none
Need to remove Timestamp node from WS-Security header RRS feed

  • Question

  • I wrote a Visual Studio 2010 WCF web service written in C#.NET using Framework 4.0.  My web service calls a Java Web Service that uses HTTPS, WS-Security, and Mtom.

    When I call their sendDocument method I get the following results:

    <error>An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. - An error was discovered processing the <wsse:Security> header</error>

    I talked to the developer of the web service that I am calling and he said "I do see the sendDocument call coming across the wire.  The only difference I see in the wsse security header between your sendDocument call and all the other calls is there is a timestamp expiration node:"

    <u:Timestamp u:Id="_0"><u:Created>2017-03-22T13:30:37.397Z</u:Created><u:Expires>2017-03-22T13:35:37.397Z</u:Expires></u:Timestamp>

    I thought that "sbe.IncludeTimestamp = false;" would remove the timestamp node.

    Any idea of how I can remove the timestamp node?

    private static BasicHttpBinding CreateBasicHttpBinding()
    {
    	BasicHttpBinding binding = new BasicHttpBinding()
    	{
    		 CloseTimeout = new TimeSpan(0, 1, 0),
    		 OpenTimeout = new TimeSpan(0, 1, 0),
    		 ReceiveTimeout = new TimeSpan(0, 10, 0),
    		 SendTimeout = new TimeSpan(0, 1, 0),
    		 BypassProxyOnLocal = false,
    		 HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
    		 MaxBufferPoolSize = 524288,
    		 MaxReceivedMessageSize = 2147483647,
    		 MessageEncoding = WSMessageEncoding.Mtom,
    		 TextEncoding = System.Text.Encoding.UTF8,
    		 UseDefaultWebProxy = true,
    		 AllowCookies = false
    	};
    
    	binding.ReaderQuotas.MaxDepth = 32;
    	binding.ReaderQuotas.MaxStringContentLength = 8192;
    	binding.ReaderQuotas.MaxArrayLength = 2147483647;
    	binding.ReaderQuotas.MaxBytesPerRead = 4096;
    	binding.ReaderQuotas.MaxNameTableCharCount = 16384;
    
    	binding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
    
    	return binding;
    }
    
    public string sendDocument(string userName, string password, string webAddress
    	, long docId, string documentType, byte[] pdfFile)
    {
    	string responseText = "";
    
    	try
    	{
    		 BasicHttpBinding binding = CreateBasicHttpBinding();
    
    		 CustomBinding customBinding = new CustomBinding(binding);
    
    		 EndpointAddress endpoint = new EndpointAddress(webAddress);
    
    		 SecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
    		 sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
    		 sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
    		 sbe.IncludeTimestamp = false;
    		 sbe.SetKeyDerivation(true);
    		 sbe.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
    
    		 CreateMTOMInterfaceClient client = new CreateMTOMInterfaceClient(customBinding, endpoint);
    		 client.ClientCredentials.UserName.UserName = userName;
    		 client.ClientCredentials.UserName.Password = password;
    
    		 client.Endpoint.Binding.CreateBindingElements().Add(sbe);
    		 client.Endpoint.Binding.CreateBindingElements().Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8));
    		 client.Endpoint.Binding.CreateBindingElements().Add(new HttpsTransportBindingElement());
    		 //client.Endpoint.Binding.CreateBindingElements().Find<SecurityBindingElement>().IncludeTimestamp = false;  // tried this and got the same error
    
    		 sendDocumentResponse response = (sendDocumentResponse)client.sendDocument(docId, documentType, pdfFile);
    		 responseText = response.ToString();
    	}
    	catch (Exception ex)
    	{
    		 string errorText = ex.Message;
    
    		 if (ex.InnerException != null)
    		 {
    			  if (ex.InnerException.Message != null)
    			  {
    					errorText = errorText + " - " + ex.InnerException.Message;
    			  }
    		 }
    		 responseText = "<error>" + errorText + "</error>";
    	}
    	return responseText;
    
    }
    


    Wednesday, March 22, 2017 8:55 PM

Answers

  • Edward,

    Thank you for your help getting me past the errors I was having.  I finally stumbled across a site that pointed me in the correct direction for solving my last problem.  Here is the code using a custom ClientCredentials that worked for me.

