none
Encrypt the SOAP request using x509 certificate RRS feed

  • Question

  • I'm consuming java based service in my WCF client(C#)application.But I'm facing below issue

    Exception :

        <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
          <s:Header xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"></s:Header>
          <soap:Body>
            <soap:Fault>
              <faultcode xmlns="">soap:Client</faultcode>
              <faultstring xmlns="">General security error (WSSecurityEngine: No crypto property file supplied to verify signature)</faultstring>
            </soap:Fault>
          </soap:Body>
        </soap:Envelope>


    using java client I'm able to call the service success fully.
    Buy I'm getting error while creating the equalant dot net based client.find my C# steps below. 

       step1 : added Service reference of the java service to my C# client.


                    CountryWSRequest Request = new CountryWSRequest();
                    CountryWSResponse Response = new CountryWSResponse();
                    CountryWSEndPointClient objCountryList = new CountryWSEndPointClient();
                    Request.UserAuthentication = new WSHeader();
                    Request.Userdetail.ID= "125";
                    Request.Userdetail.name= "User12";
                    Response = objCountryList.getCountryList(Request);
      
        Step2 :converted the.jks file to PFX file and insialled the certificate in to my local machine. attached the required certificate to the service via config file.

    My web.Config file :
       
        <system.serviceModel>
            <bindings>
              <customBinding>
              <binding name="wsHttpSoap11" >
                <textMessageEncoding messageVersion="Soap11" />
                <security
                includeTimestamp="false"
                securityHeaderLayout="Lax"
                authenticationMode="MutualCertificate"
                defaultAlgorithmSuite="Basic128Rsa15"
                enableUnsecuredResponse="false"
                  messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
                <secureConversationBootstrap />
              </security>
              <httpsTransport />
            </binding>
          </customBinding>
          </bindings>   
        <behaviors>
          <endpointBehaviors>
            <behavior name="TehRightBehaviour">
              <clientCredentials>
                <!-- clientCertificate not defaultCertificate -->
                <clientCertificate findValue="xxxxxx" storeLocation="CurrentUser" storeName="Root" x509FindType="FindBySubjectName" /> 
        <serviceCertificate>
                  <authentication certificateValidationMode="None" />
                  <defaultCertificate findValue="xxxxxx" storeLocation="CurrentUser" storeName="Root" x509FindType="FindBySubjectName"/>
                </serviceCertificate>   
              </clientCredentials>
            </behavior>
          </endpointBehaviors>
        </behaviors>
            <client>
             <endpoint name="WsSoap11"   address="https://xxx.xxx.xxx.xxx:9900/getCountryList/"   binding="customBinding" bindingConfiguration="wsHttpSoap11"
            contract="GetCountryList.ICountryWSEndPoint" behaviorConfiguration="TehRightBehaviour" />
            </client>
         </system.serviceModel>

    Expected SOAP at server side: 

             <soapenv:Envelope xmlns:book="http://ws.endpoints.ugc.test1.com/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                  <soapenv:Header>
                    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                      <xenc:EncryptedKey Id="EncKeyId-1BB74F4E06425F7BAA14187353371124">
                        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                          <wsse:SecurityTokenReference>
                            <ds:X509Data>
                              <ds:X509IssuerSerial>
                                <ds:X509IssuerName>CN=xxx.xxx.xx.xxx</ds:X509IssuerName>
                                <ds:X509SerialNumber>1418734574</ds:X509SerialNumber>
                              </ds:X509IssuerSerial>
                            </ds:X509Data>
                          </wsse:SecurityTokenReference>
                        </ds:KeyInfo>
                        <xenc:CipherData>
                          <xenc:CipherValue>R/KqZUW1uAQYfdddFql7zFBIPBkRX/lrFgYmIygVf+dpGzmH9NQV6xGEj+csdmK1qI1v62UUx3l89NIwmbd9jnFzstwbPmHreqmKC5mm540xjDT3rFSMMA4jkhKaRhhyvkJv90LCxRN0I6F2sOgcXfuczJrKu/+tseugjzOxbBFXfI=</xenc:CipherValue>
                        </xenc:CipherData>
                        <xenc:ReferenceList>
                          <xenc:DataReference URI="#EncDataId-2"/>
                        </xenc:ReferenceList>
                      </xenc:EncryptedKey>
                    </wsse:Security>
                  </soapenv:Header>
                  <soapenv:Body>
                    <xenc:EncryptedData Id="EncDataId-2" Type="http://www.w3.org/2001/04/xmlenc#Content">
                      <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
                      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                          <wsse:Reference URI="#EncKeyId-1BB74F4E025F7BAA14187353371124"/>
                        </wsse:SecurityTokenReference>
                      </ds:KeyInfo>
                      <xenc:CipherData>
                        <xenc:CipherValue>
                          cSPbiKSC57Ba6Fo1SQHdw2tfQ4vfJcawXujuj9u1jpYpbh8mSdSvXk8C5LTykNMZ/UzmX+Kofs6n         
                        </xenc:CipherValue>
                      </xenc:CipherData>
                    </xenc:EncryptedData>
                  </soapenv:Body>
                </soapenv:Envelope>
           
