2

I try to access a java-webservice which uses ws-security (wsse). I tried to consume it using svcutil:

svcutil *.wsdl *.xsd /language:C# /tcv:Version35

This works well, but I get an error importing this block in wsdl-file

<wsp:Policy wsu:Id="myServiceRequestResponseSoapBindingPolicy" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken11/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

saying

An unsupported security policy assertion was detected

So this gets ignored.

As you may expect communicating with the service returns an error saying "unauthorized". The information I got from the webservice owner pointed out that my message contains no WSSecurity-part.

I found this thread svcutil getting stuck on usernameToken Policy but the policy seems to differ because I don't have any certificate. So I don't get anywhere on this path.

I installed WSE3 cos I had the impression I'd need it for something, but I'm quite unsure now if this is the case and how this needs to interact with my wcf-client.

Any suggestions appreciated, thank you.

Community
  • 1
  • 1
UNeverNo
  • 549
  • 3
  • 8
  • 29

2 Answers2

0

Don't worry about that warning, the WSDL section is not relevant (you can even remove it). What you should have is a sample working SOAP request from a wroking client (e.g. Java) or from a sample of the vendor, with the security in it. Then you can configure your binding to support it. Just from the WSDL section you published you might want to try basicHttpBinding with security mode of TransportWithMessageCredential.

Yaron Naveh
  • 23,560
  • 32
  • 103
  • 158
  • As I wrote this doesn't work for me. If I pass the right username and password to the function I get 'unauthorized' and there doesn't seem to be a WSS-part in my SOAP-message. I don't know how to fix that. – UNeverNo Jul 18 '14 at 11:59
  • Hi - do you have a sample working soap provided by the service vendor? possibly user/pass is not enough, or they require specific wss:Created or wss:Nonce tags. Once you have such soap (you can try to get it with soapUI too) I'm sure we can find the right WCF config. Also, just maybe, the full policy tag in the WSDL contains more data, If you want you can mail it to me (yaronn01@gmail.com) – Yaron Naveh Jul 18 '14 at 16:12
  • I'm trying to get a complete SOAP. For now they just provided xsd/wsdl and user/password. And no, unfortunately there is no more data inside policy. – UNeverNo Jul 21 '14 at 05:35
  • Can you advice me how to get a valid soap using soapUI? I downloaded the basic version. – UNeverNo Jul 21 '14 at 07:18
  • The best way to get a valid soap is to ask for it from the service vendor. Can you ask them for one? If not, but they have a sample working client, you can use Fiddler to see what ti sends. I was suggesting soapUI since maybe the service vendor is using it and has a sample configuration. The last resort is if you have the full policy in the WSDL (which you have not published) but it is harder. – Yaron Naveh Jul 21 '14 at 08:19
0

Googling for wcf and usernametoken brought me to this solution - it's so easy if you get the right search words...

http://weblog.west-wind.com/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication

UNeverNo
  • 549
  • 3
  • 8
  • 29