views:

591

answers:

3

We've got to access a web service that uses soap11... no problem I'll just set the binding as:

BasicHttpBinding wsBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);

Nope. No dice. So I asked the host of the service why we're having authentication issues and he said that our config needed to have this custom binding:

<bindings>
    <customBinding>
        <binding name="lbinding">
            <security  authenticationMode="UserNameOverTransport" 
                messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" 
                securityHeaderLayout="Strict" 
                includeTimestamp="false"
                requireDerivedKeys="true" 
                keyEntropyMode="ServerEntropy">
            </security>
            <textMessageEncoding messageVersion="Soap11" />
            <httpsTransport authenticationScheme ="Negotiate" requireClientCertificate ="false" realm =""/>
        </binding>
    </customBinding>
</bindings>

Only problem is we're creating our binding programmatically not via the config. So if someone could point me in the right direction in regards to changing my BasicHttpBinding into a custombinding that conforms to the .config value provided I'll give them a big shiny gold star for the day.

A: 

There's a few examples here. Do they cover all of your options.

Preet Sangha
Unfortunately no. Because those use WSHttpBinding... which is soap1.2 and this endpoint requires soap11.
D.Forrest
Sorry missed that
Preet Sangha
A: 

Getting closer... so I discovered how to set most of these properties in CustomBinding...

CustomBinding binding = new CustomBinding();
SymmetricSecurityBindingElement sbe = new SymmetricSecurityBindingElement();
sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;        
sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sbe.IncludeTimestamp = false;
sbe.SetKeyDerivation(true);

sbe.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;

binding.Elements.Add(sbe);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());

That being said... I'm now generating the following exception:

"SymmetricSecurityBindingElement cannot build a channel or listener factory. The ProtectionTokenParameters property is required but not set."

Any clue how I'm supposed to set this property?

D.Forrest
A: 

Solved it!

Here's the winning code for those who are in a similar predicament.

Uri epUri = new Uri(_serviceUri);
CustomBinding binding = new CustomBinding();
SecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;        
sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
sbe.IncludeTimestamp = false;
sbe.SetKeyDerivation(true);
sbe.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
binding.Elements.Add(sbe);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());
EndpointAddress endPoint = new EndpointAddress(epUri);
D.Forrest