Consume a Web Service that requires WS-Security from ASP.NET 4.5 Application

c# web-services wcf soap-client ws-security
19,275

Solution 1

There is general information on all types of security and bindings here: http://msdn.microsoft.com/en-us/library/system.servicemodel.wshttpbinding.aspx

But you need to configure WS-Security in your web.config file as outlined here: http://msdn.microsoft.com/en-us/library/ms734663.aspx

For example, instead of <basicHttpBinding> you might use something like:

    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_ICalculator" />
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:8000/ServiceModelSamples/Service/CalculatorService"
            binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICalculator"
            contract="ServiceReference1.ICalculator" name="WSHttpBinding_ICalculator">
            <identity>
                <userPrincipalName value="[email protected]" />
            </identity>
        </endpoint>
    </client>

Here's a nice little tutorial on the subject as well: http://msdn.microsoft.com/en-us/library/ff648431.aspx

Hope this helps!

Solution 2

You can use custom binding like this:

<customBinding>
    <binding name="WSHttpBinding_TereService">
      <security authenticationMode="CertificateOverTransport" 
                defaultAlgorithmSuite="Basic128Rsa15" 
                enableUnsecuredResponse="true">
      </security>
      <textMessageEncoding messageVersion="Soap11WSAddressing10"/>
      <httpsTransport/>
    </binding>
</customBinding>

And setting your httpsTransport options

Share:
19,275
Diane
Author by

Diane

Updated on August 07, 2022

Comments

  • Diane
    Diane over 1 year

    I need to consume a web service that requires WS-Security based on X.509 certificates from ASP.NET 4.5 application. So far i have created the web reference but i don't know how implement WS-Security. I have no problem with getting the certificate, but i don't know how to use it in this case, i need to get advice on how to proceed.

    My code so far is very basic, i need to add WS-Security to it:

    var tere = new serviciotereSoapClient(); 
tere.ClientCredentials.ClientCertificate.Certificate = myCert;
var response = tere.agregarGuia( guia );

    Service configuration:

      <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="serviciotereSoapBinding" >
          <security mode="Transport">
            <transport clientCredentialType="None" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="Certificate" algorithmSuite="Default" />
          </security>          
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere"
        binding="basicHttpBinding" bindingConfiguration="serviciotereSoapBinding"
        contract="TEREReference.serviciotereSoap" name="serviciotereSoap" />
    </client>
  </system.serviceModel>

    EDIT 1

    Based on the answer of @TrevorBrooks i came with the following implementation:

    1. Create a service proxy using SvcUtil.exe
    2. Add wsHttpBinding to web.config
    3. Changed the endpoint to use the binding added in step 2.
    4. Changed the code to use the new WCF client.

    The web.config now looks like this:

    <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_TereService" >
          <security mode="Transport">
            <transport clientCredentialType="None" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="Certificate" algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere"
        binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_TereService"
        contract="serviciotereSoap" name="WSHttpBinding_TereService" />
    </client>
  </system.serviceModel>

    Now when invoking the service i get ProtocolException with the message:

    The content type text / xml; charset = UTF-8 of the response message does not match the content type of the binding (application / soap + xml; charset = utf-8). If using a custom encoder, be sure that the method is implemented properly IsContentTypeSupported. The first 372 bytes of the response were: 

            <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> 
            <env:Header> </ env: Header> 
            <env: Body > 
                <env: Fault xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'>
                <faultcode>env:Server</faultcode>
                <faultstring> org.jboss.ws.core.CommonSOAPFaultException: 
This service requires <wsse:Security>, which is missing </ faultstring>. </ Env: Fault> 
            </env:Body> 
        </env:Envelope>

    This error is a step forward for me because with basicHttpBinding the exception was more horrible
    The problem is because the Service requires WS-Security and need to sign the message with a certificate, that is my problem and i cannot yet figure out how to do it. In this other question i gave the details too.

    EDIT 2: I was now provided a sample envelope that works for the service.

