5

Is it possible to create a WebService using JAX-WS, that whould then be consumed by a WCF client using such a binding?

<bindings>
        <basicHttpBinding>
            <binding name="CaseObjectServicePortBinding" >
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="TransportWithMessageCredential">
                    <transport clientCredentialType="Certificate"/>
                    <message clientCredentialType="Certificate" />
                </security>
            </binding>

        </basicHttpBinding>
    </bindings>

I created such a service without WSIT for now, just a plain service and wanted to just ignore the "Security" header in incoming SOAP message. But it fails with:

"Could not establish secure channel for SSL/TLS with authority 'xxxxxxxxxx'."

If I change:

<security mode="TransportWithMessageCredential">
                    <transport clientCredentialType="Certificate"/>
                    <message clientCredentialType="Certificate" />
                </security>

to:

<security mode="Transport">
                    <transport clientCredentialType="Certificate"/>
                    <message clientCredentialType="Certificate" />
                </security>

everything works flawlessly. Any ideas what am I doing wrong?

Ladislav Mrnka
  • 360,892
  • 59
  • 660
  • 670
Adalbert27
  • 73
  • 4

3 Answers3

0

This happened on the step of initiating the request; the TLS exception pops out to you because the certificate set on the client is not trusted. Use a certificate with the common destination name, if you are using the service on public use the domain name else use the destination IP address as a common name and it will work just fine .

PS: Use the 'basichttps' binding in case you want to proceed with the https content type 'text/xml' soap 11 the the default from jaxws

Dessus
  • 2,147
  • 1
  • 14
  • 24
Issam
  • 1
0

The answer is yes. You can use BasicHttpBinding or WsHttpBinding

The error was occurred because when you use TransportWithMessageCredential, the WCF client will impose additional security to your message sent through the wire, which is interoperable only to WCF service.

Once you changed it to Transport, only transport security( SSL using certificate) is applied , so that why both client and service can understand how to communicate with each other.

Cheers.

Toan Nguyen
  • 11,263
  • 5
  • 43
  • 59
0

When defining security as TransportWithMessageCredential you say: I want a service which will communicate over secured transport channel (HTTPS) and I want to pass client credentials in SOAP header.

If you define Certificate credential type in message element you say: The SOAP header will transport client credentials as x.509 Certificate token profile. It is interoperable format which requires WS-Security on the service.

If you define Certifiate credential type in transport element you say: I want mutual SSL authentication. I'm actually not sure if this is used if you define TransportWithMessageCredential

Ladislav Mrnka
  • 360,892
  • 59
  • 660
  • 670