WCF Siebel服务认证

Question

I am developing an integration with an Siebel EAI webservice, and I can`t figure out how the authentication works

The request below works normally on SoapUi:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:cus="http://siebel.com/CustomUI">
   <soapenv:Header>
  <UsernameToken xmlns="http://siebel.com/webservices">BRBD</UsernameToken>
  <PasswordText xmlns="http://siebel.com/webservices">2015</PasswordText>
  </soapenv:Header>
   <soapenv:Body>
      <cus:GetTransactionForDays_Input>
         <cus:Program_spcName>Loyalty Program – Agroservice</cus:Program_spcName>
         <cus:Days>10</cus:Days>
      </cus:GetTransactionForDays_Input>
   </soapenv:Body>
</soapenv:Envelope>

What I need is to reproduce this request as a WCF client. My code looks like this:

            PartnersWs.BCS_spcLOY_spcPeriod_spcTransactionClient tran = 
                new BCS_spcLOY_spcPeriod_spcTransactionClient("myCustomBinding", 
                    "http://[server]/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&WSSOAP=1");

            GetTransactionForDays_Input inp = new GetTransactionForDays_Input();
            inp.Days = "1";
            inp.Program_spcName = "Loyalty Program - Puntos Poderosos";

            GetTransactionForDaysRequest req = new GetTransactionForDaysRequest(inp);
            tran.ClientCredentials.UserName.UserName = "BRBD";
            tran.ClientCredentials.UserName.Password = "2015";

            tran.GetTransactionForDays(inp);

My custom binding configuration (because I don`t want to use https, so i need to specify allowInsecure):

  <customBinding>
    <binding name="myCustomBinding">
      <transactionFlow />
      <security
          authenticationMode="SecureConversation"
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
          allowInsecureTransport="true" allowSerializedSigningTokenOnReply="true" >
        <secureConversationBootstrap
          authenticationMode="UserNameForSslNegotiated"
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
      </security>
      <textMessageEncoding />
      <httpTransport decompressionEnabled="true" useDefaultWebProxy="true"/>
    </binding>
  </customBinding>

The response from server is:

The content type text/xml;charset=utf-8 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 756 bytes of the response were: '<?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode>**<faultstring>
  Error Code: 10944642 Error Message: Error: Inbound SOAP Message - Session Token is missing or invalid or has expired</faultstring>**<detail><siebelf:errorstack xmlns:siebelf="http://www.siebel.com/ws/fault"><siebelf:error><siebelf:errorsymbol /><siebelf:errormsg>Error: Inbound SOAP Message - Session Token is missing or invalid or has expired</siebelf:errormsg></siebelf:error></siebelf:errorstack></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'.

Any ideas? tks

Answer 1

According to Siebel Bookshelf WS-Security (which you are implementing in your bindings) and security headers used in Siebel SOAP webservices are 2 totally different things.

Please correct your bindings to not include WS-Security model - instead treat header fields like any other field (but with correct namespace included).

There are also different ways to authenticate into Siebel (you may want to look into that as well):

• anonymous pool (no authentication required at all)
• user name & password given in web service endpoint URL