none
.Net client Metro service Encryption Policy verification error

    Question

  • I develop a .Net wcf service to connect to a Metro java Service. I get this error message from the server. What does it mean?

     

    3e4

    <?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To><Action xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/fault</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:878b15fc-c4ca-4d58-876b-f1204cb658c8</MessageID><RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:586a24c5-010a-4462-b64e-748520e5067a</RelatesTo></S:Header><S:Body><S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope"><faultcode xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:InvalidSecurity</faultcode><faultstring>com.sun.xml.wss.XWSSecurityException: Encryption Policy verification error: Looking for an Encryption Element  in Security header, but found com.sun.xml.wss.impl.policy.mls.SignaturePolicy@3657517.</faultstring></S:Fault></S:Body></S:Envelope>

    0

     

    I ask the service developer to send me a SOAP header which is createated with a working java clinet. So teh working soap header:

    <?xml version='1.0' encoding='UTF-8'?>

    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#">

        <S:Header>

            <To xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5006">http://localhost:8081/OpenIDM-services-1.7-SNAPSHOT/passwordSyncService</To>

            <Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5005">http://openidm.forgerock.com/xml/ns/public/provisioning/password-1.wsdl/passwordSyncPortType/testRequestInput</Action>

            <ReplyTo xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5004">

                <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>

            </ReplyTo>

            <MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5003">uuid:203aa9ea-eea6-4f96-b0b2-16575411e9a2</MessageID>

            <wsse:Security S:mustUnderstand="1">

                <wsu:Timestamp xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">

                    <wsu:Created>2010-12-22T14:25:10Z</wsu:Created>

                    <wsu:Expires>2010-12-22T14:30:10Z</wsu:Expires>

                </wsu:Timestamp>

                <wsse:BinarySecurityToken xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="uuid_87b326f6-54fe-42d5-a3a5-aea7cb12f66b">MIIDDzCCAnigAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxDjAMBgNVBAMTBVNVTkNBMB4XDTA3MDMxMjEwMjQ0MFoXDTE3MDMwOTEwMjQ0MFowbzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UECxMDU1VOMRowGAYDVQQDExF4d3NzZWN1cml0eWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYxVZKIzVdGMSBkW4bYnV80MV/RgQKV1bf/DoMTX8laMO45P6rlEarxQiOYrgzuYp+snzz2XM0S6o3JGQtXQuzDwcwPkH55bHFwHgtOMzxG4SQ653a5Dzh04nsmJvxvbncNH/XNaWfHaC0JHBEfNCMwRebYocxYM92pq/G5OGyECAwEAAaOB2zCB2DAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/mItfvuFdS7A0GCysE71TFRxP2cwfgYDVR0jBHcwdYAUZ7plxs6VyOOOTSFyojDV0/YYjJWhUqRQME4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMQwwCgYDVQQKEwNTVU4xDDAKBgNVBAsTA0pXUzEOMAwGA1UEAxMFU1VOQ0GCCQDbHkJaq6KijjANBgkqhkiG9w0BAQQFAAOBgQBEnRdcQeMyCYqOHw2jbPOPUlvu07bZe7sI3ly/Qz+4mkrFctqMSupghQtLv9dZcqDOUFLCGMse7+l5MG00VawzsoVe242iXzJB111ePzhhppIPOHXXtflj/JD2U4Qz75C/dfdd5AAZbqGSFtZh7pyE8Ot1vOq7R48/bHuvTsEVUQ==</wsse:BinarySecurityToken>

                <xenc:EncryptedKey xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5002">

                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />

                    <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">

                        <wsse:SecurityTokenReference>

                            <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TzX5OGaS9Ftsw1t+eGyfBmJblWc=</wsse:KeyIdentifier>

                        </wsse:SecurityTokenReference>

                    </ds:KeyInfo>

                    <xenc:CipherData>

                        <xenc:CipherValue>RWtVDB4ntXyh4TpYcNAHJFP9IOwFI8j5tjf5y8+963IXjDV58UcIsjy3IYQ9g1KQtIMXvEByGT6aQy3Xdt/ekWhinuDX/4rAk4prgbvFG4QTuDVhpUFoMtAztSoW4i3uyOpFqZeL6F4HMUD4ZvLtjMrEi/8kiUWIzY72wMIZkWU=</xenc:CipherValue>

                    </xenc:CipherData>

                </xenc:EncryptedKey>

                <xenc:ReferenceList xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope">

                    <xenc:DataReference URI="#_5008" />

                </xenc:ReferenceList>

                <ds:Signature xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1">

                    <ds:SignedInfo>

                        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                            <exc14n:InclusiveNamespaces PrefixList="wsse S" />

                        </ds:CanonicalizationMethod>

                        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />

                        <ds:Reference URI="#_5003">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>q9TWoUKb25xlel3AIA8bFUkl0hw=</ds:DigestValue>

                        </ds:Reference>

                        <ds:Reference URI="#_5004">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>5Ab1ebo4/FraGgck/A8iDx1J9+I=</ds:DigestValue>

                        </ds:Reference>

                        <ds:Reference URI="#_5005">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>ipPKrD6igfYF3tC10tsurnoHSks=</ds:DigestValue>

                        </ds:Reference>

                        <ds:Reference URI="#_5006">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>cMG2PvlZKNLoAWehtNhxruuRl9Y=</ds:DigestValue>

                        </ds:Reference>

                        <ds:Reference URI="#_5007">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>rRhCJKKcNv2gfh+Hpi62wDEirbE=</ds:DigestValue>

                        </ds:Reference>

                        <ds:Reference URI="#_3">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>OUm9PNmaQgH1CQ4JitIqVX5eY+g=</ds:DigestValue>

                        </ds:Reference>

                        <ds:Reference URI="#uuid_87b326f6-54fe-42d5-a3a5-aea7cb12f66b">

                            <ds:Transforms>

                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

                                    <exc14n:InclusiveNamespaces PrefixList="wsu wsse S" />

                                </ds:Transform>

                            </ds:Transforms>

                            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

                            <ds:DigestValue>r5dVsFsteThPivLkpsO+Fme5FIs=</ds:DigestValue>

                        </ds:Reference>

                    </ds:SignedInfo>

                    <ds:SignatureValue>8PrYt+dduqqV2i7tXoaRbPgIEMU=</ds:SignatureValue>

                    <ds:KeyInfo>

                        <wsse:SecurityTokenReference wsu:Id="uuid_ba14a75f-0bee-4ec6-ae77-2646ab277e2f" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">

                            <wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />

                        </wsse:SecurityTokenReference>

                    </ds:KeyInfo>

                </ds:Signature>

            </wsse:Security>

        </S:Header>

        <S:Body wsu:Id="_5007">

            <xenc:EncryptedData xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5008" Type="http://www.w3.org/2001/04/xmlenc#Content">

                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

                <ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="KeyInfoType">

                    <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">

                        <wsse:Reference URI="#_5002" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />

                    </wsse:SecurityTokenReference>

                </ds:KeyInfo>

                <xenc:CipherData>

                    <xenc:CipherValue>+VCg/Fg9BRJi54M/a5Ds+aCJXjETrccKZfzY3Db5Yrsff51l4oLhjIFAQEVZE/066x5/nvAfjzGS4iTbCf05LbmdwUAPjiT4nWP68w85cSNmSy+FUvxfWRWQRDAOwVAT0TNjdOrDOldUkqjLQjEx5/+i3FLaq0GwThn8feheW0iRgb3AhE3YxzM53u132Q594pNgxSUVwqOKVgh+dkrkU7WAyjlLXZI0FsvN2gDeQ6GOzFFfL+MgQNWgPEClkrXFe/jfO21QLNaEpJ2EO14Awg==</xenc:CipherValue>

                </xenc:CipherData>

            </xenc:EncryptedData>

        </S:Body>

    </S:Envelope>

     

     

     

    And my wcf generated soapheader:

     

     

     

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

        <s:Header>

            <a:Action s:mustUnderstand="1" u:Id="_2"/>

            <a:MessageID u:Id="_3">urn:uuid:53d0ee71-2848-44ab-90a3-f6173d86df18</a:MessageID>

            <a:ReplyTo u:Id="_4">

                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>

            </a:ReplyTo>

            <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo2NnPVQV5axFmgNGcEL5MXsAAAAAFKg9LCGjnkehDFkAmUDBpoTnlSMtD/pOkq7+8TLr9gwACQAA</VsDebuggerCausalityData>

            <a:To s:mustUnderstand="1" u:Id="_5">http://localhost:8881/OpenIDM-services-1.7-SNAPSHOT/passwordSyncService</a:To>

            <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                <u:Timestamp u:Id="uuid-6f757e15-e08d-411d-98e4-75260a04ea24-2">

