WS-Trust, WS-Security & WS-A Addressing Binding in WCF Client
Question
I am trying to consume a WCF service with WS-Trust client credentials from a C# client. I've tried a couple of different bindings from here and all over the Internet. However, I am getting either a Bad Request or SOAP Fault. I have a Java example working and I can trace what it exchanges with the WCF Service, but I cannot make the client. Can someone help with the binding setting on the client?
The java client is speaking with the server as follows:
---[HTTP request - https://**************/Services/Search***********.svc]---
Accept: application/soap+xml, multipart/related
Authorization: Basic ******************************xRbmJWS0Q1Mm1YcTRPY3**********
Content-Type: application/soap+xml; charset=utf-8;action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT"
User-Agent: Metro/2.4.4 (RELEASE-2.4.4-ce05bec; 2020-04-17T12:44:48+0000) JAXWS-RI/2.3.3 JAXWS-API/2.3.3 JAXB-RI/2.3.3 JAXB-API/2.3.3 git-revision#unknown
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">https://**************/Services/Search***********.svc</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<FaultTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</FaultTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:44bf6c41-2849-4de2-97a7-************</MessageID>
<wsse:Security S:mustUnderstand="true">
<wsu:Timestamp xmlns:ns15="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns14="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_1">
<wsu:Created>2021-12-29T09:23:12Z</wsu:Created>
<wsu:Expires>2021-12-29T09:28:12Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:ns15="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns14="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="uuid_a61ea72c-cd8d-4227-b491-2e3f15f8b345">
<wsse:Username>********************</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">***********************</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</S:Header>
<S:Body>
<ns5:RequestSecurityToken xmlns:ns5="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:ns6="http://www.w3.org/2005/08/addressing" xmlns:ns7="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:ns8="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns9="http://www.w3.org/2000/09/xmldsig#" xmlns:ns10="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:ns11="http://www.w3.org/2001/10/xml-exc-c14n#">
<ns5:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</ns5:TokenType>
<ns5:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</ns5:RequestType>
<ns5:Entropy ns5:Type="BinarySecret">
<ns5:BinarySecret Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">******************************</ns5:BinarySecret>
</ns5:Entropy>
<ns5:KeySize>256</ns5:KeySize>
<ns5:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</ns5:KeyType>
<ns5:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</ns5:ComputedKeyAlgorithm>
</ns5:RequestSecurityToken>
</S:Body>
</S:Envelope>
---[HTTP response - https://**************/Services/Search***********.svc - 200]---
null: HTTP/1.1 200 OK
Content-Length: 2512
Content-Type: application/soap+xml; charset=utf-8
Date: Wed, 29 Dec 2021 09:23:11 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</a:Action>
<a:RelatesTo>uuid:44bf6c41-2849-4de2-97a7-************</a:RelatesTo>
<ActivityId CorrelationId="ca5edda2-dec1-4894-b6c4-c22167273583" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">00000000-0000-0000-0000-000000000000</ActivityId>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2021-12-29T09:23:11.248Z</u:Created>
<u:Expires>2021-12-29T09:28:11.248Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestedSecurityToken>
<c:SecurityContextToken u:Id="uuid-7571d678-81a8-4e83-864e-************-239" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:9a971b5d-342b-46f7-86c0-************</c:Identifier>
</c:SecurityContextToken>
</t:RequestedSecurityToken>
<t:RequestedAttachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-7571d678-81a8-4e83-864e-************-239"/>
</o:SecurityTokenReference>
</t:RequestedAttachedReference>
<t:RequestedUnattachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference URI="urn:uuid:9a971b5d-342b-46f7-86c0-************" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</o:SecurityTokenReference>
</t:RequestedUnattachedReference>
<t:RequestedProofToken>
<t:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKey>
</t:RequestedProofToken>
<t:Entropy>
<t:BinarySecret u:Id="uuid-7571d678-81a8-4e83-864e-************-240" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">86Xjtk5UAoS91+JJ814SjnKjR18USaf6oKBuGxL1m/E=</t:BinarySecret>
</t:Entropy>
<t:Lifetime>
<u:Created>2021-12-29T09:23:11.248Z</u:Created>
<u:Expires>2021-12-30T00:23:11.248Z</u:Expires>
</t:Lifetime>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityTokenResponse>
</s:Body>
</s:Envelope>
--------------------
---[HTTP request - https://**************/Services/Search***********.svc ]---
Accept: application/soap+xml, multipart/related
