locked
Error in WCF with Security (replacement code for WSE3 Security) RRS feed

  • Question

  • Hi,

    We have a Client code which consumes a ASP.NET Web Service from a 3rd party server in a different domain.

    and I need to create a WCF service to consume that  ASP.NET Web Service  and a Client application to consume the WCF Service.

    The current C# client code which consumes the Web Service using WSE3 security concepts, the Security Policy xml file which contains "usernameOverTransportSecurity,username, requireActionHeader, RemoveTimestampPolicyAssertion" Tags and valid username and password. In the code we are setting this policy file into the proxy and this approach is working fine.

    Now, I created a simple WCF service using VS2008/.NET3.5, added the 3rd  party wsdl through Service reference and just implemented only one OperationContract.

    Having this configuration details in the config file

    <basicHttpBinding>

            <binding name="Binding1" closeTimeout="00:01:00" openTimeout="00:01:00"            receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false"            bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"            maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"  useDefaultWebProxy="true">

    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"maxBytesPerRead="4096" maxNameTableCharCount="16384" />

    <security mode="TransportWithMessageCredential">

    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />

    <message clientCredentialType="UserName" algorithmSuite="Default" />

    </security>

    </binding>

    </basicHttpBinding>


    and using this binding in the endpoint configuration and I have the endpoint address as “https:\\server name\folder1\service\service.wsdl”, since HTTP throwed an error message, Is this correct?


    also provided valid username and password to the proxy client

    SoapClient.ClientCredentials.UserName.UserName = “aaaaaa”;

    SoapClient.ClientCredentials.UserName.Password = "bbbbbb";

    then I deployed this WCF service on local IIS7, finally I created basic Windows application and added this local WCF service to consume it which internally should consume the 3rd party WebService.

    but I am getting  the following error messages when I tried to access.

    “Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security”

    The security token could not be authenticated or authorized"

    Login credentials are correct, Am I missing any point here? Any help would be helpful.

    Regards

    MSK







    • Edited by mgsk Friday, March 1, 2013 4:05 PM
    Friday, March 1, 2013 11:02 AM

Answers

  • HI, first of all, if you select TransportWithMessageCredential mode in the configuration, you need use a HTTPS address instead of HTTP. And other neccessary things.

    http://forums.asp.net/t/1750843.aspx/1

    • Proposed as answer by Haixia_Xie Monday, March 11, 2013 9:52 AM
    • Marked as answer by Haixia_Xie Friday, March 22, 2013 9:23 AM
    Tuesday, March 5, 2013 3:40 AM

All replies

  • Hi,

    >>and using this binding in the endpoint configuration and I have the endpoint address as “https:\\server name\folder1\service\service.wsdl”, since HTTP throwed an error message, Is this correct?

    You may do not configured HTTPS properly for the binding, you can refer a post below about configuring https for basicHttpBinding.

    http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/

    >>“Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security”

    From this error message, please make sure the bindings of WCF service and that ASP.NET Web Service are matched.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, March 4, 2013 7:12 AM
  • Thanks Haixia,

    I followed the link and used the following code to check the connection status..

    I am getting the "The provided URI scheme 'http' is invalid; expected 'https'. Parameter name: via" error  message, If I use the the following EndpointAddress which I got from the Config file (which got included automatically when I added the service reference)

    Dim address As New EndpointAddress(http://server name:portnumber/folder1/folder2/application name/ServiceName)

    So I changed to https:\\ to the WSDL like the following, but getting different “org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized“ error message.

    Dim address As New EndpointAddress(""https://server.net/folder1/folder2/application name/ServiceName.wsdl”)

            ' Configure Binding

            Dim binding As New BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential)

            binding.MaxReceivedMessageSize = ((10 * 1024) * 1024) ' 10MB

            binding.ReceiveTimeout = TimeSpan.FromMinutes(2)

            binding.SendTimeout = TimeSpan.FromMinutes(2)

            ' Transport Security

            binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.None

            binding.Security.Transport.ProxyCredentialType = System.ServiceModel.HttpProxyCredentialType.None

            binding.Security.Transport.Realm = ""

            ' Message Security

            binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName

            binding.Security.Message.AlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Default

            Dim service As New ServiceReference1.AppPortSoapClient(binding, address)

            ' Set the Username/Password

            service.ClientCredentials.UserName.UserName = "user1"

            service.ClientCredentials.UserName.Password = "password123"

            ' Disable Timestamp Check

            Dim elements As BindingElementCollection = service.Endpoint.Binding.CreateBindingElements()

            elements.Find(Of SecurityBindingElement).IncludeTimestamp = False

            service.Endpoint.Binding = New CustomBinding(elements)

            Dim test As Boolean = service.Operation1();

            MessageBox.Show("Done")

    can anyone help me here to identify the problem

    MSK.


    • Edited by mgsk Monday, March 4, 2013 2:12 PM
    Monday, March 4, 2013 2:11 PM
  • HI, first of all, if you select TransportWithMessageCredential mode in the configuration, you need use a HTTPS address instead of HTTP. And other neccessary things.

    http://forums.asp.net/t/1750843.aspx/1

    • Proposed as answer by Haixia_Xie Monday, March 11, 2013 9:52 AM
    • Marked as answer by Haixia_Xie Friday, March 22, 2013 9:23 AM
    Tuesday, March 5, 2013 3:40 AM