All geek questions in one place

WCF username and password in SOAP header

I am trying to get the WCF client to call a web service with the security information provided in the SOAP request header as follows.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ah_etas_order="http://types.defra.gov.uk/ahw/eartagging/order" xmlns:ah_common="http://types.defra.gov.uk/ahw/common/complextypes" xmlns:ah_assettype="http://types.defra.gov.uk/ahw/asset" xmlns:ah_ref_data_sets="http://types.defra.gov.uk/ahw/common/referencedatasets" xmlns:ah_custtype="http://types.defra.gov.uk/ahw/customer" xmlns:m5="http://types.defra.gov.uk/bs7666" xmlns:m6="http://www.govtalk.gov.uk/people/bs7666" xmlns:m7="http://types.defra.gov.uk/ahw/common/derivedtypes" xmlns:ah_etas_type="http://types.defra.gov.uk/ahw/eartagging"> <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Security soap:role="system" soap:mustUnderstand="true"> <wsse:UsernameToken> <wsse:Username>username here</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password here</wsse:Password> </wsse:UsernameToken> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body>...</SOAP-ENV:Body> </SOAP-ENV:Envelope>

I am using Visual Studio 2012 and .NET 4. The docs say that the SOAP messaging version used for CARA services is SOAP 1.2.

I added a link to the service, adding a web.config file with an endpoint and the following custom binding.

 <customBinding> <binding name="ProcessOrderBinding"> <textMessageEncoding messageVersion="Soap12" /> <httpTransport /> </binding> </customBinding>

I tried a lot of different web.config options, but didn't seem to be able to get the correct soap header. Can someone point me in the right direction?

Update:

@Yaron. Here is the soap header using your binding. I added includeTimestamp = false to remove the timestamp.

 <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" /> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"> uIDPoxqYDT0sMwVImscgqVaf7GYAAAAAjin6KftLjkaS2CW99IXxrnWGCjfQnzFFuf4zGaQpeqIACQAA </VsDebuggerCausalityData> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-79885712-d6eb-451c-9483-4df2b68722bd-1"> <o:Username>username here</o:Username> <o:Password>password here</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">...</s:Body> </s:Envelope>

As you can see, the following is missing before the password.

 <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
+4
source share
1 answer

Use this binding:

 <customBinding> <binding name="NewBinding0"> <textMessageEncoding messageVersion="Soap12" /> <security authenticationMode="UserNameOverTransport"> <secureConversationBootstrap /> </security> <httpsTransport /> </binding> </customBinding>

Of course, you also need to provide the proxy user / proxy server:

 proxy.ClientCredentials.Username.Username = "user" proxy.ClientCredentials.Username.Password = "pass"

All of this assumes that you are also using SSL. If you do not, check out the CUB .

+3
source

Source: https://habr.com/ru/post/1482639/

More articles:


All Articles