views:

822

answers:

1

I'm having difficulty connecting to a 3rd party WSE 3.0 web service from a WCF client. I have implemented the custom binding class as indicated in this KB article:

http://msdn.microsoft.com/en-us/library/ms734745.aspx

The problem seems to have to do with the security assertion used by the web service - UsernameOverTransport.

When I attempt to call a method, I get the following exception:

System.InvalidOperationException: The 'WseHttpBinding'.'[namespace]' binding for the 'MyWebServiceSoap'.'[namespace]' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality..

It is expecting a username, password, and CN number. In the example code supplied to us by the vendor, these credentials are bundled in a Microsoft.Web.Services3.Security.Tokens.UsernameToken. Here's the example supplied by the vendor:

MyWebServiceWse proxy = new MyWebServiceWse();

UsernameToken token = new UsernameToken("Username", "password", PasswordOption.SendPlainText);

token.Id = "<supplied CN Number>";

proxy.SetClientCredential(token);

proxy.SetPolicy(new Policy(new UsernameOverTransportAssertion(), new RequireActionHeaderAssertion()));

MyObject mo = proxy.MyMethod();


This works fine from a 2.0 app w/ WSE 3.0 installed. Here is a snippet of the code from my WCF client:

EndpointAddress address = new EndpointAddress(new Uri("<web service uri here>"));

WseHttpBinding binding = new WseHttpBinding(); // This is the custom binding I created per the MS KB article

binding.SecurityAssertion = WseSecurityAssertion.UsernameOverTransport;
binding.EstablishSecurityContext = false;

// Not sure about the value of either of these next two
binding.RequireDerivedKeys = true;
binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

MembershipServiceSoapClient proxy = new MembershipServiceSoapClient(binding, address);

// This is where I believe the problem lies – I can’t seem to properly setup the security credentials the web service is expecting 

proxy.ClientCredentials.UserName.UserName = "username";
proxy.ClientCredentials.UserName.Password = "pwd";
// How do I supply the CN number?                      

MyObject mo = proxy.MyMethod(); // this throws the exception

I've scoured the web looking for an answer to this question. Some sources get me close (like the MS KB article), but I can't seem to get over the hump. Can someone help me out?

A: 

The error message is refering to Transport Level Security, this usually means https.

You have not shown your configuration files. But I am guessing that you have configured security to be transport (or it is required as a consiquence of another choice) and used an address that is http instead of https.

Shiraz Bhaiji
Hi Shiraz, thanks for responding. I am defining the SecurityAssertion as UserNameOverTransport programatically in the code I provide above. The web service does not use https, so I do not believe that this is the problem.
I think that this is why you are getting the error. You are sending the username/password over the transport, WCF then sees that the password will go over the wire unencrypted and refuses to start the service.
Shiraz Bhaiji