none
Invoking java webservice from c#.net using: TLS 1.2 /WS-SECURITY/SAML/client X509 certificate authentication

    Domanda

  • The C#.net code generated from WSDL for connecting to the java webservice doesn't work.

    I have tried basic as well as custom bindings (using Visual Studio 2012 - framework 4.5) but the response is always the same:

    ERROR: System.ServiceModel.FaultException:
    Internal Error (from server)

    Can someone help me with a correct binding configuration ?

    This interesting article can be right and/or helpful?   https://jeremeguenther.blogspot.it/2017/12/

    Thank you

    P.S. : This is a sample of header SOAP message (correct and valid):

    <soap:Header>
    <wsse:Security
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    soap:mustUnderstand="1">
    <wsu:Timestamp wsu:Id="TS-27bd9fa1-84a0-420f-be7a-0cb520774170">
    <wsu:Created>2017-10-10T20:58:49.392Z</wsu:Created>
    <wsu:Expires>2017-10-10T21:03:49.392Z</wsu:Expires>
    </wsu:Timestamp>
    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    ID="_e09b3a80-dfc9-4952-a45d-fd2ebe372d38"
    IssueInstant="2017-10-10T20:58:49.344Z"
    Version="2.0"
    xsi:type="saml2:AssertionType">
    <saml2:Issuer>XS</saml2:Issuer>

