Connecting to a WSE 3.0 Web Service From a WCF Client

Question

I'm having difficulty connecting to a 3rd party WSE 3.0 web service from a WCF client. I have implemented the custom binding class as indicated in this KB article:

http://msdn.microsoft.com/en-us/library/ms734745.aspx

The problem seems to have to do with the security assertion used by the web service - UsernameOverTransport.

When I attempt to call a method, I get the following exception:

System.InvalidOperationException: The 'WseHttpBinding'.'[namespace]' binding for the 'MyWebServiceSoap'.'[namespace]' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality..

It is expecting a username, password, and CN number. In the example code supplied to us by the vendor, these credentials are bundled in a Microsoft.Web.Services3.Security.Tokens.UsernameToken. Here's the example supplied by the vendor:

MyWebServiceWse proxy = new MyWebServiceWse();

UsernameToken token = new UsernameToken("Username", "password", PasswordOption.SendPlainText);

token.Id = "<supplied CN Number>";

proxy.SetClientCredential(token);

proxy.SetPolicy(new Policy(new UsernameOverTransportAssertion(), new RequireActionHeaderAssertion()));

MyObject mo = proxy.MyMethod();

---

This works fine from a 2.0 app w/ WSE 3.0 installed. Here is a snippet of the code from my WCF client:

EndpointAddress address = new EndpointAddress(new Uri("<web service uri here>"));

WseHttpBinding binding = new WseHttpBinding(); // This is the custom binding I created per the MS KB article

binding.SecurityAssertion = WseSecurityAssertion.UsernameOverTransport;
binding.EstablishSecurityContext = false;

// Not sure about the value of either of these next two
binding.RequireDerivedKeys = true;
binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

MembershipServiceSoapClient proxy = new MembershipServiceSoapClient(binding, address);

// This is where I believe the problem lies – I can’t seem to properly setup the security credentials the web service is expecting 

proxy.ClientCredentials.UserName.UserName = "username";
proxy.ClientCredentials.UserName.Password = "pwd";
// How do I supply the CN number?                      

MyObject mo = proxy.MyMethod(); // this throws the exception

I've scoured the web looking for an answer to this question. Some sources get me close (like the MS KB article), but I can't seem to get over the hump. Can someone help me out?

Answer 1

I had success in a similar case with the following binding configuration:

<bindings>
   <customBinding>
      <binding name="FNCEWS40MTOMBinding">
         <security enableUnsecuredResponse="true" authenticationMode="UserNameOverTransport"
                   allowInsecureTransport="true" messageProtectionOrder="SignBeforeEncrypt">
            <secureConversationBootstrap />
         </security>
         <mtomMessageEncoding messageVersion="Soap12WSAddressingAugust2004"
                              maxBufferSize="2147483647" />
         <httpTransport maxReceivedMessageSize="2147483647" />
     </binding>
  </customBinding>
</bindings>

Hope it works for you too.

Answer 2

The error message is refering to Transport Level Security, this usually means https.

You have not shown your configuration files. But I am guessing that you have configured security to be transport (or it is required as a consiquence of another choice) and used an address that is http instead of https.