    <soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-B259DAB3D28E48CB6A140000796019094">MIIC9TCCAd2gAwIBAgIIUiM4nWs8kfcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTkxMTIwWhcNMTgxMjIwMTQzNzEzWjBBMRQwEgYDVQQDDAtjb3VyaWVyLnRudDEOMAwGA1UECwwFc29maWExDDAKBgNVBAoMA2RuYTELMAkGA1UEBhMCcHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOS71x5+ChwGzWs4VlLgkePbU8/zFHUrrE8nFNVsukMCc5q5hCK8/CeNM+mxImilLdJrGoC2/000lQetB9B3AqIrAdOfBFU4/qsAlgWI+kt2jnUsJMLRjQfxhAKMeX4RUb0CmTcsnXtWlFvYFFjiUi9nUJVSxCsmldVFgLIAHRPjAgMBAAGjfzB9MB0GA1UdDgQWBBTCwBBmU7f/4SmNz7GNJ25ILkPuhjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDF+1hOSdgg2DFOUofnnXdx9TxjeMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAALVVGGNsTSMcfDBwkkNQH3MpfiNTo/mhH8ahqUVN1+5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt/93f74B3a3oMpBtbVEiku2BKUp5cJfkYe2c5zPOxk3nzmQwcEoB++RgX9DJOtUkKA/It2IM9/8ggUyjceJQCpBRiA9Kg7+h3HfmOKNn+9/pNu498JXhSRKa8Jr4pp/1udYRk+W8sKGEBtAU9MvL3y0AbvLhUD+MZyvpHGB17fslC8Nnd5EBQH8hQD+DWGepyCBIlb0NA13YEoLMcRKDcWvSPd0UGWo2G0IOeUZaGuzzIz2n04QrXvnqQKAOFd9yH2VfGtWE=</wsse:BinarySecurityToken>
    <ds:Signature Id="SIG-96" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ec:InclusiveNamespaces PrefixList="soapenv web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces>
        </ds:CanonicalizationMethod>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod>
        <ds:Reference URI="#id-95" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
              <ec:InclusiveNamespaces PrefixList="web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces>
            </ds:Transform>
          </ds:Transforms>
          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
          <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">whvAdAkypsWVXHXbIz/T54n0dBw=</ds:DigestValue>
        </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>
        MdHy5mceNtQWUD5WmVOzZU8roxD3EQkQmcZA9LsfhBcp3cFAD3P1qJJ9EyrRFBs5yCiYDY716Wzh
        M+tFybt1+EujXZZ3ytk4XaahkexNAG51iup1wvw0Km+nsj4u/x8DzTA/J9EG3ZdTSUrIVBsFcEQa
        TF4BwUAgGBS87xqL5zc=
      </ds:SignatureValue>
      <ds:KeyInfo Id="KI-B259DAB3D28E48CB6A140000796019095">
        <wsse:SecurityTokenReference wsu:Id="STR-B259DAB3D28E48CB6A140000796019096" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <wsse:Reference URI="#X509-B259DAB3D28E48CB6A140000796019094" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference>
        </wsse:SecurityTokenReference>
      </ds:KeyInfo>
    </ds:Signature>
    <wsu:Timestamp wsu:Id="TS-94">
      <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:06:00.188Z</wsu:Created>
      <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:07:00.188Z</wsu:Expires>
    </wsu:Timestamp>
  </wsse:Security>
</soapenv:Header>

    This is the one im passing that is not working:

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPowmum40QT95GqsY7XPKT7LIAAAAAvMwgorinWU+AVOWH+3TPjP6NBU03AZtHqle8GLRYcYAACQAA</VsDebuggerCausalityData>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2014-05-15T21:30:20.723Z</u:Created>
        <u:Expires>2014-05-15T21:35:20.723Z</u:Expires>
      </u:Timestamp>
      <o:BinarySecurityToken u:Id="uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC9jCCAd6gAwIBAgIINNZyZplkQHgwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTgzMjQ3WhcNMTgxMjIwMTQzNzEzWjBCMRUwEwYDVQQDDAxjb3Vycmllci5kaGwxDDAKBgNVBAsMA09QUzEOMAwGA1UECgwFREhMUFkxCzAJBgNVBAYTAlBZMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGoP0dxByIfto/hqJCOhobTdwQJ3AxJkqUeSNFnprAH8zi6HjBJhzkXptqXiR9GZR1H4U3UaN6aczKVh2PaPqU8ooTxjST0ywWBgXA1WP3ukrybUKxpSvqmiRJ/cANAYLovL+gmh2v/fqPiLs7vsgT+zj1330wRGqtrokYPMjlbQIDAQABo38wfTAdBgNVHQ4EFgQU6IHB4XfP7+rbryy1Ru8kFcfSDqcwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQxftYTknYINgxTlKH5513cfU8Y3jAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQB3NQC+0/VmC7A1MStKdc2NctTo7P+mhvIBe54U/Vs8I5vXiatKz01BzHIbl7chjP063V4YTtehDCGkwUTtARqpkua7RfdlMqsmcr1s3qnD4lUpGuAeVW0Wsrhu1xGjPf02fTBdD3yyGWCeUiNvKuoweeATlGyB/VlHJaZHN4HuJCnWlPic6uUUMBYqrOOa+wJr/OCFHqkEiBsUihD6ergj7AeAAFcG41GI2ZjVWK/PEB71sbQqqGgLpigAS9f8PNMm+TnQuizrvLPKm3hanOKYr9ORrbWjZCL3dva1YobK4ykvUYpncj6YsOtuDi62RcHYjT7IF9UoeZHBE2vePc+K</o:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <Reference URI="#_0">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>pM8KraJSLZumo77gD9+JF2f8eBU=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>MZ9ZTKeGj5KNUEn4R6cQhRhOdK0frNK1O5KRGbM+YqfvzlVwVKQ6n7p9rncbtrdGsLg3CVwUVwB7PBF78tDx3p0LjF/Eg015t6qouSyK/92qL3oRz/8TbqLKpe/1uySdmGhrqPrVlTDF2rHuFGwmQVSILyUVLg/nW7K+EDwS/Lg=</SignatureValue>
        <KeyInfo>
          <o:SecurityTokenReference>
            <o:Reference URI="#uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2"/>
          </o:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </o:Security>
  </s:Header> 
</s:Envelope>
  • Diane
    Diane almost 10 years
    Ok i will be trying to get all this pieces together and let you know. BTW in those links does not talk about signing with certificates. That is the main issue i have.
  • Diane
    Diane almost 10 years
    Well, i put all the info you gave me and now i get ProtocolException, the content type text/xml;charset=UTF-8 of the response message does not match the content type of the binding (application/soap+xml;charset=utf-8)... : '<env:Envelope xmlns:env='schemas.xmlsoap.org/soap/envelope'> <env:Header> </env:Header> <env:Body> <env:Fault xmlns:env='schemas.xmlsoap.org/soap/envelope/…: This service requires <wsse:Security>, which is missing </faultstring>. </Env:Fault> </env:Body></env:Envelope> '.
  • Diane
    Diane almost 10 years
    I edited the answer to reflect the changes i made based on your info.
  • TrevorBrooks
    TrevorBrooks almost 10 years
    Have you turned service tracing on? This can reveal a lot more information about potential problems. Check out this link on how to turn tracing on: msdn.microsoft.com/en-us/library/ms732023(v=vs.110).aspx
  • Diane
    Diane almost 10 years
    Finally i was provided with a sample envelop that conform to the service, i have updated the question, please review.
  • TrevorBrooks
    TrevorBrooks almost 10 years
    Did I answer your original question? Please mark it with a check mark as answered if so.
  • Diane
    Diane almost 10 years
    You are very close, that is why i +1 your answer, please see in the question the correct envelope that i need to send to the service and the one im passing. I fail to emit some attributes e.g. EncodingType for BinarySecurityToken.
  • TrevorBrooks
    TrevorBrooks almost 10 years
    Well, you've actually changed the question several times...is that really fair?
  • Diane
    Diane almost 10 years
    You are right. I mark your question as the anwswer because it put me in the right path. But please review this other question to follow up my problem. stackoverflow.com/questions/23663007/…
  • TrevorBrooks
    TrevorBrooks almost 10 years
    I would create a new question outlining what you have discovered so far and what your new error messages are, you'll probably get a lot more attention to the issue that way.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Invoking a web service with WS Security from .NET
Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme
How do I create a Web Service in Visual Studio.NET using a WSDL file?
WCF Client - How to process or ignore a MustUnderstand header element?
How to reduce Base64 size?
WebService Client Exception: Cannot Import wsdl:binding
An unsecured or incorrectly secured fault was received from the other party.(When working with SAML )
Session variable in WCF application
Problems with singleton pattern inside WCF service method
Call A Windows Service from a remote computer