简体   繁体   中英

Calling Java SOAP 1.1 Service by WCF Client

Why a SOAP1.1 Web Service written in JAVA may not recognize a valid cert passed by WCF client?

We are getting 500 error from the service indicating that the service doesn't trust our cert. Can it be something to do with the WCF implementation of SOAP standard differing from what Java service expects to see?

Here's the WCF config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>

    <behaviors>
      <endpointBehaviors>
        <behavior name="ourCert">
          <clientCredentials>
            <clientCertificate x509FindType="FindBySubjectName" findValue="MyCompany"/>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>

    <bindings>
      <customBinding>
        <binding name="wsHttpSoap11" >
          <textMessageEncoding messageVersion="Soap11" />
          <httpsTransport requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>

    <client>
      <endpoint address="https://{site}.com/site.wsdl"
                binding="customBinding"
                behaviorConfiguration="ourCert"
                bindingConfiguration="wsHttpSoap11"
                contract="ServiceContract">
      </endpoint>
    </client>

  </system.serviceModel>

  <system.net>
    <defaultProxy useDefaultCredentials="true" />
  </system.net>

</configuration>

The certificate is validated against a trust chain so the generating framework is not relevant. Also note you use a transport level certificate so SOAP is less likely to be the source of error.

I suggest you do the following:

  1. Build a working java client to this service (either generate a certificate using openssl or use the one you have if it's in jks format). Verify the client is working.
  2. Convert the jks certificate to pfx and use it with a WCF client. The WCF client should now also be working.

If WCF still fails than compare the outgoing SOAP generated by the java and wcf clients (you can use fiddler to capture it). This might hint on other differences (maybe you actually need a message certificate and not transport, maybe your soap version is mismatched, etc).

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM