none
Error calling a WS-Security + SSL Service with WCF-WSHttp BizTalk Adapter RRS feed

  • Question

  • Hello.

    I am calling a Web Service using BizTalk Server 2010 and WCF-WSHttp. The Web service is published on HTTPS and the requests must be signed with a certificate.

    These are the adapter configuration:

    General -> Transport -> Type: WCF-WSHttp

    WCF-WSHttp Properties:

    General -> Adress: https service end point.

    General -> Security -> Security Mode: TransportWithMessageCredential

    General -> Security -> Message Security -> Message Client Credential type: Certificate

    General -> Security -> Message Security -> Algoritm Suite: 256

    General -> Security -> Negotiate Service Credential: Yes

    General -> Security -> Establish Security Context: Yes

    General -> Security -> Client Certificate -> ThumbPrint: Certificate used to sign the message.

    I don't put anything in the SOAP Action Header text box of the General Tab.

    When I call the service, I obtain the following error message:

    An error occurred while processing the message, refer to the details section for more information
    Message ID: {A3234833-0453-4DCA-BB9C-7AAA9A865B90}
    Instance ID: {54417DE1-3E08-4AB4-8BE2-B5565650ECFF}
    Error Description: System.ServiceModel.ProtocolException: El tipo de contenido text/xml;charset=utf-8 del mensaje de respuesta no coincide con el tipo de contenido del enlace (application/soap+xml; charset=utf-8). Si usa un codificador personalizado, asegúrese de que el método IsContentTypeSupported se implemente correctamente. Los primeros 553 bytes de la respuesta fueron: '<?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <soapenv:Body>
      <soapenv:Fault>
       <faultcode xmlns:ns1="http://xml.apache.org/axis/">ns1:Client.NoSOAPAction</faultcode>
       <faultstring>no SOAPAction header!</faultstring>
       <detail>
        <ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">zefdesw02</ns2:hostname>
       </detail>
      </soapenv:Fault>
     </soapenv:Body>
    </soapenv:Envelope>'. ---> System.Net.WebException: Error en el servidor remoto: (500) Error interno del servidor.
       en System.Net.HttpWebRequest.GetResponse()
       en System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
       --- Fin del seguimiento de la pila de la excepción interna ---

    Server stack trace:
       en System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       en System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       en System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
       en System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       en System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       en System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
       en System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
       en System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
       en System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       en System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
       en System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       en System.ServiceModel.Channels.CommunicationObject.Open()

    Exception rethrown at [0]:
       en System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       en System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       en System.ServiceModel.ICommunicationObject.Open()
       en Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage, ChannelFactory`1& cachedFactory)
       en Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)

    It seems that the remote server doesn't understand the SOAP client message.

    Could someone help me?

    Thanks in advance.

    Best regards.

    Tuesday, February 7, 2012 5:05 PM

All replies

  • Hi,

    According to the returned SoapFault the SoapAction is missing, so put in a SoapAction in the SoapAction header textbox on the general tab.
    Did you consume the webservice in order to get the schemas into BizTalk? If yes then there also are two bindingfiles created. You can use either of these to create a sendport with the proper settings.

    Regards,

    René

    Tuesday, February 7, 2012 7:27 PM
  • Hi Rene.

    Can you help me with a Soap Action Example for call a web method  for a Web Service?

    The web service has a web method named ValidarCertificado. This web method has a input parameter named ValidarCertificadoRequest and a output parameter named ValidarCertificadoResponse. Both the two agree with a xsd schema.

    In Biztalk, I am developing against web service messages xsd schemas. My BizTalk project has not a web reference for the web service. Am I doing some wrong?

    Thanks,

    Regards,


    Wednesday, February 8, 2012 9:12 AM
  • Wednesday, February 8, 2012 9:33 AM
  • Hi,

    Can you post the wsdl of the webservice here?

    If not, in the wsdl there is probably a soapAction defined on the ValidarCertificado method, put its value in the SoapAction header textbox on the general tab.

    Regards,

    René

    Wednesday, February 8, 2012 10:35 AM
  • Hi René.

    The WSDL of the service is that.

    <?xml version="1.0" encoding="UTF-8"?>
    <wsdl:definitions targetNamespace="http://afirmaws/services/ValidarCertificado" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://afirmaws/services/ValidarCertificado" xmlns:intf="http://afirmaws/services/ValidarCertificado" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsvalidacion="http://afirmaws/ws/validacion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

    <!--WSDL created by Apache Axis version: 1.3
    Built on Oct 05, 2005 (05:23:37 EDT)-->
      <wsdl:types>
        <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://afirmaws/ws/validacion" xmlns:wsvalidacion="http://afirmaws/ws/validacion" xmlns:xs="http://www.w3.org/2001/XMLSchema">


        <!-- PETICION DE VALIDACION Y OBTENCION DE INFORMACION DE UN CERTIFICADO -->


        <!-- Elemento raiz -->
          <xs:simpleType name="CadenaSinEspacios">
            <xs:restriction base="xs:string">
              <xs:whiteSpace value="collapse"/>
            </xs:restriction>
          </xs:simpleType>
          <xs:element name="mensajeEntrada">
            <xs:complexType>
              <xs:sequence>
                <xs:element name="peticion">
                  <xs:simpleType>
                    <xs:restriction base="wsvalidacion:CadenaSinEspacios">
                      <xs:enumeration value="ValidarCertificado"/>
                      <xs:enumeration value="ObtenerInfoCertificado"/>
                    </xs:restriction>
                  </xs:simpleType>
                </xs:element>
                <xs:element name="versionMsg" type="xs:string"/>
                <xs:element name="parametros">
                  <xs:complexType>
                    <xs:all>
                      <xs:element name="certificado" type="xs:base64Binary"/>
                      <xs:element name="idAplicacion" type="xs:string"/>
                      <xs:element minOccurs="0" name="modoValidacion">
                        <xs:simpleType>
                          <xs:restriction base="xs:integer">
                            <xs:minInclusive value="0"/>
                            <xs:maxInclusive value="2"/>
                          </xs:restriction>
                        </xs:simpleType>
                      </xs:element>
                      <xs:element minOccurs="0" name="obtenerInfo" type="xs:boolean"/>
                    </xs:all>
                  </xs:complexType>
                </xs:element>
              </xs:sequence>
            </xs:complexType>
          </xs:element>
          <!-- RESULTADO DE UNA PETICION DE VALIDACION DE UN CERTIFICADO E INFORMACION SOBRE EL MISMO -->


        <!-- Elemento raiz -->
          <xs:element name="mensajeSalida">
            <xs:complexType>
              <xs:sequence>
                <xs:element name="peticion">
                  <xs:simpleType>
                    <xs:restriction base="wsvalidacion:CadenaSinEspacios">
                      <xs:enumeration value="ValidarCertificado"/>
                      <xs:enumeration value="ObtenerInfoCertificado"/>
                    </xs:restriction>
                  </xs:simpleType>
                </xs:element>
                <xs:element name="versionMsg" type="xs:string"/>
                <xs:element name="respuesta">
                  <xs:complexType>
                    <xs:choice>
                      <xs:element name="ResultadoProcesamiento">
                        <xs:complexType>
                          <xs:sequence>
                            <xs:element minOccurs="0" name="InfoCertificado" type="wsvalidacion:InfoCertificadoInfo"/>
                            <xs:element minOccurs="0" name="ResultadoValidacion" type="wsvalidacion:ResultadoValidacionInfo"/>
                          </xs:sequence>
                        </xs:complexType>
                      </xs:element>
                      <xs:element name="Excepcion">
                        <xs:complexType>
                          <xs:sequence>
                            <xs:element name="codigoError" type="xs:string"/>
                            <xs:element name="descripcion" type="xs:string"/>
                            <xs:element minOccurs="0" name="excepcionAsociada" type="xs:string"/>
                          </xs:sequence>
                        </xs:complexType>
                      </xs:element>
                    </xs:choice>
                  </xs:complexType>
                </xs:element>
              </xs:sequence>
            </xs:complexType>
          </xs:element>
          <!-- Informacion sobre el certificado -->
          <xs:complexType name="InfoCertificadoInfo">
            <xs:sequence>
              <xs:element maxOccurs="unbounded" name="Campo">
                <xs:complexType>
                  <xs:sequence>
                    <xs:element name="idCampo" type="xs:string"/>
                    <xs:element name="valorCampo" type="xs:string"/>
                  </xs:sequence>
                </xs:complexType>
              </xs:element>
            </xs:sequence>
          </xs:complexType>
          <!-- Resultado de la validacion. Segun se indique en la peticion, la validacion sera
    mas o menos exahustiva -->
          <xs:complexType name="ResultadoValidacionInfo">
            <xs:sequence>
              <xs:element name="resultado" type="xs:string"/>
              <xs:element name="descripcion" type="xs:string"/>
              <xs:element name="ValidacionSimple" type="wsvalidacion:ValidacionSimpleInfo"/>
              <xs:element minOccurs="0" name="ValidacionEstado" type="wsvalidacion:ValidacionEstadoInfo"/>
              <xs:element minOccurs="0" name="ValidacionCadena" type="wsvalidacion:ValidacionCadenaInfo"/>
            </xs:sequence>
          </xs:complexType>
          <!-- Validacion basica -->
          <xs:complexType name="ValidacionSimpleInfo">
            <xs:sequence>
              <xs:element name="codigoResultado" type="xs:string"/>
              <xs:element name="descResultado" type="xs:string"/>
              <xs:element minOccurs="0" name="excepcion" type="xs:string"/>
            </xs:sequence>
          </xs:complexType>
          <!-- Validacion sobre el estado de revocacion del certificado -->
          <xs:complexType name="ValidacionEstadoInfo">
            <xs:sequence>
              <xs:element name="estado" type="xs:string"/>
              <xs:element name="descEstado" type="xs:string"/>
              <xs:element maxOccurs="unbounded" name="InfoMetodoVerificacion">
                <xs:complexType>
                  <xs:all>
                    <xs:element name="estado" type="xs:string"/>
                    <xs:element name="descEstado" type="xs:string"/>
                    <xs:element minOccurs="0" name="fechaUltimaActualizacion" type="xs:string"/>
                    <xs:element minOccurs="0" name="fechaRevocacion" type="xs:string"/>
                    <xs:element minOccurs="0" name="motivo" type="xs:string"/>
                    <xs:element name="Metodo">
                      <xs:complexType>
                        <xs:sequence>
                          <xs:element name="urlServidor" type="xs:string"/>
                          <xs:element name="protocolo" type="xs:string"/>
                        </xs:sequence>
                      </xs:complexType>
                    </xs:element>
                    <xs:element minOccurs="0" name="tokenOCSP" type="xs:string"/>
                    <xs:element minOccurs="0" name="excepcion" type="xs:string"/>
                  </xs:all>
                </xs:complexType>
              </xs:element>
            </xs:sequence>
          </xs:complexType>
          <!-- Validacion de toda la cadena de certificados hasta el certificado raiz -->
          <xs:complexType name="ValidacionCadenaInfo">
            <xs:sequence>
              <xs:element name="codigoResultado" type="xs:string"/>
              <xs:element name="descResultado" type="xs:string"/>
              <xs:element maxOccurs="unbounded" minOccurs="0" name="errorCertificado">
                <xs:complexType>
                  <xs:sequence>
                    <xs:element name="idCertificado" type="xs:string"/>
                    <xs:element name="ValidacionSimple" type="wsvalidacion:ValidacionSimpleInfo"/>
                    <xs:element name="ValidacionEstado" type="wsvalidacion:ValidacionEstadoInfo"/>
                  </xs:sequence>
                </xs:complexType>
              </xs:element>
            </xs:sequence>
          </xs:complexType>
        </xs:schema>
      </wsdl:types>
      <wsdl:message name="ValidarCertificadoRequest">
        <wsdl:part name="parametrosIn" type="xsd:string"/>
      </wsdl:message>
      <wsdl:message name="ValidarCertificadoResponse">
        <wsdl:part name="ValidarCertificadoReturn" type="xsd:string"/>
      </wsdl:message>
      <wsdl:portType name="Validacion">
        <wsdl:operation name="ValidarCertificado" parameterOrder="parametrosIn">
          <wsdl:input message="impl:ValidarCertificadoRequest" name="ValidarCertificadoRequest"/>
          <wsdl:output message="impl:ValidarCertificadoResponse" name="ValidarCertificadoResponse"/>
        </wsdl:operation>
      </wsdl:portType>
      <wsdl:binding name="ValidarCertificadoSoapBinding" type="impl:Validacion">
        <wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
        <wsdl:operation name="ValidarCertificado">
          <wsdlsoap:operation soapAction=""/>
          <wsdl:input name="ValidarCertificadoRequest">
            <wsdlsoap:body namespace="http://afirmaws/services/ValidarCertificado" use="literal"/>
          </wsdl:input>
          <wsdl:output name="ValidarCertificadoResponse">
            <wsdlsoap:body namespace="http://afirmaws/services/ValidarCertificado" use="literal"/>
          </wsdl:output>
        </wsdl:operation>
      </wsdl:binding>
      <wsdl:service name="ValidacionService">
        <wsdl:port binding="impl:ValidarCertificadoSoapBinding" name="ValidarCertificado">
          <wsdlsoap:address location="https://des-afirma.redsara.es/afirmaws/services/ValidarCertificado"/>
        </wsdl:port>
      </wsdl:service>
    </wsdl:definitions>

    Thanks,

    Regards.

    Wednesday, February 8, 2012 12:33 PM
  • Hi,

    I see in your original post you're using wshttp binding, this implies using Soap1.2.

    Since the webservice is using Soap1.1, you should be using basisHttp binding.
    The SoapAction is a mandatory element in Soap1.1 as opposed in Soap1.2

    Regards,

    René

    Wednesday, February 8, 2012 1:38 PM
  • Hi René.