    public string sendDocument(string userName, string password, string webAddress
       , long docId, string documentType, byte[] pdfFile)
    {
       string responseText = "";
    
       try
       {
           CustomBinding customBinding = new CustomBinding()
           {
               CloseTimeout = new TimeSpan(0, 1, 0),
               OpenTimeout = new TimeSpan(0, 1, 0),
               ReceiveTimeout = new TimeSpan(0, 10, 0),
               SendTimeout = new TimeSpan(0, 1, 0),
           };
    
           EndpointAddress endpoint = new EndpointAddress(webAddress);
    
           SecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
           sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
           sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
           sbe.IncludeTimestamp = false;
           sbe.SetKeyDerivation(true);
           sbe.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
    
           MtomMessageEncodingBindingElement encodingElement = new MtomMessageEncodingBindingElement(MessageVersion.Soap11, 
    
    System.Text.Encoding.UTF8);
           encodingElement.ReaderQuotas.MaxDepth = 32;
           encodingElement.ReaderQuotas.MaxStringContentLength = 8192;
           encodingElement.ReaderQuotas.MaxArrayLength = 2147483647;
           encodingElement.ReaderQuotas.MaxBytesPerRead = 4096;
           encodingElement.ReaderQuotas.MaxNameTableCharCount = 16384;
           encodingElement.MaxBufferSize = 524288;
    
           customBinding.Elements.Add(sbe);
           customBinding.Elements.Add(encodingElement);
           customBinding.Elements.Add(new HttpsTransportBindingElement());
    
           CreateMTOMInterfaceClient client = new CreateMTOMInterfaceClient(customBinding, endpoint);
    
           //// START Using Custom ClientCredentials
           client.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>();
           client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
           //// END Using Custom ClientCredentials
    
           client.ClientCredentials.UserName.UserName = userName;
           client.ClientCredentials.UserName.Password = password;
    
           sendDocumentResponse response = (sendDocumentResponse)client.sendDocument(docId, documentType, pdfFile);
           responseText = response.ToString();
       }
       catch (Exception ex)
       {
           string errorText = ex.Message;
    
           if (ex.InnerException != null)
           {
               if (ex.InnerException.Message != null)
               {
                   errorText = errorText + " - " + ex.InnerException.Message;
               }
           }
           responseText = "<error>" + errorText + "</error>";
       }
       return responseText;
    
    }
    
    //// START Using Custom ClientCredentials
    //// Base logic from https://weblog.west-wind.com/posts/2012/nov/24/wcf-wssecurity-and-wse-nonce-authentication#HowtousethecustomCredentials
    //// Rick Strahl's Web Log - WCF WS-Security and WSE Nonce Authentication
    public class CustomCredentials : ClientCredentials
    {
       public CustomCredentials()
       { }
    
       protected CustomCredentials(CustomCredentials cc) : base(cc)
       { }
    
       public override System.IdentityModel.Selectors.SecurityTokenManager CreateSecurityTokenManager()
       {
          return new CustomSecurityTokenManager(this);
       }
    
       protected override ClientCredentials CloneCore()
       {
          return new CustomCredentials(this);
       }
    }
    
    public class CustomSecurityTokenManager : ClientCredentialsSecurityTokenManager
    {
       public CustomSecurityTokenManager(CustomCredentials cred) : base(cred)
       { }
    
       public override System.IdentityModel.Selectors.SecurityTokenSerializer CreateSecurityTokenSerializer
    
    (System.IdentityModel.Selectors.SecurityTokenVersion version)
       {
          return new CustomTokenSerializer(System.ServiceModel.Security.SecurityVersion.WSSecurity11);
       }
    }
    
    public class CustomTokenSerializer : WSSecurityTokenSerializer
    {
       public CustomTokenSerializer(SecurityVersion sv) : base(sv)
       { }
    
       protected override void WriteTokenCore(System.Xml.XmlWriter writer,
          System.IdentityModel.Tokens.SecurityToken token)
       {
          UserNameSecurityToken userToken = token as UserNameSecurityToken;
          string tokennamespace = "o";
    
          DateTime created = DateTime.UtcNow;  // was DateTime.Now
          string createdStr = created.ToString("yyyy-MM-ddTHH:mm:ss.fffZ");  // was yyyy-MM-ddThh:mm:ss.fffZ
    
