0

After looking around the forums and the internet in general, I was unable to find anything that answered my problem, so I have resorted to placing my question here.

Firstly, sorry if this has already had an answer supplied.

My problem is this. I have an existing C# WCF service hosting in IIS and secured by an SSL. This is working code and is currently in our Live, UAT, Test and Development environments.

I have been asked to use SoapUI for testing firstly on existing services and any new services that we are about to build.

So far, I have created the project by supplying the WDSL, setup the keystore with the SSL cert, created an outgoing and incoming WS-Sec config.

When in the request, I have created a basic authorization using the defined outgoing and incoming configs created above.

After clicking on the submit button, I get the following response.

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"   ns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
  <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
  <a:RelatesTo>uuid:89964641-b66d-42c7-b40a-bdd3b7acdddf</a:RelatesTo>
</s:Header>
<s:Body>
  <s:Fault>
     <s:Code>
        <s:Value>s:Sender</s:Value>
        <s:Subcode>
           <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
        </s:Subcode>
     </s:Code>
     <s:Reason>
        <s:Text xml:lang="en-GB">An error occurred when verifying security for the message.</s:Text>
     </s:Reason>
  </s:Fault>
</s:Body>
</s:Envelope>

I did see an article that inferred that I should switch the 'Enable WS_A addressing' switch off. I did this, but this just caused the submit request to timeout.

I have checked that the service is running by viewing the WSDL from the IIS server and also using the application to call the service and all is OK.

I am sure that I missed a simple step, so would be grateful for any help.

Thanks

gilesrpa
  • 969
  • 1
  • 12
  • 35
  • I have just tried adding the following line '-Dsun.security.ssl.allowUnsafeRenegotiation=true' to the vmoptions file in SoapUI to no avail. – gilesrpa Apr 12 '16 at 11:43
  • Please see if [this](http://stackoverflow.com/questions/24099136/wcf-authentication-an-error-occurred-when-verifying-security-for-the-message) helps. – Rao Apr 12 '16 at 11:43
  • Thanks Rao, but it is not a code issue as the service is working perfectly when the code is called from c# code. I am trying to get the WCF service to work within the SoapUI environment. The service is called by SoapUI, but the security is not allowing the call through. – gilesrpa Apr 12 '16 at 11:46
  • Ok. How about [this](http://stackoverflow.com/questions/3765212/an-error-occurred-when-verifying-security-for-the-message)? – Rao Apr 12 '16 at 11:48
  • Sorry still not working – gilesrpa Apr 12 '16 at 12:06
  • I will try and explain where I am at now – gilesrpa Apr 12 '16 at 12:47
  • Came across this article: http://stackoverflow.com/questions/3765212/an-error-occurred-when-verifying-security-for-the-message – gilesrpa Apr 12 '16 at 12:47
  • I used Sam's Comments about adding the serviceSecurityAudit section to the web.config file and I finally got an error – gilesrpa Apr 12 '16 at 12:53
  • The error logged is: – gilesrpa Apr 12 '16 at 12:54
  • The description for Event ID 4 from source ServiceModel Audit 4.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. – gilesrpa Apr 12 '16 at 12:54
  • The following information was included with the event: http://localhost:57978/WCFService.svc http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security. The locale specific resource for the desired message is not present – gilesrpa Apr 12 '16 at 12:54

1 Answers1

0

After looking around, I have started to use WCF Storm which does appear to work with WCF using SSL.

gilesrpa
  • 969
  • 1
  • 12
  • 35