locked
how to create wsse:Security header programatically from code RRS feed

Answers

  • the "wsse" is one way to create this, another way is to use a default namespace, e.g. 

     

    <security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

    ... no need to add wsse now

    </security>

     

    This should work the same.

    If you have to use wsse then either change the message after this (the way to do it depends in the framework you use) or you can manually create whole of this message (there is no cryptography in here, just some timestamp and random nonce).


    http://webservices20.blogspot.com/
    WCF Security, Performance And Testing Blog
    Tuesday, August 17, 2010 11:09 AM
  • Hi,

    You may use the following code:

     Service1Client proxy = new Service1Client();
                MessageHeader<string> myHeader = new MessageHeader<string>("Inner XML here", true, string.Empty, true);
                MessageHeader MyUntypedHeader = myHeader.GetUntypedHeader("Security", @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                using (OperationContextScope scope = new OperationContextScope(proxy.InnerChannel))
                {
                    OperationContext.Current.OutgoingMessageHeaders.Add(MyUntypedHeader);
                    Console.WriteLine(proxy.GetData(10));
                    Console.ReadLine();
                }

    Then use Fiddler to see what the request soap message is.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Wednesday, August 18, 2010 2:04 AM

All replies

  • the "wsse" is one way to create this, another way is to use a default namespace, e.g. 

     

    <security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

    ... no need to add wsse now

    </security>

     

    This should work the same.

    If you have to use wsse then either change the message after this (the way to do it depends in the framework you use) or you can manually create whole of this message (there is no cryptography in here, just some timestamp and random nonce).


    http://webservices20.blogspot.com/
    WCF Security, Performance And Testing Blog
    Tuesday, August 17, 2010 11:09 AM
  • could you please send a sample of how to create this header from code and pass it to the service?
    Tuesday, August 17, 2010 2:15 PM
  • Hi,

    You may use the following code:

     Service1Client proxy = new Service1Client();
                MessageHeader<string> myHeader = new MessageHeader<string>("Inner XML here", true, string.Empty, true);
                MessageHeader MyUntypedHeader = myHeader.GetUntypedHeader("Security", @"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                using (OperationContextScope scope = new OperationContextScope(proxy.InnerChannel))
                {
                    OperationContext.Current.OutgoingMessageHeaders.Add(MyUntypedHeader);
                    Console.WriteLine(proxy.GetData(10));
                    Console.ReadLine();
                }

    Then use Fiddler to see what the request soap message is.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Wednesday, August 18, 2010 2:04 AM
  • I coded the above lines but I don't know how to use fiddler

    I downloaded and installed fiddler but don know how to check the request generated by OutgoingMessageGeaders

    Please help

    Sunday, August 22, 2010 10:17 PM
  • Hi,

    If you don't want to use Fiddler (Fiddler can only track HTTP/HTTPS messages) you may also enable WCF tracing. The request message can be found in the trace log:

    http://msdn.microsoft.com/en-us/library/ms733025.aspx

    http://msdn.microsoft.com/en-us/library/ms732023.aspx


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Windows Azure Platform China Blog: http://blogs.msdn.com/azchina/default.aspx
    Monday, August 23, 2010 2:16 AM
  • The above solution provided by you doesn't work. It has been a frustrating time trying to resolve this issue. Apart from putting this wsse security in header element under end point in app.config there has not been any other way of achieving it. The fiddler also shows that there is no header element even after putting this code in place.
    Thursday, October 7, 2010 2:26 PM
  • Hi there,

    i've created a post on my website that does just this.

    kind regards,

    brian keating .net

    http://www.briankeating.net.scarlet.arvixe.com/post/2011/11/16/Supporting-WSE-plain-text-password-with-WCF-BasicHttpBinding.aspx
    • Edited by brianbruff Thursday, November 17, 2011 1:20 AM
    Thursday, November 17, 2011 1:19 AM
  • brianbruff- you post is not accessible. is it moved somewhere else? I am in need of this very urgently..


    http://www.briankeating.net.scarlet.arvixe.com/post/2011/11/16/Supporting-WSE-plain-text-password-with-WCF-BasicHttpBinding.aspx

    Friday, November 30, 2012 2:43 PM