none
How to add WS Security in to the Soap RRS feed

  • Question

  • Hi,

    I generated proxy class using wsdl file and using basic http binding.

    How to produce below soap header?.

    <soap:Header>

    <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
    <wsse:BinarySecurityToken ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary" Id="X509Token">
    MIIEZzCcA9cgwaABQfd86afd2g...
    </wsse:BinarySecurityToken>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
    <ds:CanonicalizationMethod>
    Algorithm="http://www.w3.org/2001/10/xml-enc-c14n#"/>
    </ds:CanonicalizationMethod>
    <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="#MsgBody">
    <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>DJbchm5gk...</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>LyLsF0pi4wPu...</ds:SignatureValue>
    <ds:KeyInfo>
    <wsse:SecurityTokenReference>
    <wsse:Reference URI="#X509Token"/>
    </wsse:SecurityTokenReference>
    </ds:KeyInfo>
    </ds:Signature>
    </wsse:Security>
    </soap:Header>

    Please help.

    Wednesday, December 11, 2013 7:47 AM

Answers

  • Hi,

    Maybe you can create your own custom header as following:

    public class SoapSecurityHeader : MessageHeader
        {
            private readonly string _password, _username, _nonce;
            private readonly DateTime _createdDate;
    
            public SoapSecurityHeader(string id, string username, string password, string nonce)
            {
                _password = password;
                _username = username;
                _nonce = nonce;
                _createdDate = DateTime.Now;
                this.Id = id;
            }
    
            public string Id { get; set; }
    
            public override string Name
            {
                get { return "Security"; }
            }
    
            public override string Namespace
            {
                get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
            }
    
            protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", Name, Namespace);
                writer.WriteXmlnsAttribute("wsse", Namespace);
            }
    
            protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", "UsernameToken", Namespace);
                writer.WriteAttributeString("Id", "UsernameToken-10");
                writer.WriteAttributeString("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
    
                writer.WriteStartElement("wsse", "Username", Namespace);
                writer.WriteValue(_username);
                writer.WriteEndElement();
    
                writer.WriteStartElement("wsse", "Password", Namespace);
                writer.WriteAttributeString("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                writer.WriteValue(_password);
                writer.WriteEndElement();
    
                writer.WriteStartElement("wsse", "Nonce", Namespace);
                writer.WriteAttributeString("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
                writer.WriteValue(_nonce);
                writer.WriteEndElement();
    
                writer.WriteStartElement("wsse", "Created", Namespace);
                writer.WriteValue(_createdDate.ToString("YYYY-MM-DDThh:mm:ss"));
                writer.WriteEndElement();
    
                writer.WriteEndElement();
            }
        }

    and to how to use the header you got it from this link.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, December 19, 2013 9:24 AM
    Moderator

All replies

  • Hi,

    First you should configure the message version:

    <binding name="MyBindingName" >
          <mtomMessageEncoding messageVersion="Soap11" ?>
          <security authenticationMode="Certificate"
                    includeTimestamp="false"....>            
          </security>
        </binding>
    

    Then please try to check the following similar threads:
    http://stackoverflow.com/questions/7719967/adding-ws-security-credentials-to-soap-headers-using-wcf .
    http://stackoverflow.com/questions/18502717/how-can-i-create-following-soap-header-in-wcf-client?rq=1 .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, December 16, 2013 2:42 AM
    Moderator
  • Hi Amy,

    am still getting soap requests below,

    cannot find any security header.

    <s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <s:Header>
        <a:Action s:mustUnderstand="1">http://localhost:35202/DeclarationRequest</a:Action>
        <a:MessageID>urn:uuid:62f07c54-8665-47cb-80f0-95616a6889dc</a:MessageID>
        <ActivityId CorrelationId="27d86bba-6409-4408-9d1f-bc9df3e48235" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">3c43b3b8-4ef6-46bd-97d2-a1c99bb0095b</ActivityId>
        <a:ReplyTo>
          <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo7DfzuwEHrBHnLwt7mXNPvoAAAAA6h43hR567Eig8PMBkRW18G+dIBPMP9xGu956ADmYP3EACQAA</VsDebuggerCausalityData>
      </s:Header>
      <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <MD xmlns="http://localhost:35202/v1">
          <Declaration />
        </MMD>
      </s:Body>
    </s:Envelope>

    and used custom binding as in config file?