    Could you explain me how to configure the SoapAction in a BasicHttpBinding send port?

    I remider that the request must be signed with a server certificate (request using WS-Security).

    Thanks,

    Regards

    Wednesday, February 8, 2012 2:46 PM
  • Hi,

    You don't have to, it will be added automatically and because you do not specify one, an empty one will be added, since it is mandatory when using Soap1.1

    Regards,

    René

    Wednesday, February 8, 2012 3:39 PM
  • Hello.

    The Problem is not the same. I am trying to call a web service from BizTalk using WS-Security + SSL. The problem discussed in the above thread deals about calling a WCF Service with client certificate, not WS-Security.

    I tryed to configure my send port as especified in the thread and it isn't work. The soap message  send is not well formed SOAP Message and it is not being signed.

    Thanks,

    Regards.




    Wednesday, February 8, 2012 4:12 PM
  • Hi René,

    If I don't put anything in the SOAPAction Text Box and I try to configure WCF-Custom or WCF-WSHTTP, the messages send from the BizTalk adapter aren't well formed. The message has not a correct SOAP format and it is not being signed with a certificate. I Put the message that is being sent:

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><ns0:mensajeEntrada xmlns:ns0="http://afirmaws/ws/validacion"><ns0:peticion>ValidarCertificado</ns0:peticion><ns0:versionMsg>1.0</ns0:versionMsg><ns0:parametros><ns0:certificado>Certificate</ns0:certificado>
    <ns0:idAplicacion>ApplicationId</ns0:idAplicacion><ns0:modoValidacion>2</ns0:modoValidacion><ns0:obtenerInfo>true</ns0:obtenerInfo></ns0:parametros></ns0:mensajeEntrada></s:Body></s:Envelope>

    As you can see, the message is not a correct SOAP message. Moreover, the message is not being signed.

    The message must be send using WS-Security (Web Service Security). The SOAP message must be sign with a certificate.

    Could you help me please?

    Thanks,

    Regards.
    Wednesday, February 8, 2012 4:33 PM
  • Hi,

    When using WCF-Custom, how does your bindingconfiguration look like?

    And why you say the above message is an incorrect SOAP message?

    Regards,

    René

    Wednesday, February 8, 2012 4:43 PM
  • Hi René.

    When I say that the soap message is not well formed I refers about the SOAP Message doesn't contains the web method that is being called (it only contains the input parameter of the method).

    In addition to this, the SOAP header of the SOAP message doesn't contains the sign data necessary  to  the WS-Security Message. If this sign is not sent in the header, the server can't check the integrity of the SOAP message.

    I paste the binding information of the port when I use WCF-Custom adapter:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <system.serviceModel>
            <bindings>
                <basicHttpBinding>
                    <binding name="ValidarCertificadoSoapBinding" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="Transport">
                            <transport clientCredentialType="None" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" algorithmSuite="Default" />
                        </security>
                    </binding>
                    <binding name="ValidarCertificadoSoapBinding1" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                        useDefaultWebProxy="true">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <security mode="None">
                            <transport clientCredentialType="None" proxyCredentialType="None"
                                realm="" />
                            <message clientCredentialType="UserName" algorithmSuite="Default" />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <client>
                <endpoint address="https://des-afirma.redsara.es/afirmaws/services/ValidarCertificado"
                    binding="basicHttpBinding" bindingConfiguration="ValidarCertificadoSoapBinding"
                    contract="Servicio_Final_Validar_Certificados.Validacion"
                    name="ValidarCertificado" />
            </client>
        </system.serviceModel>
    </configuration>

    Thanks,

    Regards.
    Wednesday, February 8, 2012 5:12 PM
  • Hi,

    Seems as though my assumption was wrong:

    Can you set the following in the SoapAction header textbox on the general tab.

    <BtsActionMapping xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <Operation Name="ValidarCertificado" Action="" />
    </BtsActionMapping>

    Next to that can you set the Security mode to TransportWithMessageCredential and on the message the clientCredentialType to Certificate

    Regards,
    René

    Wednesday, February 8, 2012 9:08 PM
  • Hi René.

    If I put this configuration in the SoapAction textbox of a WCF-Custom Adapter but the message sent is the same if I don't use this configuration. Besides this, the SOAP message doesn't contain the called operation and the message signature doesn't appear in the SOAP header of the message.

    If I use this configuration in a WCF-BasicHTTP or WCF-WSHttp transport type, it doesn't works. Using this configuration in these transport types, the message doesn't leave the BizTalk port.

    This configuration doesn't works to send the message using WS-Security.

    Thanks,

    Regards

    Thursday, February 9, 2012 9:15 AM