tags:

views:

213

answers:

1
Q: 

Trying to get WCF client to work with wss 1.0 username token security

I am trying to use a WCF client to call a third party web service. The web Service usses username token authentication WSS-Security 1.0 Soap Message Security

Here is a sample soap authentication header for what the web service expects

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"&gt;
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken namespaces>
<wsse:Username>username</wsse:Username>
<wsse:Password Type="type info">password</wsse:Password>
<wsse:Nonce>nonce</wsse:Nonce>
<wsu:Created>date created</wsu:Created>
</wsse:UsernameToken>
<wsse:Security>
</soap:Header>
<soap:Body>
<WebServiceMethodName xmlns="Web Service Namespace" />

I configured the client to the following way

<basicHttpBinding>
<binding name="Binding1">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic"/>
</security>
</basicHttpBinding>

but recieved an error that stating that the nonce and datecreated attributes were missing in the header. Does anyone know how to configure a WCF client to work with

WSS-Security 1.0 Soap Message Security username token authentication?

+1  A: 

Been looking at the same problem and my findings are that unfortunately WCF doesn't support Nonce values.

If you want to send username and password (timestamp is included by default) change the config to 

     <basicHttpBinding>
        <binding name="BasicHTTP">
          <!-- UsernameToken over Transport Security -->
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType ="UserName" />
          </security>
        </binding>
      </basicHttpBinding>

Also be aware that it appears to be a defect (at least different interpretation of the standards) with regards to the UserNameToken when exchanged between WCF and WSS4J see http://social.msdn.microsoft.com/Forums/en/wcf/thread/6bc1b0e4-424b-4e2a-909c-815095be631f

WSSConfig.getDefaultWSConfig().setAllowNamespaceQualifiedPasswordTypes(true); might be a workaround on the WSS4J side.

UPDATE: On the WCF side you can get around the problem by implementing a CustomCredential and CustomTokenSerializer ref last post at http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee

Dagfinn

dparnas  2010-05-03 09:19:05

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability