WCF Client for Axis2/Rampart Webservice using WS security without client certificate

Question

I´m just facing some problems setting up a WCF(.NET 4.0) webservice to call an Axis2 Rampart webservice. I´m new to WCF and i didn´t find a tutorial wich completly fits this special scenario. Here are the facts:

The webservice i have to call is an Axis2 Ramart service. The Client i need to build uses WCF/.NET 4.0. The Webservice uses SOAP 1.1 and WS-Security (Messagesecurity).

WS-Securtity should work like this:

The server provides a certificate with the public key. The client generates a secret symmetric key. The client encrypts this secret key with the servers public key. This encrypted key is written into the Soap-header. The client encrypts the body of the Soap request with the secret key. (In fact the dodumentation I got from the webservice provider says that the body is encrypted with the servers public key, but in the sample request they provide, the encryption method is stated as aes128-cbc wich is a symmetric key AFAIK)

So this is what i have to do. What i have done so far was to try some custom bindings from several tutorials. But all samples I found uses server AND CLIENT-certificates and I didn´t managed to adjust these bindings in a way that works for me.

So here is a sample-request that shows how the request should look like:

<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <xenc:EncryptedKey Id="EncKeyId-Cl6B57CC684EEpm8E6E61WBp3421878712">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">D99lKi5jizWOxThG6yZXw6llwq4FdM=</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
                <xenc:CipherData>
                    <xenc:CipherValue>Ab5i63RFNPNXcoEn6PqflaoPjsUI3E5EZh668621xkMcEDz9Jcm204A5Ecn8WQamxKX7UYEG8gPwn66X+pOj0DiWD4ShKVJIOD5gCliobcGgjVB1Uihj8Xk5MGesi8atuy9RFA=</xenc:CipherValue>
                </xenc:CipherData>
            </xenc:EncryptedKey>
            <wsc:DerivedKeyToken xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-1">
                <wsse:SecurityTokenReference>
                    <wsse:Reference URI="#EncKeyId-Cl6B57CC684EEpm8E6E61WBp3421878712" 
                    ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
                </wsse:SecurityTokenReference>
                <wsc:Offset>0</wsc:Offset>
                <wsc:Length>16</wsc:Length>
                <wsc:Nonce>wQ9oyLHKjKRx6Dlm04RaL5Q==</wsc:Nonce>
            </wsc:DerivedKeyToken>
            <xenc:ReferenceList>
                <xenc:DataReference URI="#EncDataId-2" />
            </xenc:ReferenceList>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-15079889">
        <xenc:EncryptedData Id="EncDataId-2" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <wsse:Reference URI="#derivedKeyId-1" />
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>
                    +Tx9+XL7QqFVZKCr5wEhyOBENlCfHm0y1y5yWwnIk2kHNoO3IFFJj2rSQdt7HiqfcU6XxAVn3eVJKmmuN+rPYISoJstl8EnStaEIqSTuUyTUrgchx5Zxor47TOknXXjo3dYhTKHqvsx8SX70GG3M+bJS/Q1CWDlWzidKWxORo8D02iVcQdu00dnw7SHWYwyzzhduQbsozyzcAER5cYnQuuUPOcBusivq/L0xDOVTFaGr9/vvPGo+yk2bN0nBLeikk0uSJr7Z/IqGL+Dqg5BA0f+8X8sxFQpRQmtSoXtvhs2bGy8v1MPkCYKPmajSR/XwMaQB2zxR6vKsGA7ODH9+ocqO+rbPOYWpRz+czogOUo5s+OYIwX9u+99NmC5zuSjvK5bwJzWWrJ0h31OM0KeTkc7rxTIm8QMR5ytBNnCtU9QXQeAMbBdwGok330rq5ZH9bN4TdBg9Qhzs8CGGpjMYZaQ9ApTt6vkGK0i9gtdXdvY1fVZpsPcU67MYvkXJARQMpwj9Z3ZDVscdiPIxvfHyBkT8Ta21mDlYRidxanr87CrLB6HyiEyhD1XKwpTZ7OpNja6UOzfGNOJx07SbgGF+ozDBaC7zs691L4iawDioXagUZSkQ9UgwaqycSh3YYa5+RYuPka1Z0z2cmdAaFnEtoZAaSftGj8k=
                </xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soapenv:Body>
</soapenv:Envelope>

Perhaps someone could tell me how I can accomplish this, or where I can find some tutorials.

Thank you in advance.