                    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod
                                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                            <ds:Reference URI="#_e09b3a80-dfc9-4952-a45d-fd2ebe372d38">
                                <ds:Transforms>
                                    <ds:Transform
                                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                        <ec:InclusiveNamespaces
                                            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd" />
                                    </ds:Transform>
                                </ds:Transforms>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                                <ds:DigestValue>AzkCleZh76SLSRLRktcyiaf4KcY=</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>YW8Ek/MImCU8JD6ZKn4On6A8CVxRW5iEqLxifBnjg1mUX391oZz/...+n/XCsuQTw5Er1E2yDujN0nMn5e0DuJwCWlU2tBnv06oXbu5sGwRY4bkRXRDY+9R+K/RMhzYS4sk2aJYaw1TrA8Y223HP/Sd2eFdb5fSGIhgyESMYVX+88lmv8BdxwJv+jRMnX/uZT85lpCmX4TnPElCXYnAhfqfdDydJTDd8rlb7ZcGpxrCDiOizeM+kPjQCT3CPhiWhz4KsoZiBPYaGG1ct6esTELfb/BuK9zErHQaAvLOYYuMLjJjkwZWicnVhfycnXY0RVMA==
                        </ds:SignatureValue>
                        <ds:KeyInfo>
                            <ds:X509Data>
                                <ds:X509Certificate>MIIE6...Eq6Qs5265Rxtz+uMNGyMZenveN7adAklqck/10fUospUMsNZvV/tfSeo5Fv+tZsgATZBGcNKs
                                    m8FKL3zuW40q
                                </ds:X509Certificate>
                            </ds:X509Data>
                        </ds:KeyInfo>
                    </ds:Signature>
                    <saml2:Subject>
                        <saml2:NameID
                            Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">TEST888888</saml2:NameID>
                        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                            <saml2:SubjectConfirmationData
                                NotBefore="2017-10-10T20:58:49.263Z" NotOnOrAfter="2017-10-10T21:03:49.263Z" />
                        </saml2:SubjectConfirmation>
                    </saml2:Subject>
                    <saml2:Conditions NotBefore="2017-10-10T20:58:49.345Z"
                        NotOnOrAfter="2017-10-10T21:03:49.345Z" />
                    <saml2:AuthnStatement AuthnInstant="2017-10-10T20:58:49.263Z"
                        SessionNotOnOrAfter="2017-10-10T21:03:49.263Z">
                        <saml2:SubjectLocality Address="192.168.1.214" />
                        <saml2:AuthnContext>
                            <saml2:AuthnContextClassRef />
                        </saml2:AuthnContext>
                    </saml2:AuthnStatement>
                    <saml2:AttributeStatement>
                        <saml2:Attribute Name="IdSede"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                            <saml2:AttributeValue xsi:type="xsd:string">888888
                            </saml2:AttributeValue>
                        </saml2:Attribute>
                        <saml2:Attribute Name="IdPostazione"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                            <saml2:AttributeValue xsi:type="xsd:string">888888-PC-0000
                            </saml2:AttributeValue>
                        </saml2:Attribute>
