implementing Ws-security within WCF proxy

Question

Hi, I have imported an axis based wsdl into a VS 2008 project as a service reference.

I need to be able to pass security details such as username/password and nonce values to call the axis based service.

I have looked into doing it for wse, which i understand the world hates (no issues there)

I have very little experience of WCF, but have worked how to physically call the endpoint now, thanks to SO, but have no idea how to set up the SoapHeaders as the schema below shows:

<S:Envelope 
  xmlns:S="http://www.w3.org/2001/12/soap-envelope"
  xmlns:ws="http://schemas.xmlsoap.org/ws/2002/04/secext"&gt;
    <S:Header>
        <ws:Security>
            <ws:UsernameToken>
                <ws:Username>aarons</ws:Username>
                <ws:Password>snoraa</ws:Password>
            </ws:UsernameToken>
        </wsse:Security>
        •••
    </S:Header>
    •••
</S:Envelope>

Any help much appreciated

Thanks, Mark

Answer 1

In order to call these kind of services, you will typically use either basicHttpBinding (that's SOAP 1.1 without WS-* implementations) or then wsHttpBinding (SOAP 1.2, with WS-* implementations).

The main issue will be getting all the security parameters right. I have a similar web service (Java-based) that I need to call - here's my settings and code:

app./web.config

<system.serviceModel>
   <bindings>
      <basicHttpBinding>
         <binding name="SoapWithAuth" useDefaultWebProxy="false">
            <security mode="TransportCredentialOnly">
              <transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
            </security>
         </binding>
      </basicHttpBinding>
   </bindings>
   <client>
    <endpoint name="SoapWithAuth"
                  address="http://yourserver:port/YourService"
                  binding="basicHttpBinding" 
                  bindingConfiguration="SoapWithAuth"
                  contract="IYourService" />
   </client>
</system.serviceModel>

and then in your client's code when calling the service, you need this snippet of code:

IYourServiceClient client = new IYourServiceClient();

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "top-secret"; 

Does that help at all?

Answer 2

The WCF client proxy doesn't support the password digest option. The only way to do this is to build the UsernameToken yourself and then inject it into the SOAP headers before the message is sent.

I had a similar problem which is described here, which should be enough to help you solve your same issue.

I ended up using the old WSE3.0 library for the UsernameToken, rather than coding the hashing algorithm myself and then using a custom behavior to alter the SOAP headers.