          // unique Nonce value - encode with SHA-1 for 'randomness'
          string phrase = Guid.NewGuid().ToString();
          var nonce = GetSHA1String(phrase);
    
          writer.WriteRaw(string.Format(
          "<{0}:UsernameToken u:Id=\"" + token.Id +
          "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
          "<{0}:Username>" + userToken.UserName + "</{0}:Username>" +
          "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" +
          userToken.Password + "</{0}:Password>" +
          "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" +
          nonce + "</{0}:Nonce>" +
          "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace));
       }
    
       protected string GetSHA1String(string phrase)
       {
          SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider();
          byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase));
          return Convert.ToBase64String(hashedDataBytes);
       }
    
    }
    //// END Using Custom ClientCredentials
    

    Ron Clutter

    • Marked as answer by Ron Clutter Tuesday, April 4, 2017 3:57 PM
    Tuesday, April 4, 2017 3:57 PM

All replies

  • Based on your code, you create a custom binding based on BasicHttpBinding.

    I suggest you try to create a custom binding with an empty Binding.

    CustomBinding customBinding = new CustomBinding();
    
    If it did not work, it would be helpful if you could share us detailed steps to create such a Java Service, and then we could try to reproduce your issue.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, March 23, 2017 3:22 AM
  • Edward,

    I tried your suggestion by doing the following:
    // I replaced:
    BasicHttpBinding binding = CreateBasicHttpBinding();
    CustomBinding customBinding = new CustomBinding(binding);
    // With:
    CustomBinding customBinding = new CustomBinding();

    // AND I replaced:
    client.Endpoint.Binding.CreateBindingElements().Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8));
    // With:
    MtomMessageEncodingBindingElement encodingElement = new MtomMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);
    encodingElement.ReaderQuotas.MaxDepth = 32;
    encodingElement.ReaderQuotas.MaxStringContentLength = 8192;
    encodingElement.ReaderQuotas.MaxArrayLength = 2147483647;
    encodingElement.ReaderQuotas.MaxBytesPerRead = 4096;
    encodingElement.ReaderQuotas.MaxNameTableCharCount = 16384;
    encodingElement.MaxBufferSize = 524288;
    client.Endpoint.Binding.CreateBindingElements().Add(encodingElement);

    I am now getting the following results:

    <error>The CustomBinding on the ServiceEndpoint with contract 'CreateMTOMFilingInterface' lacks a TransportBindingElement.  Every binding must have at least one binding element that derives from TransportBindingElement.</error>

    I do have the following in my code so I do not know why I am getting the error:
    client.Endpoint.Binding.CreateBindingElements().Add(new HttpsTransportBindingElement());

    I will not be able to give you the "detailed steps to create such a Java Service" because I have no access to the other company's source code.

    Ron Clutter

    Thursday, March 23, 2017 4:13 PM
  • I suggest you try binding.Elements.Add to generate client binding, and then add the custom binding and address to CreateMTOMInterfaceClient.

    // Create an empty CustomBinding to populate
                CustomBinding binding = new CustomBinding();
                // Create a SymmetricSecurityBindingElement.
                SymmetricSecurityBindingElement ssbe =
                    SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
                // Add the SymmetricSecurityBindingElement to the BindingElementCollection.
                binding.Elements.Add(ssbe);
                binding.Elements.Add(new TextMessageEncodingBindingElement());
                binding.Elements.Add(new HttpTransportBindingElement());
                return new CustomBinding(binding);


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 24, 2017 8:14 AM
  • I changed the code to the following:

    EndpointAddress endpoint = new EndpointAddress(webAddress);

    CustomBinding binding = new CustomBinding();
    // Create a SymmetricSecurityBindingElement.
    SymmetricSecurityBindingElement ssbe = SecurityBindingElement.CreateSspiNegotiationBindingElement(true);
    // Add the SymmetricSecurityBindingElement to the BindingElementCollection.
    binding.Elements.Add(ssbe);
    binding.Elements.Add(new TextMessageEncodingBindingElement());
    binding.Elements.Add(new HttpTransportBindingElement());

    CreateMTOMInterfaceClient client = new CreateMTOMInterfaceClient(binding, endpoint);
    client.ClientCredentials.UserName.UserName = userName;
    client.ClientCredentials.UserName.Password = password;

    sendDocumentResponse response = (sendDocumentResponse)client.sendDocument(docId, documentType, pdfFile);
    responseText = response.ToString();