     <system.serviceModel>
                           
            <client>
              <endpoint address="https://someendpoint"
                  binding="customBinding" bindingConfiguration="MDSoapBinding"
                  contract="ServiceMF.MDPortType" name="MD" behaviorConfiguration ="NewBehavior" >
                <identity>
                  <dns value="TEST"/>
                </identity> 
              </endpoint >          
            </client>
                      
          <bindings>             
            <customBinding>
              <binding name="MDSoapBinding">            
                <textMessageEncoding messageVersion="Soap11WSAddressing10"/>
                <security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"  enableUnsecuredResponse="true">
                  <secureConversationBootstrap/>                           
                </security>            
                <httpsTransport/>
              </binding>
            </customBinding>
          </bindings>
                
          <behaviors>        
            <endpointBehaviors>
              <behavior name="NewBehavior">
                <clientCredentials>
                  <clientCertificate x509FindType ="FindByThumbprint" findValue ="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" storeLocation ="CurrentUser" storeName ="My"/>
                  <serviceCertificate>                
                    <authentication certificateValidationMode="PeerOrChainTrust"/>
                    <defaultCertificate x509FindType ="FindByThumbprint" findValue ="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" storeLocation ="CurrentUser" storeName ="My"/>
                  </serviceCertificate>
                </clientCredentials>
              </behavior>
            </endpointBehaviors>              
          </behaviors>
          
        
        </system.serviceModel>

    what's wrong why i cannot see the ws security in soap header?.


    • Edited by Dofish Tuesday, December 17, 2013 4:18 AM
    Tuesday, December 17, 2013 4:17 AM
  • Hi,

    Maybe you can create your own custom header as following:

    public class SoapSecurityHeader : MessageHeader
        {
            private readonly string _password, _username, _nonce;
            private readonly DateTime _createdDate;
    
            public SoapSecurityHeader(string id, string username, string password, string nonce)
            {
                _password = password;
                _username = username;
                _nonce = nonce;
                _createdDate = DateTime.Now;
                this.Id = id;
            }
    
            public string Id { get; set; }
    
            public override string Name
            {
                get { return "Security"; }
            }
    
            public override string Namespace
            {
                get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
            }
    
            protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", Name, Namespace);
                writer.WriteXmlnsAttribute("wsse", Namespace);
            }
    
            protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", "UsernameToken", Namespace);
                writer.WriteAttributeString("Id", "UsernameToken-10");
                writer.WriteAttributeString("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
    
                writer.WriteStartElement("wsse", "Username", Namespace);
                writer.WriteValue(_username);
                writer.WriteEndElement();
    
                writer.WriteStartElement("wsse", "Password", Namespace);
                writer.WriteAttributeString("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                writer.WriteValue(_password);
                writer.WriteEndElement();
    
                writer.WriteStartElement("wsse", "Nonce", Namespace);
                writer.WriteAttributeString("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
                writer.WriteValue(_nonce);
                writer.WriteEndElement();
    
                writer.WriteStartElement("wsse", "Created", Namespace);
                writer.WriteValue(_createdDate.ToString("YYYY-MM-DDThh:mm:ss"));
                writer.WriteEndElement();
    
                writer.WriteEndElement();
            }
        }

    and to how to use the header you got it from this link.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, December 19, 2013 9:24 AM
    Moderator
  • Hi Amy,

    Actually am trying X509 Credential Certificate.

    I added in the app configuration as custom binding.

    Finally I cannot see above XML in my SOAP Header?.

     <system.serviceModel>            
            <client>
              <endpoint address="https://myendpoint"
                  binding="customBinding" bindingConfiguration="MDS"
                  contract="ServiceMF.MDPortType" name="MD" behaviorConfiguration ="NewBehavior" >
                <identity>
                  <dns value="TEST"/>
                </identity> 
              </endpoint >          
            </client>
                      
          <bindings>             
            <customBinding>
              <binding name="MDS">
                <textMessageEncoding messageVersion="Soap12"/>
                <security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"  enableUnsecuredResponse="true">
                  <secureConversationBootstrap/>                           
                </security>            
                <httpsTransport/>
              </binding>
            </customBinding>
          </bindings>
                
          <behaviors>        
            <endpointBehaviors>
              <behavior name="NewBehavior">
                <clientCredentials>
                  <clientCertificate x509FindType ="FindByThumbprint" findValue ="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" storeLocation ="CurrentUser" storeName ="My"/>
                  <serviceCertificate>                
                    <authentication certificateValidationMode="None"/>
                    <defaultCertificate x509FindType ="FindByThumbprint" findValue ="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" storeLocation ="CurrentUser" storeName ="My"/>
                  </serviceCertificate>
                </clientCredentials>
              </behavior>
            </endpointBehaviors>              
          </behaviors>
        
        </system.serviceModel>

    Please advise.

    Thanks.




    • Edited by Dofish Monday, December 30, 2013 6:42 AM
    Monday, December 30, 2013 6:39 AM