带有 WCF 消息安全的soapUI

Question

I am trying to configure my WCF (.NET 4.0) service so that it can be tested using soapUI. I am using wsHttpBinding with message security. My goal is to expose the service on a public test endpoint and try to load-test it with loadUI which uses soapUI tests. For this to work the endpoint needs to be secure and since my production endpoint will use message security I figure my test one should also use it in order to achieve close to production load test results.

I can't seem to be able to configure soapUI to successfully call the service. I have tried a number of combinations of signing and encrypting input and output with the client and server certificate. Has anybody managed to achieve a successful message security configuration of WCF and soapUI?

The following are exerpts from my configuration:

Binding:

  <wsHttpBinding>

            <binding name="MessageSecurity">
                <security mode="Message">
                    <message clientCredentialType="Certificate" negotiateServiceCredential="false"/>
                </security>
            </binding>

        </wsHttpBinding>

Behavior

    <behaviors>
        <serviceBehaviors>
            <behavior name="customBehavior">
                <serviceMetadata httpGetEnabled="True"/>
                <serviceDebug includeExceptionDetailInFaults="True"/>

                <serviceCredentials>
                    <clientCertificate>
                        <authentication certificateValidationMode="PeerTrust"/>
                    </clientCertificate>
                    <serviceCertificate findValue="MyWebServicesCertificate" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>

        <endpointBehaviors>
            <behavior name="webHttp">
                <webHttp/>
            </behavior>
        </endpointBehaviors>

    </behaviors>
</system.serviceModel>

Service:

            <service behaviorConfiguration="customBehavior" name="MyService">

            <!-- Service Endpoint -->
            <endpoint name="Production" address="" binding="wsHttpBinding" bindingConfiguration="MessageSecurity" contract="IMyService">

                <identity>
                    <dns value="web_services_svr"/>
                </identity>
            </endpoint>




            <host>
                <baseAddresses>
                    <add baseAddress="http://web_services_svr/MyService.svc" />
                </baseAddresses>
            </host>

        </service>

Answer 1

set negotiateServiceCredential to false and also establishSecuritySession to false.

after this interoperability is possible. If you add ProtectionLecel.Sign on your contracts (eg do not encrypt) it is even easier.

Answer 2

You might want to check for few things.

1) Set negotiateServiceCredential="false"

<wsHttpBinding>
   <binding name="wsHttpSecure">
      <security mode="Message">
         <message clientCredentialType="UserName" negotiateServiceCredential="false"    
                  establishSecurityContext="false" algorithmSuite="Default" />
      </security>
   </binding>
</wsHttpBinding>

2) Also make sure in SOAP UI you check mark "Add default WSA To"

Check this link http://ddkonline.blogspot.com.br/2012/10/wcf-45-host-unreachable-when-calling.html

3) For passing client certificate check following link

http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html

I hope that helps.

Answer 3

There is an issue with SoapUI in a network where there is a web proxy. You must configure the proxy settings in SoapUI to get this to work, assuming there was no other problem.

Answer 4

Try making the call using firefox plugin or curl. If you can get the call running successfuly using any tool, try to copy the request and run it from soapUI. If the call works using any other tool, it should work as well in soapUI unless you making soap/tcp call

Answer 5

Had the same problem.

Eventually gave up and took the security out - WCF: soapUI error "BadContextToken"