    I received the following response:

    <error>The provided URI scheme 'https' is invalid; expected 'http'.  Parameter name: via</error>
    NOTE:  The following header envelope works for the simple web service calls to the JAVA Web Service that I am calling:
    <s:Envelope xmlns:s="ttp://schemas.xmlsoap.org/soap/envelope/"" xmlns:ifile="http://ifile.somewhere.com/">
    <s:Header>
    <wsse:Security xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"">
    <wsse:UsernameToken>
    <wsse:Username>[Username]</wsse:Username>
    <wsse:Password Type=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"">[Password]</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </s:Header>
    <s:Body xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xmlns:xsd=""http://www.w3.org/2001/XMLSchema"">
    <ifile:submitDocument>
    <docId>12345</docId>
    </ifile:submitDocument>
    </s:Body>
    </s:Envelope>

    The JAVA Web Service that I am calling has a HTTPS web address.

    The sendDocument web service method that I am trying to call is NOT a simple one.
    I am transferring PDF files to the JAVA Web Service so I need to use HTTPS + WS-Security + MTOM + Large ReaderQuotas’s for this call.

    How can I do this and get an Envelope that the JAVA Web Service likes?

    Friday, March 24, 2017 8:50 PM
  • It seems you misunderstood my post. My above reply is used to share you how to add binding by “binding.Elements.Add”. It is not the exact code for you.

    According this error, you need to use HttpsTransportBindingElement. I suggest you something like below:

                CustomBinding customBinding = new CustomBinding() {
                    CloseTimeout = new TimeSpan(0, 1, 0),
                    OpenTimeout = new TimeSpan(0, 1, 0),
                    ReceiveTimeout = new TimeSpan(0, 10, 0),
                    SendTimeout = new TimeSpan(0, 1, 0),
                };
                EndpointAddress endpoint = new EndpointAddress(webAddress);
    
                SecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
                sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
                sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
                sbe.IncludeTimestamp = false;
                sbe.SetKeyDerivation(true);
                sbe.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
    
                customBinding.Elements.Add(sbe);
                customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8));
                customBinding.Elements.Add(new HttpsTransportBindingElement());
    
                CreateMTOMInterfaceClient client = new CreateMTOMInterfaceClient(customBinding, endpoint);
                client.ClientCredentials.UserName.UserName = userName;
                client.ClientCredentials.UserName.Password = password;



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, March 27, 2017 3:07 AM
  • Sorry, I did misunderstand your post.  Thank you for continuing to try and help me.  I tried your latest suggestion and I am back to sending the Timestamp node in the security header and the Java web service does not like it.

    I do not understand why "IncludeTimestamp = false" is NOT working.

    Ron Clutter

    Monday, March 27, 2017 9:17 PM
  • Which tool did you use to check the request message?

    For another way, I suggest you try WCF Extensibility – Message Inspectors which could modify the send request.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, March 28, 2017 3:04 AM
  • Edward,

    Thank you for your help getting me past the errors I was having.  I finally stumbled across a site that pointed me in the correct direction for solving my last problem.  Here is the code using a custom ClientCredentials that worked for me.

    public string sendDocument(string userName, string password, string webAddress
       , long docId, string documentType, byte[] pdfFile)
    {
       string responseText = "";
    
       try
       {
           CustomBinding customBinding = new CustomBinding()
           {
               CloseTimeout = new TimeSpan(0, 1, 0),
               OpenTimeout = new TimeSpan(0, 1, 0),
               ReceiveTimeout = new TimeSpan(0, 10, 0),
               SendTimeout = new TimeSpan(0, 1, 0),
           };
    
           EndpointAddress endpoint = new EndpointAddress(webAddress);
    
           SecurityBindingElement sbe = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
           sbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;
           sbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
           sbe.IncludeTimestamp = false;
           sbe.SetKeyDerivation(true);
           sbe.KeyEntropyMode = System.ServiceModel.Security.SecurityKeyEntropyMode.ServerEntropy;
    
           MtomMessageEncodingBindingElement encodingElement = new MtomMessageEncodingBindingElement(MessageVersion.Soap11, 
    
