如何在WCF中接受BinarySecurityToken？

Question

I'm creating a client that is consuming a web service provided to me by a customer. Now, I know for a fact the request goes through properly because Fiddler shows me the expected response. However, when this response reaches Visual Studio, it is unable to get parsed. I get the following error.

Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.

These are the details:

• Web service authenticates client by username and password applied to ClientCredentials var service = new ThatService.Config1Client(); service.ClientCredentials.UserName.UserName = SSO_USERNAME; service.ClientCredentials.UserName.Password = SSO_PASSWORD; var service = new ThatService.Config1Client(); service.ClientCredentials.UserName.UserName = SSO_USERNAME; service.ClientCredentials.UserName.Password = SSO_PASSWORD;
• Binding for service is: <basicHttpBinding> <binding name="Config1Binding" maxReceivedMessageSize="20000000" maxBufferSize="20000000" maxBufferPoolSize="20000000"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding>
• The web service response, which is successful, is this: <SOAP-ENV:Envelope xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:BinarySecurityToken wsu:Id="bst9162663ec77b11e68fe1000002849f3e" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBwzCCASygAwIBAgIBADANBgkqhkiG9w0BAQUFADAOMQwwCgYDVQQDEwNRQ1AwHhcNMTQwNDAyMTYwMDU4WhcNMTkwNDAyMTYwMDU4WjAOMQwwCgYDVQQDEwNRQ1AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANnDHqYQu8l14RTghFgGtSoVQIdeN8gKp4PtJwzO2cuck4fpRXa/7u9O7zRgAq5tvJIv4icKc/nux07F1pKRv76BDdbkTU8Ee979wBGUp3E2MMUiGd85GY/2YXnB4EhcypLR5eXSUD21ETeUGnNowL60uU7x/oTSUhrONaryIUk9AgMBAAGjMTAvMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUND5e3R+3YvyRyFO7lkHCxVnuS9EwDQYJKoZIhvcNAQEFBQADgYEAezmjggQmSnyHBEjfBCnY+g7i52hyowVm3zqQCtxPsUpoh94/uG+p2IjnKOsv2W4iFpvLLvx7Ibxeo73Xl8izZtV56WbgYuOQtBSA0fByhth21twkTo4BsxOBx3MY54t4XNW3krDHQWH9AeOVm5BDjm/DSczsiZSMayjcIaWSZrg=</wsse:BinarySecurityToken> <wsu:Timestamp wsu:Id="ts91626640c77b11e6aaf4000002849f3e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2016-12-21T12:47:01Z</wsu:Created> <wsu:Expires>2016-12-21T12:47:31Z</wsu:Expires> </wsu:Timestamp> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI="#ts91626640c77b11e6aaf4000002849f3e"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>8Nzthh4Iq5CQ84Vkqf3m8JUW6dY=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#DSIG-9162663fc77b11e69538000002849f3e"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>schVLt5XWejFzwLVExDAS09WiVE=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>tM0rKAA7c72BDMjt9H/4qLS4pqnFnQeyBzUYK0SPOAkMKumFTHSszPlRDkPOAh7sTMyzPgBWVxrKJd6IVbSNDpHAD9OZ/v5ZbqCG/xJLWQdUtgH9TqJ1EKCjBAOFsicnXylHxyGZqzpR506lmbTu0k8CL7e+DAv7cHXgRyGIMPo=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#bst9162663ec77b11e68fe1000002849f3e" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="DSIG-9162663fc77b11e69538000002849f3e" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wst-05-02="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:sapsp="http://www.sap.com/NW05/soap/features/security/SecurityPolicy" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc"> <ns2:GetLoginSessionCustomerResponse xmlns:ns2="http://confidential.url/example"> <return>CUSTOMERSPECIFICDETAILS</return> </ns2:GetLoginSessionCustomerResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope> <SOAP-ENV:Envelope xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:BinarySecurityToken wsu:Id="bst9162663ec77b11e68fe1000002849f3e" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBwzCCASygAwIBAgIBADANBgkqhkiG9w0BAQUFADAOMQwwCgYDVQQDEwNRQ1AwHhcNMTQwNDAyMTYwMDU4WhcNMTkwNDAyMTYwMDU4WjAOMQwwCgYDVQQDEwNRQ1AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANnDHqYQu8l14RTghFgGtSoVQIdeN8gKp4PtJwzO2cuck4fpRXa/7u9O7zRgAq5tvJIv4icKc/nux07F1pKRv76BDdbkTU8Ee979wBGUp3E2MMUiGd85GY/2YXnB4EhcypLR5eXSUD21ETeUGnNowL60uU7x/oTSUhrONaryIUk9AgMBAAGjMTAvMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUND5e3R+3YvyRyFO7lkHCxVnuS9EwDQYJKoZIhvcNAQEFBQADgYEAezmjggQmSnyHBEjfBCnY+g7i52hyowVm3zqQCtxPsUpoh94/uG+p2IjnKOsv2W4iFpvLLvx7Ibxeo73Xl8izZtV56WbgYuOQtBSA0fByhth21twkTo4BsxOBx3MY54t4XNW3krDHQWH9AeOVm5BDjm/DSczsiZSMayjcIaWSZrg=</wsse:BinarySecurityToken> <wsu:Timestamp wsu:Id="ts91626640c77b11e6aaf4000002849f3e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2016-12-21T12:47:01Z</wsu:Created> <wsu:Expires>2016-12-21T12:47:31Z</wsu:Expires> </wsu:Timestamp> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI="#ts91626640c77b11e6aaf4000002849f3e"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>8Nzthh4Iq5CQ84Vkqf3m8JUW6dY=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#DSIG-9162663fc77b11e69538000002849f3e"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>schVLt5XWejFzwLVExDAS09WiVE=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>tM0rKAA7c72BDMjt9H/4qLS4pqnFnQeyBzUYK0SPOAkMKumFTHSszPlRDkPOAh7sTMyzPgBWVxrKJd6IVbSNDpHAD9OZ/v5ZbqCG/xJLWQdUtgH9TqJ1EKCjBAOFsicnXylHxyGZqzpR506lmbTu0k8CL7e+DAv7cHXgRyGIMPo=</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#bst9162663ec77b11e68fe1000002849f3e" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="DSIG-9162663fc77b11e69538000002849f3e" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wst-05-02="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:sapsp="http://www.sap.com/NW05/soap/features/security/SecurityPolicy" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc"> <ns2:GetLoginSessionCustomerResponse xmlns:ns2="http://confidential.url/example"> <return>CUSTOMERSPECIFICDETAILS</return> </ns2:GetLoginSessionCustomerResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

Answer 1

i guess the problem is here

<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>

You are specifying ClientCredentialType to None which Specifies that the client does not need to present any credential. This translates to an anonymous client.

I guess it would be great if you go through this one article posted at msdn. It would be also great if you have a look at selecting a credential type