This is the Resposne I get after I´ve implementet the Custom Binding and the Messsage-Encoder:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
            <wsc:DerivedKeyToken xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-159">
                <wsse:SecurityTokenReference>
                    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">Aef7igYIlyWYa9XrbSYSt9Lh5Q4=</wsse:KeyIdentifier>
                </wsse:SecurityTokenReference>
                <wsc:Offset>0</wsc:Offset>
                <wsc:Length>16</wsc:Length>
                <wsc:Nonce>Ub30ogcNT6p7ZkH+qXFclw==</wsc:Nonce>
            </wsc:DerivedKeyToken>
            <wsc:DerivedKeyToken xmlns:wsc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-159">
                <wsse:SecurityTokenReference>
                    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">">Aef7igYIlyWYa9XrbSYSt9Lh5Q4=</wsse:KeyIdentifier>
                </wsse:SecurityTokenReference>
                <wsc:Offset>0</wsc:Offset>
                <wsc:Length>16</wsc:Length>
                <wsc:Nonce>Ub30ogcNT6p7ZkH+qXFclw==</wsc:Nonce>
            </wsc:DerivedKeyToken>
            <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:DataReference URI="#EncDataId-160"/>
            </xenc:ReferenceList>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1046510178">
        <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-160" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <wsse:Reference URI="#derivedKeyId-159"/>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
            <xenc:CipherData>
                <xenc:CipherValue>zQUBHBX2nMTfL5gxXseNqqE5goAFSPQEd2D1RAsUZi+L64gqYfdQQIg//hWhw0Ed9gGFxLX8/ocq
svVX7oVTN4YkCF9LdLmY1y7/SmbDMyjKjzhxvQ5Bz2mu1EzWBtWRjAYGnMtLTJCCWEK0ZeqKGXDi
rqcHMwJYK4vGKeizAl/BMN2dLqp4gANSHB7kryGYiK4C2NncYwpbbws/It6Lm2RPuUenFW+2VCaC
OW8YdCMMfveEvO+18+BaApxS2ShckTbip9nbpDzVvGw4gFw/70xAupMkkUEGJPdBnb6ce9qC/jQm
MeBL4FSenEJbqR1qSU5xh6rD7m6Vqug5mEP7c2Tk/mPSFVlZ88TXV2S31NB+3PDAXxyZss9aftBl
L+q+m8oP/hqse9Oju8MaztP/gBQDSKuTBLWgMPvwluEZmnPnpItZX9CFOVGDaaWlnoN1Lgc6iKk/
8xDC95t87++NesK6Zqa+J15qGm4MozFBe5pS75wARrGA34USnHytNNJGyidx15wQgNrT9gxTlypQ
BU3830rWiWAsrFwzSQBC20TcNb0ofscNJqVhwmRnMHz75Gbn70jyGTM0W27PFYfq/xfJ3MCe/pov
Dqn647j2Ixvj/Rik02HJdUUm/cdmRxawWQVUvmxPbPNNOjCoccwOWxf623zXpD3DdV8U/5+jDite
eQnrpaU4griXc7jq85OIoghf++cShAK+tx5t8BjLaD1rBF3ni5Eqt2xbMoZ6cfzr314PxmffyjHM
rCzSMU4cw0BndzJrV2r0aKTEPxVRPIQur8ztEtIYCRWloceS4N2YKkdRm/W7TWBsIa+HOCpq9Rpr
bu0KLP54tBBTO5hzjIsjYn7JzfohYk5aDN/8ZsQqgsO0LhWu/9qj8j2fY+yC4W9i7m+/bLvuYSbO
Tm7B0vV5s79uG4Xi/ONM7O1NR/C1HSEddQnr0/zdDxJcJsxwAmyryILmLynaZyxeFYz5ueqQuNCZ
MTRvKdEfw2+Tt7l3lUSZ/WqPcAz2UFA7kdASk2esmQjVZjvvdLQfan7xHffU1Ga5nmafuXrCZR81
k+1OYs64oy14qFor0e3DXlyeUOPC67iEP92lBQl7hz4v9I0afSmEhmc3iR/XoYTgliP2QhkeEw11
gSGa9u6oLfQfGZVsDV6meL51kkM+FRKq8Y2QjJjSyVFUzQXmg0lAySjlTjVeYZbRCSleCSqk+tIJ
XIcsdkY9PSVxdWOiqXQcQlrae1Wj34Xf+h6NpNuIt/TSKxd896b0ACzz8ouHUvI/Wyk5Rz/Rmvzi
g/cGK9YnX8VGV2hpUzsVZLByUoWvMH+hv9ep1syQiA5EiIu+paTS92CW1i2x39pnKeMrYhI6Ug==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soapenv:Body>
</soapenv:Envelope>