                    <u:Created>2010-12-22T14:18:08.569Z</u:Created>

                    <u:Expires>2010-12-22T14:23:08.569Z</u:Expires>

                </u:Timestamp>

                <e:EncryptedKey Id="uuid-6f757e15-e08d-411d-98e4-75260a04ea24-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#">

                    <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">

                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>

                    </e:EncryptionMethod>

                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

                        <o:SecurityTokenReference>

                            <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TzX5OGaS9Ftsw1t+eGyfBmJblWc=</o:KeyIdentifier>

                        </o:SecurityTokenReference>

                    </KeyInfo>

                    <e:CipherData>

                        <e:CipherValue>II8ONIOUyB9CdysMF2vD6o7d3pLFIeScOXqVgop7qLMcZP1avCBAYrOwDEk3aJIYl2a4ytXNEaU/eg8j/B9R2g7lRB/gvSz5TO7KzYaB9jVB3aBAlJCiDi7YMGbOF4av62tIbfT40A5FQSlijdXHorhYrym+Bc8QgZp8RFYkLTU=</e:CipherValue>

                    </e:CipherData>

                </e:EncryptedKey>

                <o:BinarySecurityToken u:Id="uuid-d23f7d87-7fe0-446c-b89f-fbba2db072ea-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDDzCCAnigAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxDjAMBgNVBAMTBVNVTkNBMB4XDTA3MDMxMjEwMjQ0MFoXDTE3MDMwOTEwMjQ0MFowbzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UECxMDU1VOMRowGAYDVQQDExF4d3NzZWN1cml0eWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYxVZKIzVdGMSBkW4bYnV80MV/RgQKV1bf/DoMTX8laMO45P6rlEarxQiOYrgzuYp+snzz2XM0S6o3JGQtXQuzDwcwPkH55bHFwHgtOMzxG4SQ653a5Dzh04nsmJvxvbncNH/XNaWfHaC0JHBEfNCMwRebYocxYM92pq/G5OGyECAwEAAaOB2zCB2DAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/mItfvuFdS7A0GCysE71TFRxP2cwfgYDVR0jBHcwdYAUZ7plxs6VyOOOTSFyojDV0/YYjJWhUqRQME4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMQwwCgYDVQQKEwNTVU4xDDAKBgNVBAsTA0pXUzEOMAwGA1UEAxMFU1VOQ0GCCQDbHkJaq6KijjANBgkqhkiG9w0BAQQFAAOBgQBEnRdcQeMyCYqOHw2jbPOPUlvu07bZe7sI3ly/Qz+4mkrFctqMSupghQtLv9dZcqDOUFLCGMse7+l5MG00VawzsoVe242iXzJB111ePzhhppIPOHXXtflj/JD2U4Qz75C/dfdd5AAZbqGSFtZh7pyE8Ot1vOq7R48/bHuvTsEVUQ==</o:BinarySecurityToken>

                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

                    <SignedInfo>

                        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>

                        <Reference URI="#_1">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>+A3QPPzQ+Q2n+RnX0B/yEUWf0A0=</DigestValue>

                        </Reference>

                        <Reference URI="#_2">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>5L4J7jQip7T0ZiTWyJtd7T/0Vc4=</DigestValue>

                        </Reference>

                        <Reference URI="#_3">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>48uaOr9fkfXQdoEsnluVsvFvrSk=</DigestValue>

                        </Reference>

                        <Reference URI="#_4">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>l6mMmQ2LE9VFtjaA6Qc4GKBXURw=</DigestValue>

                        </Reference>

                        <Reference URI="#_5">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>rwR69ss23YQsZ7JRWYbZm/ojkxM=</DigestValue>

                        </Reference>

                        <Reference URI="#uuid-6f757e15-e08d-411d-98e4-75260a04ea24-2">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>YKNC2h/ZNyuubPTwdMxL1Uc3H6Q=</DigestValue>

                        </Reference>

                        <Reference URI="#uuid-d23f7d87-7fe0-446c-b89f-fbba2db072ea-1">

                            <Transforms>

                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                            </Transforms>

                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                            <DigestValue>AKDBWEKQAZ62jgSpbC0GrllE8WE=</DigestValue>

                        </Reference>

                    </SignedInfo>

                    <SignatureValue>tF2mVICiJwTS9q6g10/2eSGs4Bk=</SignatureValue>

                    <KeyInfo>

                        <o:SecurityTokenReference>

                            <o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-6f757e15-e08d-411d-98e4-75260a04ea24-1"/>