    My WCF client generated SOAP(Signature tag encrypted and added additionaly in wcf request)
           
        <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <s:Header>
            <VsDebuggerCausalityData xmlns="uIDPo1fsj9+ISdZEvpYPea9ZTPkAAAAAE8fIajroBEuUOgMQSniXqgkZzIA56qAZtFJnBidUH4P3di6gACQAA</VsDebuggerCausalityData">http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo1fsj9+ISdZEvpYPea9ZTPkAAAAAE8fIajroBEuUOgMQSniXqgkZzIA56qAZtFJnBidUH4P3di6gACQAA</VsDebuggerCausalityData>
            <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
              <o:BinarySecurityToken>
                <!-- Removed-->
              </o:BinarySecurityToken>
              <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="</DigestMethod">http://www.w3.org/2000/09/xmldsig#"></DigestMethod>
                </e:EncryptionMethod>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                  <o:SecurityTokenReference>
                    <X509Data>
                      <X509IssuerSerial>
                        <X509IssuerName>CN=xxxxxx</X509IssuerName>
                        <X509SerialNumber>141873494</X509SerialNumber>
                      </X509IssuerSerial>
                    </X509Data>
                  </o:SecurityTokenReference>
                </KeyInfo>
                <e:CipherData>
                  <e:CipherValue>dI7F6+ADHtA/nZ122+kOEb6vXBWG+pOujI/v4kQePFAdivYAUAVNTmD3j5XWhBQTcFr9O2ChhLT8vJQSRTqrvxci51JF/cCcjWh/4UD1lYNrelGoYJdSPbtIkxYWbaAajscYyzU9xdDkh8fq0YEcbyYW6ycBm8idxW6koY=</e:CipherValue>
                </e:CipherData>
                <e:ReferenceList>
                  <e:DataReference URI="#_2"></e:DataReference>
                  <e:DataReference URI="#_3"></e:DataReference>
                </e:ReferenceList>
              </e:EncryptedKey>
              <e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="</e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#aes128-cbc"></e:EncryptionMethod>
                <e:CipherData>
                  <e:CipherValue>44wzjJ99VveK/hQp3X+8awc7XHDXxf/oHDAn62gitkG6j6YETL9E2iVkLrtcmA+3YKdDRmxCUpWpoWTTZ8/5Ac9inIlw+xzTWUW6Ef2lLItWiV/ZY31wBeh32DO3hGLX+GZBAU4u6r2jMgNvoudIeyNFO5BbWSNFlr1+iDC4N8qgJfQ+/2R8YZZnSzyuDGHsmoZzdEB/WjYkjlrd5cYp8hMovtExe7mMXTWPfzJSAJomV7nsyYy3NSpvfEeM0iJCwvBtUeFgBSrvsAzbRIw21tHj19XbvPYuts3apPsSgf0Cvb+6Bu80l1J4TVbOH9GBymfow+T+ZbuHuxKmkYwfddmsAVUWunOJ/I//QveHx5ps6jjg=</e:CipherValue>
                </e:CipherData>
              </e:EncryptedData>
            </o:Security>
          </s:Header>
          <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
              <e:EncryptionMethod Algorithm="</e:EncryptionMethod">http://www.w3.org/2001/04/xmlenc#aes128-cbc"></e:EncryptionMethod>
              <e:CipherData>
                <e:CipherValue>
                  m+Ze2d4gGQ3FS1z92yrKcEPh4/JqQ3wJHMGHbewuHmaZT2FbjBi2jsdID0usKlHR1Fu4ZpC3XdGjfpS4WPZmbVsftdgeh9JhSHQPRacAVeapccjhN5HDFQR3f6FnBxrMUwGU/YwxseLvjNWbccX0LUQTZhuVYzufG14U1PTWmIqaeL6bB9kONDYuDSObYBkijSgAVfsvX2+qNlc1VeKHNDIzOx==
                </e:CipherValue>
              </e:CipherData>
            </e:EncryptedData>
          </s:Body>
        </s:Envelope>

    what I'm missing in this?


    Saturday, December 20, 2014 7:22 AM

Answers

All replies