And This is the ReadMessage-Function of My MessageEncoder (I know it´s not the best way to parse Xml). It removes one of the two derived keys:

public override Message ReadMessage(ArraySegment<byte> buffer, BufferManager bufferManager, string contentType)
        {

            var msg = innerEncoder.ReadMessage(buffer, bufferManager, contentType);
            var xml = msg.ToString();

            var msgbuffer = msg.CreateBufferedCopy( int.MaxValue );
            msg = msgbuffer.CreateMessage();

            MemoryStream stream = new MemoryStream();
            XmlDictionaryWriter xmlWriter = XmlDictionaryWriter.CreateBinaryWriter(stream);
            msg.WriteMessage(xmlWriter);
            xmlWriter.Flush();
            stream.Position = 0;

            XmlDictionaryReader xmlReader = XmlDictionaryReader.CreateBinaryReader(stream, XmlDictionaryReaderQuotas.Max);
            XmlDocument doc = new XmlDocument();
            doc.Load(xmlReader);

            XmlNode security = null;

            XmlNode derivdeKey = null;
            foreach (XmlNode xnode in doc.DocumentElement.FirstChild.ChildNodes)
            {
                if (xnode.LocalName == "Security")
                    foreach (XmlNode node in xnode.ChildNodes)
                    {
                        security = node;
                        if(node.LocalName == "DerivedKeyToken")
                        {

                        }
                        if(derivdeKey != null)
                        {
                            XmlNode pnode = node.ParentNode;
                            pnode.RemoveChild( node );
                        }
                        else
                        {
                            derivdeKey = node;
                        }
                    }
            }

            Stream memStream = new MemoryStream();
            xmlWriter = XmlDictionaryWriter.CreateBinaryWriter( memStream );
            doc.WriteTo(xmlWriter);
            xmlWriter.Flush();
            memStream.Position = 0;

            xmlReader = XmlDictionaryReader.CreateBinaryReader(memStream, XmlDictionaryReaderQuotas.Max);
            Message newMessage = Message.CreateMessage(xmlReader, 10240, msg.Version);
            xml = newMessage.ToString();


            return newMessage;
        }

I`m wondering about how the Message is shown as string (newMessage.ToString()) because the body is shon was ...stream....

The Problem is that I get the followingError-message:

System.ServiceModel.Security.MessageSecurityException : The 'Body', 'http://schemas.xmlsoap.org/soap/envelope/' required message part  was not signed.

So I stripped of the Security node as descriped here http://webservices20.blogspot.de/2012/04/when-enableunsecuredrespose-requires.html.

This is the stripped resonse:

<?xml version="1.0" encoding="utf-16"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body wsu:Id="Id-1532543044" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData Id="EncDataId-586" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"></xenc:EncryptionMethod><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#derivedKeyId-585"></wsse:Reference></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>APZ9aATpcMu5qU6PdoKeTLjAblJP/uLZAzX8imgSSfvaZGGeI8prg9JNTEOjZ1SAeuWxod/ZV4pb
3OeY3b1IWxxhG5WWGxu51WAAehGBmiyFYOzJwbpR5cOHUc7aRBm7hkeqr/1RlcYDlAk4Y+G1URgv
0K2nzqfDR3m7ydZSVoa3aSWWzmhjMTnJnPyQ060fDXiU7/k0tI12danfv+tUcBAlvfssTTEB33bH
RXTjobJDuW3lEbbQBN+KD9SUu02GvFF4Vs31pSf1YxHIzMuf3Q2njz58oY0kmDRvR6+n9IIUQVgK
5+iJOx9E5pY7xzmEf5LpbiTt2RSuxmt2+nkin+wxF94hkgW/N6TwmbbjybN2TY3IyZ2PgdzobCj9
sG9UAwAE1peDvIpiXhgXyojU7eRnAfJKE4HrxEjs9GKdgA4SG3rsM7t/JAeiThqe4GZCvrKwnTHS
OZSz8wplTEV7VfALj5TvwK8DqOP4Qsk1F6pml/IQg0YSUJGQmuxZzTiM3ABRzf21/BUj9j3mlo7R
/QFhNnEAhHTLoJIW1fhKYrhT7vk6rMLlZtP7iyE63MEp4cghvSk9OZDauUBoUAkKwv9N2TSOBe3W
N0fVIpLg+gNmu8s1Myzl9MEDpqQFvJbG2+hTjREo9cyvfJdKLjZVpWVoaaghiZrOFwUWJsIGCyuy
aW+eF1wFP6WgXixmvX/mdkEqCyU29+DAlIb5yIABgIxNk4MSJP/9+cSZ7L6EOVJc9khsMgw1aGe9
k3QbIeM7WLXcHNnWFE+PuqORg7OvvG+jqFGyfGlGaE85lbD2+0ONTmxU3MwNhg9ngZLheiIzxxty
3R2KXDMkDEQpWJ7cIi2QSvwu0XZ/Ku5hwW8fXbUgHTClpAQbwu3HqeeHv2BkhrUbPbx3pRpu6B4L
tyGO4vfp/vlnPyT0xS5O99KX6iKpDDS3zqC9j0cheJIqIvixNvrLd/KrpQJ8nc7+B/29h444y/3I
jooRtDmtNuG2T3b4QB2oec7FS+ufXUJIEgPWtE6iPMZxMqiL1z64eL0sg2xO4QXWwoGzMCZHP89y
ibhjhsKDTffz/s4cgRgzRWAQSNlLpuvzDeHjbNUnXIz3C1NnQOBV0LF5KpCuyYeIfQDbJQpyTre1
q5KMTGHq4ksG2zSpgNNouS279WmlGOmuawLW28VxRBlW92K//l16yJglEcKbqlRuxzM0gcw1BG/O
9sp25te+Ad68Vo2dyELZYstIRhSnV2j2J6UyZd1WC1rBWHiu3gDvKgeCNtgUbeHKfm0RVo9ZBVbi
vHQWAL57hOBERoXK5MkhwqlsYZzOHzkoVyxok+UspcmVy1MQccOcB6y5xbuqt6zR+iFuKyZVGQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body></soapenv:Envelope>

Now the Service finishes without errors, but the result-object is null. -> example:

result = testserviceproxy.testservicefunction(); result is null;

score 0 · Accepted Answer · answered Aug 17 '13 at 13:45

0

This binding is the closest you could get with ootb wcf:

        <customBinding>
            <binding name="NewBinding0">
                <textMessageEncoding messageVersion="Soap11" />
                <security defaultAlgorithmSuite="Basic128Rsa15" authenticationMode="AnonymousForCertificate"
                    includeTimestamp="false" messageProtectionOrder="EncryptBeforeSign">
                    <secureConversationBootstrap />
                </security>
                <httpTransport />
            </binding>
        </customBinding>

It produces a very similar XML with one different: It also adds a digital signature. There is no way to directly tell WCF not to add a signature. Most chances are this will not be a problem for you to send the message as is (with signature). If this is a problem you could implement a WCF custom message encoder to manually remove the signature element (and also the one out of two derived keys which is used specifically for signature).