                        <saml2:Attribute Name="IdPostazioneFirmato"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                            <saml2:AttributeValue xsi:type="xsd:string">MIAGCSqGSIb3DQEHAqCA...BA84ODg4ODgtUEMtMDAwMCAAAAAAAACggDCCBOswggLToAMCAQICCCZbVEG47JVMMA0GCSqGSIb3DQEBCwUAMFoxGzAZBgNVBAMMEkNBI..XJubzELMAkGA1UEBhMCSVQwHhcNMTcwMTIzMTQ0NzM2WhcNMjMwMTI0MTQ0NzM2WjCBmTEXMBUGA1UEAwwOODg4ODg4LVBDLTAwMDAxHTAbBgNVBAsMFFBvc3RhemlvbmkgZGkgbGF2b3JvMTEwLwYDVQQLDChBbmFncmFmZSBOYXppb25hbGUgUG9wb2xhemlvbmUgUmVzaWRlbnRlMR8wHQYDVQQKDBZNaW5pc3Rlcm8gZGVsbCdJbnRlcm5vMQswCQYDVQQGEwJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAImHXyBFtvoaDiGVLxf6ohNEOFgQBCGwZfjci8Om1yVizIqgV1xOrXyN50/z+R/JYj2klo1Z2EO+BbAfp41E8+i75NMrWuNdLo9rsRu4Di8vJWHd32fc47kSy29UZHCP6KV4MV4ejLqwZ+COn58KBUGabvX5aFQSPcHADAlYqJ89TwReHobzRyBH0cHZT3d9x0SZ1tJV7V1I2TKap60BpwK94HXnzOd4EK9Owcj97S0TG95gp0YYyWMfbNZwZSWnsLnL1wYdV11ezDP/5OtkcftXi9lZ88aM9eXSxw3Mc9uTGRpb+TK6u4sTgwKkO7Ln91KJK9FaqS8PqcPekLyHr3MCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQGC5/KodeZrdQi7rOLsRSTyFebfjATBgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUliyMSalyuSiWIwzf9iUf823Cw/cwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBJ9GSMfqCZIkk0gdmtlkfnBIK53JGN3TrviVh5y+xNfXXwKPhPBpJ54cwvSfibx38Z8jZA1IX6OxFhGDYQw7fLilvbmNuLHWjwQKY192Zu57A6lNto57TItP0j7iuc4qSDNxl5LkTp8ka3FNPctrf4x3VaRew3V4aksVfZKklg4/i29pxu4+4pnHmhQMGk4GQK3/IXo9/GogTducusTHChDc67b2vtw7ZEwz3SUApmFJvUoGeR8Xsn7LtRHm6UFybZQn/hIH/dHwOiZi+6ebbnSo1q9nl9KGSXy90VWgKV3sHVHoG+1sjum2XRc+nyaspSeljksHupArkZSPyxcSZZ0/d20b0gfhUCntfWPROc8uH6y1jXvtc8Z4QpCM2+rdCNQA/wH+RzIb7NbD/Lq7rKY2w8iSVmcB1iLUCMTYa41ZyqX21GwbJD/2LEMqMa0+1O/2UqOABs7a/vLTiE3370km33bp5xUTCASni/5NvBQiFepWk3lxM1Ijrc91Ylwg5dTONAi/gIEhyBGfBRKksAYWI8ykf9/1c+PaUPYlReAUR+ecGdszUIuP+/jszpE6rQRX1z3sfcyQordteIdY+4xKukLOduuUcbc/rjDRsjGXp73je2nQJJanJP9dH1KLKVDLDWb1f7X0nqORb/rWbIAE2QRnDSrJvBSi987luNKgAAMYICLDCCAigCAQEwZjBaMRswGQYDVQQDDBJDQSBQb3N0YXppb25pIFN2aWwxDTALBgNVBAsMBEFOUFIxHzAdBgNVBAoMFk1pbmlzdGVybyBkZWxsJ0ludGVybm8xCzAJBgNVBAYTAklUAggmW1RBuOyVTDANBglghkgBZQMEAgEFAKCBmDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEwMTAyMDU4NDlaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIBBQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEIHtfJLOhnE9tcVuE4kJ6brV4+75vANdsbSyDYfbJek57MA0GCSqGSIb3DQEBCwUABIIBACEjVdXXFJEOGMIOugz5itJ2QLUy6boc22RhdxuTac0R7+gtW8UTGitmOaf9V1yVvRCBsCQi3hnBiCHoGCAfHiqz2qB2mU1WYg22bMFaVSj6RnepOs2qwPu1vzBfte9HguOHdcga/v9wP2slNjbGbLn8cqveybCo8Y+0owx04NV8kQCWQvppxi4JEH4uS83cEMje12mLW7ulb0O47YJbkFEJH3xHksn+jZ1sO7xi2j7XJGfokpPH8nMEpSTQsFYA2AjemM+qYaQ8Mz79PDrWbFbUknblQIPT3Kn1BAFUZAcGzHpkeXMEJ+PF62i8/69Og3DxjhODnjP5fyCqGtClwdcAAAAAAAA=
                            </saml2:AttributeValue>
                        </saml2:Attribute>
                        <saml2:Attribute Name="IdApplicazione"
                            NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                            <saml2:AttributeValue xsi:type="xsd:string">12345
                            </saml2:AttributeValue>
                        </saml2:Attribute>
                    </saml2:AttributeStatement>
                </saml2:Assertion>
                <wsse:BinarySecurityToken
                    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
                    wsu:Id="X509-8fdbdfde-283b-4bdc-b285-bf09f55fd327">MIIE6zCCAtOgAwIBAg...EbMBkGA1UEAwwSQ0EgUG9zdGF6aW9uaSBTdmlsMQ0wCwYDVQQLDARBTlBSMR8wHQYDVQQKDBZNaW5pc3Rlcm8gZGVsbCdJbnRlcm5vMQswCQYDVQQGEwJJVDAeFw0xNzAxMjMxNDQ3MzZaFw0yMzAxMjQxNDQ3MzZaMIGZMRcwFQYDVQQDDA44ODg4ODgtUEMtMDAwMDEdMBsGA1UECwwUUG9zdGF6aW9uaSBkaSBsYXZvcm8xMTAvBgNVBAsMKEFuYWdyYWZlIE5hemlvbmFsZSBQb3BvbGF6aW9uZSBSZXNpZGVudGUxHzAdBgNVBAoMFk1pbmlzdGVybyBkZWxsJ0ludGVybm8xCzAJBgNVBAYTAklUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYdfIEW2+hoOIZUvF/qiE0Q4WBAEIbBl+NyLw6bXJWLMiqBXXE6tfI3nT/P5H8liPaSWjVnYQ74FsB+njUTz6Lvk0yta410uj2uxG7gOLy8lYd3fZ9zjuRLLb1RkcI/opXgxXh6MurBn4I6fnwoFQZpu9floVBI9wcAMCVionz1PBF4ehvNHIEfRwdlPd33HRJnW0lXtXUjZMpqnrQGnAr3gdefM53gQr07ByP3tLRMb3mCnRhjJYx9s1nBlJaewucvXBh1XXV7MM//k62Rx+1eL2Vnzxoz15dLHDcxz25MZGlv5Mrq7ixODAqQ7suf3Uokr0VqpLw+pw96QvIevcwIDAQABo3UwczAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFAYLn8qh15mt1CLus4uxFJPIV5t+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBSWLIxJqXK5KJYjDN/2JR/zbcLD9zAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAEn0ZIx+oJkiSTSB2a2WR+cEgrnckY3dOu+JWHnL7E19dfAo+E8GknnhzC9J+JvHfxnyNkDUhfo7EWEYNhDDt8uKW9uY24sdaPBApjX3Zm7nsDqU22jntMi0/SPuK5zipIM3GXkuROnyRrcU09y2t/jHdVpF7DdXhqSxV9kqSWDj+Lb2nG7j7imceaFAwaTgZArf8hej38aiBN25y6xMcKENzrtva+3DtkTDPdJQCmYUm9SgZ5Hxeyfsu1EebpQXJtlCf+Egf90fA6JmL7p5tudKjWr2eX0oZJfL3RVaApXewdUegb7WyO6bZdFz6fJqylJ6WOSwe6kCuRlI/LFxJlnT93bRvSB+FQKe19Y9E5zy4frLWNe+1zxnhCkIzb6t0I1AD/Af5HMhvs1sP8uruspjbDyJJWZwHWItQIxNhrjVnKpfbUbBskP/YsQyoxrT7U7/ZSo4AGztr+8tOITffvSSbfdunnFRMIBKeL/k28FCIV6laTeXEzUiOtz3ViXCDl1M40CL+AgSHIEZ8FEqSwBhYjzKR/3/Vz49pQ9iVF4BRH55wZ2zNQi4/7+OzOkTqtBFfXPex9zJCit214h1j7jEq6Qs5265Rxtz+uMNGyMZenveN7adAklqck/10fUospUMsNZvV/tfSeo5Fv+tZsgATZBGcNKsm8FKL3zuW40q
                </wsse:BinarySecurityToken>
                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                    Id="SIG-5a11e1e5-b811-465b-a299-8709bf8d20f8">
                    <ds:SignedInfo>
                        <ds:CanonicalizationMethod
                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
                                PrefixList="soap" />
                        </ds:CanonicalizationMethod>
                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                        <ds:Reference URI="#TS-27bd9fa1-84a0-420f-be7a-0cb520774170">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                    <ec:InclusiveNamespaces
                                        xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap" />
                                </ds:Transform>
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <ds:DigestValue>GY9Jt0r+qR7SOPLsFyvx6sK5OII=</ds:DigestValue>
                        </ds:Reference>
                        <ds:Reference URI="#_8f4680d7-8cab-4f6c-8d08-4743a9a80416">
                            <ds:Transforms>
                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </ds:Transforms>
                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <ds:DigestValue>80HDclal0/+WJEvHT6r0Mm2oB44=</ds:DigestValue>
                        </ds:Reference>
                    </ds:SignedInfo>
                    <ds:SignatureValue>Kb99iwuNAqxn5eagrnHCqupxN/8iCuEskqtzDRCd3hjrUYMeO+WKr9bmX7wfttw...qtcbVOMTDeoBcOV85LHHaiepH1Jw+wRq7nZ9Y7EcwZ93//i5Ar7vTIhJTcqXdB317HOpKqo1c+mZnv1saSb2esV+Ri1l8Dh7dMUxemrRhLu2OHdPcJIVps3oQfHjXzLfPePsAUhdSAf8+Kj3MIEclXWNb+3CzyEl1P+iEPHmdG9PONBO8DhSTi8H+EZlBnw==
                    </ds:SignatureValue>
                    <ds:KeyInfo Id="KI-92b6e1d4-627c-4758-9796-27e6372da911">
                        <wsse:SecurityTokenReference
                            xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                            wsu:Id="STR-d4ad6b44-0dd4-4564-af69-dd3b16f71f9d">
                            <wsse:Reference URI="#X509-8fdbdfde-283b-4bdc-b285-bf09f55fd327"
                                ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                        </wsse:SecurityTokenReference>
                    </ds:KeyInfo>
                </ds:Signature>
            </wsse:Security>
        </soap:Header>