Authorization: Basic ******************************xRbmJWS0Q1Mm1YcTRPY3**********
Content-Type: application/soap+xml; charset=utf-8;action="http://**************/Services/ISearch***********/Search"
User-Agent: Metro/2.4.4 (RELEASE-2.4.4-ce05bec; 2020-04-17T12:44:48+0000) JAXWS-RI/2.3.3 JAXWS-API/2.3.3 JAXB-RI/2.3.3 JAXB-API/2.3.3 git-revision#unknown
<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">
<S:Header>
<To xmlns="http://www.w3.org/2005/08/addressing">https://**************/Services/Search***********.svc</To>
<Action xmlns="http://www.w3.org/2005/08/addressing">http://**************/Services/ISearch***********/Search</Action>
<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</ReplyTo>
<FaultTo xmlns="http://www.w3.org/2005/08/addressing">
<Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
</FaultTo>
<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:e31b494f-6cb3-4058-8410-************</MessageID>
<wsse:Security S:mustUnderstand="true">
<wsu:Timestamp xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="_1">
<wsu:Created>2021-12-29T09:23:13Z</wsu:Created>
<wsu:Expires>2021-12-29T09:28:13Z</wsu:Expires>
</wsu:Timestamp>
<wsc:SecurityContextToken xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/" wsu:Id="uuid-7571d678-81a8-4e83-864e-ab96c72ff0fa-239">
<wsc:Identifier>urn:uuid:9a971b5d-342b-46f7-86c0-************</wsc:Identifier>
</wsc:SecurityContextToken>
<ds:Signature xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://schemas.xmlsoap.org/soap/envelope/" Id="_2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsse S"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<ds:Reference URI="#_1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<exc14n:InclusiveNamespaces PrefixList="wsu wsse S"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>****************************</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>****************************</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference wsu:Id="_5002">
<wsse:Reference URI="#uuid-7571d678-81a8-4e83-864e-************-239" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body>
<Search xmlns="http://**********************/services" xmlns:ns2="http://schemas.microsoft.com/2003/10/Serialization/">
<request>
.......
</request>
</Search>
</S:Body>
</S:Envelope>
--------------------
1 answers
solution1
0 2021-12-30 05:19:54
I've solved the authentication. I'm giving it as a reference for anyone having such an issue.
Client Config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
</startup>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ISearchCompanies" messageEncoding="Text" textEncoding="utf-8">
<security
mode="TransportWithMessageCredential">
<transport
clientCredentialType="Basic"
proxyCredentialType="None"
realm="" />
<message
clientCredentialType="UserName"
negotiateServiceCredential="false"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint
address="https://*******************/Services/SearchCompanies.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_ISearchCompanies"
contract="SearchCompaniesReference.ISearchCompanies"
name="WSHttpBinding_ISearchCompanies" />
</client>
<diagnostics>
<messageLogging logEntireMessage="true" maxMessagesToLog="300" logMessagesAtServiceLevel="true" logMalformedMessages="true" logMessagesAtTransportLevel="true" />
</diagnostics>
</system.serviceModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="All" propagateActivity="true">
<listeners>
<add name="xml" />
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="xml" />
</listeners>
</source>
<source name="System.Runtime.Serialization">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="TracingAndLogging-client.svclog" type="System.Diagnostics.XmlWriterTraceListener" name="xml" />
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
</configuration>
client example:
class Program
{
static void Main(string[] args)
{
var client = new SearchCompaniesReference.SearchCompaniesClient("WSHttpBinding_ISearchCompanies");
client.ClientCredentials.UserName.UserName = "****************************";
client.ClientCredentials.UserName.Password = "***********************************";
var result = client.Search(new SearchCompaniesReference.CompanySearchRequest
{
VatNumber = "099999999",
IncludeYperouData = false
});
Console.WriteLine($"{nameof(result.RespCode)}: {result.RespCode}");
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
WCF Client with WS-Security
WCF Client consuming WS-Security webservice
WCF Consume WS-Security
Remove WS-Addressing/WS-Security sections from WSE 3.0 Client request
WCF Client - Specifying the signature algorithm for WS-Security Timestamp signature
WCF client using WS-Security to call java web service
Which bits of SOAP / WS-Security / WS-Addressing / etc do I need to send this message
Creating a SOAP Header with WS-Addressing and WS-Security from scratch
No WS-Security header found
WCF Client for web service with WS-Security, signed headers, authentication tokens and encryption of body
Related Tags