answered Aug 17 '13 at 13:45

Yaron Naveh

23,560
32
103
158

Thanks for your Answer. Ijust tried to call the service with the your binding. But now I got an "System.ServiceModel.FaultException : Unexpected signature". I think that means that the service doesn´t accept the signature WCF adds to the request (as you hace mentioned). Is there any tutorial how to use a message encoder to adapt the Soap header? – Jan M. Aug 18 '13 at 18:56
here is a sample of a custom encoder. you need to overide WriteMessage, load it to xml (as in the sample), remove the nodes via DOM, and write the bytes back to network. http://msdn.microsoft.com/en-us/library/ms751486.aspx – Yaron Naveh Aug 19 '13 at 15:07
Hi Yaron and thank you again. I tried to use the MessageEncoder from the sample. The Problem is here, that the message isnt´t encrypted at this point. It looks like the message I´ve posted below (in my Answer). If i remove the Encoder the Binding builds an encrypted Soap-Request as you descriped it but with the Signature. So I don´t know how to write an Encoder wich encrypts the message first. – Jan M. Aug 20 '13 at 13:38
Ok I think the Problem might be that I add the CustomMEssageEncoder in the wrong way. How can I add the Encoder to the Binding defined in the Config File? – Jan M. Aug 20 '13 at 13:49
just follow the example. the message must be encrypted already when you write it (assuming encryption has been defined) since the encoder role is to send the message over the network and there is no option to encrypt it after. – Yaron Naveh Aug 20 '13 at 14:01
Hi Yaron you´re right the Encoder works. I just had to add an inner Encoder wich is an instance of the TextMessageEncoder to provide the native writeMessage-Function before editing the Soap-Message. Now I managed to send a request. Problem is that my WCF-Client can´t handle the response. I get the following error: – Jan M. Aug 21 '13 at 13:43
"Cannot read the token from the 'DerivedKeyToken' element with the 'http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512' namespace for BinarySecretSecurityToken, with a '' ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified." Do you have any suggestions on this? I just went throug your blog wich is very nice for learning how to solve wcf problems, but I didn´t find an answer for this. Thanks for your help so far. – Jan M. Aug 21 '13 at 13:44
please publish the response message – Yaron Naveh Aug 21 '13 at 14:46
Hi Yaron i published the response in an other answer. – Jan M. Aug 22 '13 at 07:21
Ok now I fixed this Problem to get the next one. I set the messageSecurityVersion to "WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12". The next error was that the derivedKeyToken occurde twice. So i removed one of it. Now I´m getting this Error: System.ServiceModel.Security.MessageSecurityException : Message security verification failed. ----> System.FormatException : Invalid format for encrypted body. – Jan M. Aug 22 '13 at 08:50
try to build a wcf service with a similar configuration to that of the client. then compare the response of that service to the one the real service generates. this will help understand the gaps. – Yaron Naveh Aug 22 '13 at 13:53
Hi I think I solved this. It might be caused by the adjustment of the XML by XmlWriter Class. Now I use XmlDictionaryWriter.CreateBinaryWriter to create a Writer. But now I´m getting the next Error Message: The 'Body', 'http://schemas.xmlsoap.org/soap/envelope/' required message part was not signed. – Jan M. Aug 22 '13 at 14:01
I just added the response and teh code of the Message-Encoder ReadMessage-Function to my initial question. – Jan M. Aug 22 '13 at 14:10
Hi Yaron, before I´ll have a try to set up a WCF server, I would just have a try to fix this problem by adapting the response to be valid. I read your blog and tried to remove the whole security node as descripted here http://webservices20.blogspot.de/2012/04/when-enableunsecuredrespose-requires.html (I´m not sure if this really matches my needs). As a result the service finishes but the deserialized result-object is null. At this point I´m really confused. The Problem is that I´m completly new to WCF and webservices in general, I think half the things I know about WCF is from your Block. – Jan M. Aug 23 '13 at 12:03
Hi Jan, this got a little complciated to follow because I'm not sure what has been changed. This is why I suggested to work methodically and set up a server. If you were able to change the message in a way that WCF sercurity does not throw anything and this is just a deserialization issue, this is good news. Most probably you have changed a namespace of element name. You need to compare (or publish here) your message (after you have stripped relevant security) – Yaron Naveh Aug 23 '13 at 12:08
and a working message (without security, you can get it from WCF message logs or by temporarly cancelling security in both sieds and using Fiddler). Then we can compare to see if there is a namespace issue. – Yaron Naveh Aug 23 '13 at 12:08
Hi Yaron thanks again, your answers realy helped me to come a step closer to the solution of my problem. I´m not sure if I it is really a deserialysation-problem, it is just a guess because the service finished working without errors but the result-object is null. I know that the sources that i posted might be incomplete. i need to post more of it and I´ll do that later on but because the service and it´s proxy classes are very large and I don´t know if I´m allowed to post the original one, so I have to abstact it a little bit to get a handy example. I´ll work on it... – Jan M. Aug 23 '13 at 12:21
...but first I post the stripped reponse to my initial question. – Jan M. Aug 23 '13 at 12:23
Hi again, do you know where WCF stores the secret symmetric key (aes) wich it has generated to enrcypt the message? With this information I could try to decrypt it on my own. – Jan M. Aug 29 '13 at 08:01
it is in-memory, somewhere deep in an object heirarchy... not sure you have access to it – Yaron Naveh Aug 29 '13 at 14:28
OK, another Question. Can I use a policy.xml to adjust wcf security? – Jan M. Sep 02 '13 at 07:58
not sure what is policy.xml. anyway if you configure the binding you could do anything that a policy could do (a policy would internally translate to a binding) so not sure a policy would help. – Yaron Naveh Sep 02 '13 at 17:00

WCF Client for Axis2/Rampart Webservice using WS security without client certificate

1 Answers1