All geek questions in one place

The security processor could not find the security header in the message.

In my many trials to debug this

Exception: `System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security`

How to debug an error exception

I'm not sure that is why my answer says: "Rejected by the policy from the client", This is just a hunch if this could be due to the additional junk mail that is in the soap header. My code generated a soap header that looks like

 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1" u:Id="_3"/> <a:MessageID u:Id="_4">urn:uuid:9659b138-7fc0-4bb6-8c0a-bae00336ba78</a:MessageID> <a:ReplyTo u:Id="_5"> <a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address> </a:ReplyTo> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"> uIDPo/RnkzjA3fBPjgXUnYt8J3IAAAAAoMwUVXqfw0yigCfFtptf4RNq4s3l6eJLuuLNNdxRoH4ACQAA </VsDebuggerCausalityData> <a:To s:mustUnderstand="1" u:Id="_6">https://service100.emedny.org:9047/MHService</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:BinarySecurityToken u:Id="uuid-8d1465b7-c0fd-4137-9361-d0a818286435-53" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> <!--Removed--> </o:BinarySecurityToken> <o:BinarySecurityToken u:Id="uuid-8d1465b7-c0fd-4137-9361-d0a818286435-52" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> <!--Removed--> </o:BinarySecurityToken> </o:Security> </s:Header> ... </s:Envelope>

This is a sample soap request for a supplier.

 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3"> <soapenv:Header> <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken> <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>

This is additional material that generates client code.

 <a:Action s:mustUnderstand="1" u:Id="_3"/> <a:MessageID u:Id="_4">urn:uuid:9659b138-7fc0-4bb6-8c0a-bae00336ba78</a:MessageID> <a:ReplyTo u:Id="_5"> <a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address> </a:ReplyTo> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"> uIDPo/RnkzjA3fBPjgXUnYt8J3IAAAAAoMwUVXqfw0yigCfFtptf4RNq4s3l6eJLuuLNNdxRoH4ACQAA </VsDebuggerCausalityData> <a:To s:mustUnderstand="1" u:Id="_6">https://service100.emedny.org:9047/MHService</a:To>

How can i remove this?

Internet recommends using Imessageinspector and custombehviour

  public class CustomMessageInspector : IClientMessageInspector { #region IClientMessageInspector Members public void AfterReceiveReply(ref System.ServiceModel.Channels.Message reply, object correlationState) { } public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel) { request.Headers.RemoveAll("Action", "http://schemas.xmlsoap.org/ws/2004/08/addressing"); request.Headers.RemoveAll("MessageID", "http://schemas.xmlsoap.org/ws/2004/08/addressing"); request.Headers.RemoveAll("ReplyTo", "http://schemas.xmlsoap.org/ws/2004/08/addressing"); request.Headers.RemoveAll("To", "http://schemas.xmlsoap.org/ws/2004/08/addressing"); return null; } #endregion } public class CustomBehavior : IEndpointBehavior { <--removed some more classes--> public void ApplyClientBehavior(ServiceEndpoint serviceEndpoint, System.ServiceModel.Dispatcher.ClientRuntime behavior) { //Add the inspector behavior.MessageInspectors.Add(new CustomMessageInspector()); } }

then finally in the proxyclient call

 MHSClient proxy = new MHSClient(GetCustomBinding(), new EndpointAddress(new Uri("https://service100.emedny.org:9047/MHService"), EndpointIdentity.CreateDnsIdentity("DPMedsHistory")); proxy.Endpoint.EndpointBehaviors.Add(new CustomBehavior()); private static Custombinding GetCustomBinding() { var b = new CustomBinding(); var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10); sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters()); sec.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters()); sec.MessageSecurityVersion = MessageSecurityVersion. WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10; sec.IncludeTimestamp = false; sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign; TextMessageEncodingBindingElement textEncBE = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); HttpsTransportBindingElement httpsBE = new HttpsTransportBindingElement(); CustomBinding myBinding = new CustomBinding(); myBinding.Elements.Add(sec); myBinding.Elements.Add(textEncBE); myBinding.Elements.Add(httpsBE); return myBinding; }

This does not work or rather gives me an error:

No parts of the signature message were specified for messages with action '.

+4
source share

No one has answered this question yet.

See similar questions:

or similar:

Source: https://habr.com/ru/post/1481010/

More articles:


All Articles