从.Net调用Java Web服务的安全策略错误

Question

I am trying to call a Java web service, over Http not Https, using .Net. The only hint I got from the web service team is to pass the credential either in SOAP message or in the endpoint settings.

I have created a simple console application and added a service reference to the web service. The following is the generated binding (I see that there is warning about unrecognized policy but cannot figure what it means or whether it is relevant or not):

<customBinding>
    <binding name="CurrencyInformationServiceSoapBinding">
        <!--    WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://www.openuri.org/':    -->
        <!--    <wsdl:binding name='CurrencyInformationServiceSoapBinding'>    -->
        <!--        <ns1:SupportingTokens xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">..</ns1:SupportingTokens>    -->
        <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
            messageVersion="Soap11" writeEncoding="utf-8">
            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
        </textMessageEncoding>
      <!--<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>-->  
      <httpTransport manualAddressing="false" maxBufferPoolSize="524288"
            maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
            bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
            keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
            realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
            useDefaultWebProxy="true" />
    </binding>
</customBinding>

Here are my trials:

Using the following code:

CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();  
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();  

or supplying the credentials in Windows property

CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();  
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("crmuser", "welcome1");  
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();  

or supplying the credentials in UserName property

CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();  
client.ClientCredentials.UserName.UserName = "someuser";  
client.ClientCredentials.UserName.Password = "somepassword";  
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();  

resulted in

 System.ServiceModel.FaultException: Error on verifying message against security policy Error code:1000

As per one comment I have seen, I have tried to add the following tag in the binding and call the web service by passing the credentials in UserName property of ClientCredentials

<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>

but the result was

System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

I have tried to use WSHttpBinding instead of the CustomBinding generated by VS as follows:

WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
EndpointAddress ea = new EndpointAddress("http://someurl/CurrencyInformationService.jws");
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient(binding, ea);
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();

but the result was

System.ServiceModel.ProtocolException: Content Type application/soap+xml; charset=utf-8 was not supported by service http://someurl/CurrencyInformationService.jws.  The client andservice bindings may be mismatched. ---> System.Net.WebException: The remote server returned an error: (415) Unsupported Media Type.

I have received a working request from the vendor and tried it in soapUI and it gave a correct response.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soap:Header>
                <wsse:Security soap:mustUnderstand="1">
                        <wsse:UsernameToken wsu:Id="SecurityToken-35598fb7-5aa2-4623-b07b-3277c6578beb" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                                <wsse:Username>someuser</wsse:Username>
                                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somepassword</wsse:Password>
                        </wsse:UsernameToken>
                </wsse:Security>
        </soap:Header>
        <soap:Body>
                <getAllForeignCurrencies xmlns="http://www.openuri.org/">
                </getAllForeignCurrencies>
        </soap:Body>
</soap:Envelope>

Can someone give me a hint how to generate such a SOAP request?

Answer 1

I was facing the same issue while consuming a java web service using .Net, and this thread helped me partially in being able to consume web service.

But, somehow I came across this post and it worked as a final solution for me : http://weblog.west-wind.com/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication

Below settings worked fine for me:

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="CustomSoapBinding">
          <security includeTimestamp="false"
                    authenticationMode="UserNameOverTransport"
                    defaultAlgorithmSuite="Basic256"
                    requireDerivedKeys="false"
                    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
          </security>
          <textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
          <httpsTransport maxReceivedMessageSize="2000000000"/>
        </binding>
      </customBinding>
    </bindings>
    <client>
      <endpoint address="https://notrealurl.com:443/services/RealTimeOnline"
                binding="customBinding"
                bindingConfiguration="CustomSoapBinding"
                contract="RealTimeOnline.RealTimeOnline"
                name="RealTimeOnline" />
    </client>
  </system.serviceModel>
  <startup>
    <supportedRuntime version="v4.0"
                      sku=".NETFramework,Version=v4.0"/>
  </startup>
</configuration>

Answer 2

If you use SSL use this:

<basicHttpBinding>
                <binding name="NewBinding0">
                    <security mode="TransportWithMessageCredential" />
                </binding>
</basicHttpBinding>

If no SSL then use CUB .