    venerdì 29 dicembre 2017 11:54

Tutte le risposte

  • Ciao,

    ti rispondo in italiano perchè questo è un forum italiano,

    ho avuto un problema simile ed ho risolto cosi:

    se hai una versione di .net framework 4.5 devi aggiungere

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

    se hai la 4.6 non dovrebbe essere necessario.

    Aggiungi poi anche

    ServicePointManager.Expect100Continue = false;

    con ogni versione del framework prima di fare qualsiasi chiamata al webservice

    Fammi sapere se hai risolto anche tu

    CIao

    Alessio

    venerdì 29 dicembre 2017 13:20
  • Ciao Alessio,

    grazie per il tuo intervento, ho messo subito in pratica i tuoi suggerimenti effettuando una chiamata bruta inviando un messaggio SOAP (header+body) "preconfezionato" memorizzato all'interno di un file di testo, ma il risultato è sempre lo stesso "internal error". In realtà, l'istruzione "

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

    "

    l'avevo già adottata, mi tengo per buona la seconda, anzi se ti viene in mente qualche altra impostazione ti sarei grato.

    venerdì 29 dicembre 2017 14:41
  • I webservice in questione sono sviluppati con tecnologia JAVA e richiedono lo standard 'SAMLTokenProfile' della WS-Security che utilizza, nella fase di autenticazione/autorizzazione dell’utente, lo standard SAML.

    Al momento, abbiamo sviluppato due soluzioni:

    1) Client C#.Net sviluppato con Visual Studio 2013 framework 4.5 con utilizzo di:
    - classi generate a partire dal WSDL messo a disposizione dal gestore;
    - librerie .Net per la generazione delle asserzioni SAML;
    - librerie .Net di crittografia;
    - librerie BouncyCastle di crittografia per la generazione della firma;
    - certificato TLS e certificato client X509 rilasciati da gestore;

    2) Client C#.Net sviluppato con Visual Studio 2013 framework 4.5 con chiamata bruta al
    web service utilizzando un messaggio SOAP (corretto e validato) tramite caricamento da file
    di testo.

    In entrambi i casi il messaggio di risposta è sempre: "Internal error from server". In merito a tale errore
    abbiamo già provveduto a richiedere assistenza al gestore.

    venerdì 29 dicembre 2017 14:53
  • Condivido il codice della soluzione 2, con la speranza che qualcuno possa migliorare o correggere qualche impostazione, ricordando che l'intero messaggio SOAP è tutto quanto pronto in un file di testo esterno:
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                ServicePointManager.Expect100Continue = false;                     
                ServicePointManager.ServerCertificateValidationCallback = delegate(Object obj, System.Security.Cryptography.X509Certificates.X509Certificate certificate, X509Chain chain, SslPolicyErrors errors) { return (true); };
                
                string url = "https://wss.../ser6001";
    
                string pl = System.IO.File.ReadAllText(@"C:\Users\...\ConsoleApplication\soapEnvelope\soapEnvelopeDicembre29.txt");
                            
                var clientHandler = new WebRequestHandler();            
    
                var client = new HttpClient(clientHandler);
    
                string MystringRequestContent = "Payload: " + pl;
    
                var req = new HttpRequestMessage(HttpMethod.Post, url) { Content = new System.Net.Http.StringContent(MystringRequestContent, Encoding.UTF8, "text/xml") };
                //var req = new HttpRequestMessage(HttpMethod.Post, url) { Content = new System.Net.Http.StringContent(MystringRequestContent) };
                req.Headers.Clear();
    
                var requestContent = req.Content;
                string stringRequestContent = requestContent.ReadAsStringAsync().Result;
    
                Console.WriteLine("HTTP REQUEST\n\n");
                Console.WriteLine(stringRequestContent);
    
                string resultContent = "";
    
                Console.Write(req.ToString());
    
                try
                {
                    var res = await client.SendAsync(req);
                    resultContent = await res.Content.ReadAsStringAsync();
                }
                catch (Exception ex)
                {
                    throw ex;
                };
                
    
                Console.WriteLine("\n\nHTTP RESPONSE\n\n");
                Console.WriteLine(resultContent);


    venerdì 29 dicembre 2017 15:12