                        </o:SecurityTokenReference>

                    </KeyInfo>

                </Signature>

                <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">

                    <e:DataReference URI="#_0"/>

                </e:ReferenceList>

            </o:Security>

        </s:Header>

        <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

            <e:EncryptedData Id="_0" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">

                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"></e:EncryptionMethod>

                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

                    <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                        <o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-6f757e15-e08d-411d-98e4-75260a04ea24-1"></o:Reference>

                    </o:SecurityTokenReference>

                </KeyInfo>

                <e:CipherData>

                    <e:CipherValue>snuKwnBRVX6VLsdqU9YLSVFkFpyjm4UNCb0ocdPf2xDTVQB7Rf30pVM0g/X2WYPb+C/bkgK5ykhT5EQAmf7iDmPGJg+1ip9EPIjaFgG/1A/ru3txZmXArpBba7wM+RbG+BmSTg2VqrZ6qygKHcWD4CJQqK1dGHPzi/gBZMoaA+MK/GwlFewJ3ttqc5+PYVto7uIWXJmf9HQjUylSZZAQ+yb+3G1P36j+u3X8JzAk6dt3AxgKmfSeqlz/Xuu/NhS4g1YRacsA+l4/YgNiw5cL+m8K04xb9vnMmG3QUGmpt3p3VyyLy5225VkXfsT3qzMObDbMd2Am5Ox7eqEwqO9xbYp9kkptxPCV6TyO6mIJ7M4ofqxuOqHzoCt4yoB3gSpJVlqoKDWUASVjZZWdwTs7DaiKy4zfbjkI3Uy8d2iG8g2X+E7xGXxMkdZRDSVZQszr</e:CipherValue>

                </e:CipherData>

            </e:EncryptedData>

        </s:Body>

    </s:Envelope>

     

    I try to compare the two string but there is a lot of diffrence to me...

    Please help me.

    Thanks : mikro

     


    Markó Krisztián
    Thursday, December 23, 2010 7:23 AM

Answers

  • your request generally seems ok.

    this is more of a question to the metro forum. from some googlong it seems this might be a metro bug, in which case the server authos should eitehr upgrate to a newer version or change the policy.

    try the following:

    compare the HTTP headers of your request and the working one.

    try to change MessageProtectionOrder in your wcf custom binding.

    also try to get the metro wsdl and publish it here so we will see the policy.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by Yi-Lun Luo Wednesday, December 29, 2010 7:59 AM
    Thursday, December 23, 2010 9:26 PM

  • Hi Markó

    The good news is that I was able to get rid of the strange server fault and get a working response. Use use this binding:

    private static CustomBinding CreateCustomBinding(EndpointAddress address)
            {
                var res = new CustomBinding();

                SymmetricSecurityBindingElement sec =
                    (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(
                        MessageSecurityVersion.
                            WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
                res.Elements.Add(sec);
                sec.SetKeyDerivation(false);
                sec.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
                sec.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;

                sec.EndpointSupportingTokenParameters.Signed.Add(sec.EndpointSupportingTokenParameters.Endorsing[0]);
                sec.EndpointSupportingTokenParameters.Endorsing.Clear();

                sec.EnableUnsecuredResponse = true;            

                //res.Elements.Add(new CustomTextMessageBindingElement());
                res.Elements.Add(new TextMessageEncodingBindingElement() { MessageVersion = 

    MessageVersion.Soap11WSAddressing10});
                res.Elements.Add(new HttpTransportBindingElement());

                return res;
            }

    The bad news is that even though the server returns a good response, wcf fails, probably due to a bug related to empty 

    signature transformation. 

    The other good news is that there is sort of a workaround for this issue as well. You need to implement a custom encoder and 

    decrypt the message from within it. See this blog post for a detailed analyses and code of the solution:



    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by mikro80 Saturday, January 15, 2011 12:15 AM
    Friday, January 14, 2011 8:16 PM

All replies

  • your request generally seems ok.

    this is more of a question to the metro forum. from some googlong it seems this might be a metro bug, in which case the server authos should eitehr upgrate to a newer version or change the policy.

    try the following:

    compare the HTTP headers of your request and the working one.

    try to change MessageProtectionOrder in your wcf custom binding.

    also try to get the metro wsdl and publish it here so we will see the policy.


