </env:Body></env:Envelope> '.
-
Diane almost 10 yearsI edited the answer to reflect the changes i made based on your info.
-
TrevorBrooks almost 10 yearsHave you turned service tracing on? This can reveal a lot more information about potential problems. Check out this link on how to turn tracing on: msdn.microsoft.com/en-us/library/ms732023(v=vs.110).aspx
-
Diane almost 10 yearsFinally i was provided with a sample envelop that conform to the service, i have updated the question, please review.
-
TrevorBrooks almost 10 yearsDid I answer your original question? Please mark it with a check mark as answered if so.
-
Diane almost 10 yearsYou are very close, that is why i +1 your answer, please see in the question the correct envelope that i need to send to the service and the one im passing. I fail to emit some attributes e.g. EncodingType for BinarySecurityToken.
-
TrevorBrooks almost 10 yearsWell, you've actually changed the question several times...is that really fair?
-
Diane almost 10 yearsYou are right. I mark your question as the anwswer because it put me in the right path. But please review this other question to follow up my problem. stackoverflow.com/questions/23663007/…
-
TrevorBrooks almost 10 yearsI would create a new question outlining what you have discovered so far and what your new error messages are, you'll probably get a lot more attention to the issue that way.