在soap消息中使用wsse安全标头（Visual Studio 2015，.Net Framework 4.5）

Question

I would like to consume a Soap Service provided by DHL. You can find the wsdl here: https://wsbexpress.dhl.com/sndpt/expressRateBook?WSDL

Therefore I created a new ClassLibrary in Visual Studio 2015 targeting .net framework 4.5.

Then I added a Web Reference to the created project by providing the wsdl address. I generated a proxy file with all types and ports in it but my first problem is, that the generated Service extends from System.Web.Services.Protocols.SoapHttpClientProtocol . As I read in recent posts it is not possible to get the wsse header to that proxy. Some posts advise to add wse but it seems wse is not supported by newer Visual Studio versions.

I tried to generate my proxy by svcutil. After that I added the generated .cs file to the project and copied the content of the generated config file to app.config. (of cause I removed the web reference) Now the Service class extends System.ServiceModel.ClientBase . (I thought the generator in VS uses svctool internally. If microsoft want people to use wcf why does the generator generate non-wcf proxy files.

I also created a nunit testproject which should test my service, but If I use the version with the svcutil generated version I get an error. I try to translate it to english as the error is displayed in german:

Could not find a default endpoint element which points to the service contract. As I figured out this is because the proxy is in its own class library and therefor doesn't really have an app.config. But my test project is a class library too.

What would be the actual way to consume a web service which needs ws security Username/Password auth these days?

Answer 1

You can add the Web Reference in compatibility mode (I am guessing you are doing so). If you are not adding the reference in compatibility mode, do the following:

Right click on references Add Service Reference-> Advanced -> Add Web Reference (Below the compatibility section), type the URL of the WS and add the reference.

The WSE2.0 extensions are available as a Nuget Package at:

https://www.nuget.org/packages/Microsoft.Web.Services2/

Install the nuget package on the package manager console running the following nugget command: Install-Package Microsoft.Web.Services2

After you installed the nuget package, you need to make sure your project is referencing the following DLL's:

1. System.Web
2. System.Web.Services
3. Microsoft.Web.Services2 (This will be added after you install the nuget package)

In order to use the WSE2.0 extensions, you need to actually modify the Proxy class that was created when you added the WebReference to inherit from "Microsoft.Web.Services2.WebServicesClientProtocol" instead of "System.Web.Services.Protocols.SoapHttpClientProtocol". Be aware that if you update the WebReference, the Proxy class will inherit againfrom SoapHttpClientProtocol.

Add the following using clauses to the code consuming the Proxy class:

using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;

After you make this changes, you code should look something like this:

var token = new UsernameToken("theUser", "thePassword", PasswordOption.SendHashed);

var serviceProxy = new ExpressRateBook.gblExpressRateBook();
SoapContext requestContext = serviceProxy.RequestSoapContext;
requestContext.Security.Timestamp.TtlInSeconds = 60;
requestContext.Security.Tokens.Add(token);
//The rest of the logic goes here...

I added the screenshot down below for your reference:

NOTE: I was unable to test the code since I am unfamiliar with the actual methods that you need to consume, the code displayed is just an example of what I saw in the proxy class, update it according to your needs. It should work fine if you follow the steps described before. Check the following link for more detailed instructions:

https://msdn.microsoft.com/en-us/library/ms819938.aspx

Answer 2

You can configure you Service Reference to add the Security Header as AW Rowse describes at http://cxdeveloper.com/article/implementing-ws-security-digest-password-nonce-net-40-wcf :

 private void Configure()
    {
        System.Net.ServicePointManager.ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => { return true; };

        defaultBinding = new BasicHttpBinding
        {
            Security =
            {
                Mode = BasicHttpSecurityMode.Transport,
                Transport =
                {
                    ClientCredentialType = HttpClientCredentialType.Digest
                }
            }
        };

        defaultToken = new UsernameToken(UserName, Password, PasswordOption.SendHashed);

        defaultSecurityHeader = MessageHeader.CreateHeader(
          "Security",
          "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
          defaultToken.GetXml(new XmlDocument())
        );
    }

And create you client/proxy like this:

public consulta_informacao_respttClient CriaConsultaClinicaClient()
    {
        var client = new consulta_informacao_respttClient(defaultBinding, new EndpointAddress("https://resqa.homologacao.unimed.coop.br/chs-integration-external-services-ptu-clinical/proxy-services/execute-query/execute-query-proxy-service"));
        client.ClientCredentials.UserName.UserName = UserName;
        client.ClientCredentials.UserName.Password = Password;

        var scope = new OperationContextScope(client.InnerChannel);

        OperationContext.Current.OutgoingMessageHeaders.Add(defaultSecurityHeader);
        return client;
    }

The properties you will need to create in your class are:

private BasicHttpBinding defaultBinding;
private UsernameToken defaultToken;
private MessageHeader defaultSecurityHeader;

You won't need to configure anything in app/web.config.