none
Creating a security Header RRS feed

  • Question

  • I have a webservice developed with Java by another team and I need to call it in my code. The problem is, it does not contain a security header by default. I have already tried to change the binding and behavior several times but I still cannot call the web service. The other team also gave me a certificate, that I use to call the web service in SOAP UI. (It is a SOAP service)

    Can you please give me some ideas about how to call a web service with this security header:

    <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <ds:Signature Id="SIG-71A45EAC7011ECAF751498554803606201" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="ser soapenv xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <ds:Reference URI="#id-71A45EAC7011ECAF751498554803606200"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="ser xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>q54kx1yFzovlJ30c/0YUuoNaOrA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Jp65K+R/NKMvQmuaeVWdtYmplforie+JThbNZwhIibruWNGx7gILbA==</ds:SignatureValue> <ds:KeyInfo Id="KI-71A45EAC7011ECAF751498554803606198"> <wsse:SecurityTokenReference wsu:Id="STR-71A45EAC7011ECAF751498554803606199"> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIICqzCCAmmgAwIBAgIEV</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header>

    Monday, July 17, 2017 11:52 PM

All replies

  • Hi ana.valente,

    >>it does not contain a security header by default

    What do you mean by this? Do you mean Java service need security header and your client did not provide this header?

    If so, how did you generate client code? What is the client project type, asp.net or winform?

    >>The other team also gave me a certificate, that I use to call the web service in SOAP UI. (It is a SOAP service)

    Did security header work in SOAP UI? If it does, could you share us the current SOAP which is wrong, and the expected SOAP.

    I would suggest you try Add Service Reference feature from VS.

    #Call the Java Web Service from a .Net Client

    https://blogs.msdn.microsoft.com/bursteg/2008/07/19/how-to-call-a-java-ee-web-service-from-a-net-client/

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, July 18, 2017 2:00 AM
  • Hello, 

    By default, the request is sent just with:

    <soapenv:Header></soapenv:Header>

    Then, I get the error "WSDoAllReceiver: Request does not contain required Security Header".

    After I got this error, I read some forums and I changed web.config in order to add a custom binding and a behavior to the endpoint. Now, I am having a 500 error and I see that the request I am sending is anything like the one I want to send (I userd fiddler to see what I was sending):

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action><a:MessageID>urn:uuid:23f2fc68-f14e-4dfe-9ee8-c002fa300890</a:MessageID><a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1">http://172.18.68.40:7130/axis2/services/MessagingService</a:To></s:Header><s:Body><t:RequestSecurityToken Context="uuid-53455f00-690b-4b11-8047-ecd25d397f81-21" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeySize>256</t:KeySize><t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TlRMTVNTUAABAAAAt4IY4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==</t:BinaryExchange></t:RequestSecurityToken></s:Body></s:Envelope><o:p></o:p>

    My current webconfig is:

    <behaviors> 
          <endpointBehaviors> 
            <behavior name="ServiceBehavior1"> 
              <clientCredentials> 
                <clientCertificate findValue="6E07187F779ECB567CD9A01810947469C6CF951B" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByThumbprint" /> 
              </clientCredentials> 
            </behavior> 
          </endpointBehaviors> 
        </behaviors>  <o:p></o:p>

      <bindings>
        <customBinding>

     <binding name="MessagingServiceSOAP11Binding" >
      <security />
      <textMessageEncoding messageVersion="Soap11WSAddressing10" />
      <httpTransport />
     </binding>
       </customBinding>

      </bindings>

      <client>
        <endpoint address="http://172.18.68.40:7130/axis2/services/MessagingService" binding="customBinding"
                  bindingConfiguration="MessagingServiceSOAP11Binding" behaviorConfiguration="ServiceBehavior1"
      contract="MessagingService.MessagingServicePortType" name="MessagingServiceSOAP11port_http" >
          <identity>
            <dns value="MENSMEXICO" />
          </identity>
        </endpoint>
      </cliente><o:p></o:p>

    In SoapUI, the request only works when I send the header mentioned in my first post, after adding the certificate.

    Tuesday, July 18, 2017 9:42 AM
  • Hi ana.valente,

    Based on your description, it seems you generate client configuration manually. Could you have a check whether you could generate client code automatically by referring my first reply?

    Which security did you use in Java service side?

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, July 19, 2017 2:17 AM
  • Hello, 

    I have to generate the configuration manually, otherwise I am not able to sign my header with a certificate (if you just add a web reference, it does not contain the required certificate).

    When I do what you suggest, which by the way is the first thing I did to add the webservice to my sollution, it automatically creates a basicHttpBinding with no behavior. What I did was changing the basicHttpBinding to customBinding and create a behavior to include my certificate, as it is suggested in this page:

    http://webservices20.blogspot.pt/2012/06/12-common-wcf-interop-confusions.html

    However, I keep getting errors and I would appreciate some help on the matter. I do not know much about the JAVA webservice. They only gave me the web service and told me it needed that header (WS-Security) and that the signature was made with DSA-SHA1. 

    Best regards, 

    Ana

    Wednesday, July 19, 2017 9:36 AM
  • Hi ana.valente,

    Are this wsse:security header same for all the request?

    If so, I suggest you try configuration like below.

     <client>
        <endpoint address="http://172.18.68.40:7130/axis2/services/MessagingService" binding="customBinding" 
                  bindingConfiguration="MessagingServiceSOAP11Binding" behaviorConfiguration="ServiceBehavior1"
      contract="MessagingService.MessagingServicePortType" name="MessagingServiceSOAP11port_http" >
          <headers>
    	<wsse:Security ...>
              ...
    	</wsse:Security>
          </headers>
          <identity>
            <dns value="MENSMEXICO" />
          </identity>
        </endpoint>
      </cliente>

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, July 20, 2017 3:05 AM