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by Yi-Lun Luo Wednesday, December 29, 2010 7:59 AM
    Thursday, December 23, 2010 9:26 PM
  • Hi,

    I'm sorry for the late answer but the x-mas, new year etc....

    I contacted the person from the metro side and he try to ublish our problem in the metro forum.

    So but I try to publish the wsdl maybe you look something special: thanks mikro

    http://213.81.163.194:8080/OpenIDM-services-1.7-SNAPSHOT/passwordSyncService?wsdl


    Markó Krisztián
    Monday, January 03, 2011 8:36 AM
  • can I try to send messages to this server?

    which certificate can I use?


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Monday, January 03, 2011 7:04 PM
  • Yes, U can find the certs here: http://213.81.163.194:8080/OpenIDM-services-1.7-SNAPSHOT/xws-security-client.p12

    http://213.81.163.194:8080/OpenIDM-services-1.7-SNAPSHOT/xws-security-server.p12

    Password for certs: changeit

     

    You can use the test method of the service:

     

     

     		// Extract the STS certificate from the certificate store.
                    X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                    store.Open(OpenFlags.ReadOnly);
                    X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySerialNumber, "02"false);
                    store.Close();        



                     EndpointAddress address = new EndpointAddress(new Uri("http://213.81.163.194:8080/OpenIDM-services-1.7-SNAPSHOT/passwordSyncService"),
                                                                EndpointIdentity.CreateX509CertificateIdentity(certs[0]));


                   

                    CustomBinding myCustomBinding = CreateCustomBinding(address);
                   passwordSyncPortTypeClient client = new passwordSyncPortTypeClient(myCustomBinding, address);

                    client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                                     StoreName.My,
                                                                     X509FindType.FindBySerialNumber,
                                                                     "03");
                     

                    TestRequestType trt = new TestRequestType();
                    trt.clientEndpoint = "mikro";
                    trt.password = "wwwww";
                    client.test(trt);
                    client.Close();


    Markó Krisztián
    Monday, January 03, 2011 9:01 PM
  • hi

    I did not forget you - sorry for not getting into this yet. I'll try it in the next week or so.

    do you have any new information?


    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    Sunday, January 09, 2011 8:23 PM
  • Unfortunately I have no more info :( The situation is the same.

     

    Krisztián


    Markó Krisztián
    Sunday, January 09, 2011 9:46 PM

  • Hi Markó

    The good news is that I was able to get rid of the strange server fault and get a working response. Use use this binding:

    private static CustomBinding CreateCustomBinding(EndpointAddress address)
            {
                var res = new CustomBinding();

                SymmetricSecurityBindingElement sec =
                    (SymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(
                        MessageSecurityVersion.
                            WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
                res.Elements.Add(sec);
                sec.SetKeyDerivation(false);
                sec.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
                sec.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;

                sec.EndpointSupportingTokenParameters.Signed.Add(sec.EndpointSupportingTokenParameters.Endorsing[0]);
                sec.EndpointSupportingTokenParameters.Endorsing.Clear();

                sec.EnableUnsecuredResponse = true;            

                //res.Elements.Add(new CustomTextMessageBindingElement());
                res.Elements.Add(new TextMessageEncodingBindingElement() { MessageVersion = 

    MessageVersion.Soap11WSAddressing10});
                res.Elements.Add(new HttpTransportBindingElement());

                return res;
            }

    The bad news is that even though the server returns a good response, wcf fails, probably due to a bug related to empty 

    signature transformation. 

    The other good news is that there is sort of a workaround for this issue as well. You need to implement a custom encoder and 

    decrypt the message from within it. See this blog post for a detailed analyses and code of the solution:



    http://webservices20.blogspot.com/
    WCF Security, Interoperability And Performance Blog
    • Marked as answer by mikro80 Saturday, January 15, 2011 12:15 AM
    Friday, January 14, 2011 8:16 PM
  • Dear Yaron,

    Thanks for your help and your time so much.

    I'll try your workaround next days.

    I'm new at WCF world. So it seems to be a bit difficult to me for first lesson. :) But I'll try to understand your procedure.

    Many thanks again. I'll write when I get off work.

    Krisztian Markó


    Markó Krisztián
    Saturday, January 15, 2011 12:15 AM
  • YESSSSSS!!! It works. Thank you very much yourk work, time and others.

    so thanks again and again.

     

    Krisztian


    Markó Krisztián
    Saturday, January 22, 2011 5:01 PM