    System.Text.Encoding.UTF8);
           encodingElement.ReaderQuotas.MaxDepth = 32;
           encodingElement.ReaderQuotas.MaxStringContentLength = 8192;
           encodingElement.ReaderQuotas.MaxArrayLength = 2147483647;
           encodingElement.ReaderQuotas.MaxBytesPerRead = 4096;
           encodingElement.ReaderQuotas.MaxNameTableCharCount = 16384;
           encodingElement.MaxBufferSize = 524288;
    
           customBinding.Elements.Add(sbe);
           customBinding.Elements.Add(encodingElement);
           customBinding.Elements.Add(new HttpsTransportBindingElement());
    
           CreateMTOMInterfaceClient client = new CreateMTOMInterfaceClient(customBinding, endpoint);
    
           //// START Using Custom ClientCredentials
           client.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>();
           client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials());
           //// END Using Custom ClientCredentials
    
           client.ClientCredentials.UserName.UserName = userName;
           client.ClientCredentials.UserName.Password = password;
    
           sendDocumentResponse response = (sendDocumentResponse)client.sendDocument(docId, documentType, pdfFile);
           responseText = response.ToString();
       }
       catch (Exception ex)
       {
           string errorText = ex.Message;
    
           if (ex.InnerException != null)
           {
               if (ex.InnerException.Message != null)
               {
                   errorText = errorText + " - " + ex.InnerException.Message;
               }
           }
           responseText = "<error>" + errorText + "</error>";
       }
       return responseText;
    
    }
    
    //// START Using Custom ClientCredentials
    //// Base logic from https://weblog.west-wind.com/posts/2012/nov/24/wcf-wssecurity-and-wse-nonce-authentication#HowtousethecustomCredentials
    //// Rick Strahl's Web Log - WCF WS-Security and WSE Nonce Authentication
    public class CustomCredentials : ClientCredentials
    {
       public CustomCredentials()
       { }
    
       protected CustomCredentials(CustomCredentials cc) : base(cc)
       { }
    
       public override System.IdentityModel.Selectors.SecurityTokenManager CreateSecurityTokenManager()
       {
          return new CustomSecurityTokenManager(this);
       }
    
       protected override ClientCredentials CloneCore()
       {
          return new CustomCredentials(this);
       }
    }
    
    public class CustomSecurityTokenManager : ClientCredentialsSecurityTokenManager
    {
       public CustomSecurityTokenManager(CustomCredentials cred) : base(cred)
       { }
    
       public override System.IdentityModel.Selectors.SecurityTokenSerializer CreateSecurityTokenSerializer
    
    (System.IdentityModel.Selectors.SecurityTokenVersion version)
       {
          return new CustomTokenSerializer(System.ServiceModel.Security.SecurityVersion.WSSecurity11);
       }
    }
    
    public class CustomTokenSerializer : WSSecurityTokenSerializer
    {
       public CustomTokenSerializer(SecurityVersion sv) : base(sv)
       { }
    
       protected override void WriteTokenCore(System.Xml.XmlWriter writer,
          System.IdentityModel.Tokens.SecurityToken token)
       {
          UserNameSecurityToken userToken = token as UserNameSecurityToken;
          string tokennamespace = "o";
    
          DateTime created = DateTime.UtcNow;  // was DateTime.Now
          string createdStr = created.ToString("yyyy-MM-ddTHH:mm:ss.fffZ");  // was yyyy-MM-ddThh:mm:ss.fffZ
    
          // unique Nonce value - encode with SHA-1 for 'randomness'
          string phrase = Guid.NewGuid().ToString();
          var nonce = GetSHA1String(phrase);
    
          writer.WriteRaw(string.Format(
          "<{0}:UsernameToken u:Id=\"" + token.Id +
          "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
          "<{0}:Username>" + userToken.UserName + "</{0}:Username>" +
          "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" +
          userToken.Password + "</{0}:Password>" +
          "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" +
          nonce + "</{0}:Nonce>" +
          "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace));
       }
    
       protected string GetSHA1String(string phrase)
       {
          SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider();
          byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase));
          return Convert.ToBase64String(hashedDataBytes);
       }
    
    }
    //// END Using Custom ClientCredentials
    

    Ron Clutter

    • Marked as answer by Ron Clutter Tuesday, April 4, 2017 3:57 PM
    Tuesday, April 4, 2017 3:57 PM