Remove Timestamp from WSSE Security Header C# ASMX/WCF Service

Question

I have added a Java WSDL in my project as Web Reference. I am consuming it to call a service on an endpoint. I have added a WebMethod in an ASMX file and calling the service there. The requirement is to use WSE Security and sign the request with X509 Certificate.

Unfortunately, the Timestamp is creating issues and I am getting the response " An error was discovered processing the header". The Same request works from SoapUI if I remove the TimeStamp element from it. This is how the request look like

Here is the code which creates the Security elements

  //Set WSSE Security
  svc.RequestSoapContext.Security.Timestamp.TtlInSeconds = 300;
  svc.RequestSoapContext.Security.MustUnderstand = true;
  svc.RequestSoapContext.Security.Tokens.Add(newtoken);
  Microsoft.Web.Services3.Security.MessageSignature signature = new Microsoft.Web.Services3.Security.MessageSignature(newtoken);
  signature.SignatureOptions = Microsoft.Web.Services3.Security.SignatureOptions.IncludeSoapBody;            
  svc.RequestSoapContext.Security.Elements.Add(signature);

===============

USING WCF

The problem persists even if I do it using WCF. As soon as I add IncludeTimestamp = false; the request is not getting sent and setting it to true is able to create request.

Here is the WCF Code -

        //Create Endpoint
        EndpointAddress address = new EndpointAddress((istest == true ? CHORUS_UFB_EMMA : CHORUS_UFB_PROD));

        //Add Certificate to EndPoint Service
        X509Certificate2 cert = new X509Certificate2(@"Certificate Path", "Password", X509KeyStorageFlags.PersistKeySet);

        //Setup custom binding with HTTPS + Body Signing + Soap1.1
        CustomBinding binding = new CustomBinding();

        //HTTPS Transport
        HttpsTransportBindingElement transport = new HttpsTransportBindingElement();

        //Set Security Binding as Transport
        TransportSecurityBindingElement tsec = SecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConvers‌​ation13WSSecurityPol‌​icy12BasicSecurityPr‌​ofile10);
        tsec.EnableUnsecuredResponse = true;
        tsec.AllowInsecureTransport = true;
        tsec.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
        tsec.LocalServiceSettings.DetectReplays = false;
        tsec.LocalClientSettings.DetectReplays = false;
        tsec.IncludeTimestamp = false;
        tsec.SetKeyDerivation(false);
        tsec.EndpointSupportingTokenParameters.Signed.Add(new SecureConversationSecurityTokenParameters());

        //Setup for SOAP 11 and UTF8 Encoding
        TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);

        //Bind in order (Security layer, message layer, transport layer)
        binding.Elements.Add(tsec);
        binding.Elements.Add(textMessageEncoding);
        binding.Elements.Add(transport);

Here is the generated request using above code Any help on this would be appreciated.

Answer 1

This could potentially be caused by time differences between your client and the web server where the service you are calling is hosted.

Double check if the time on both servers match and are in sync. Times might need to be within 5 minute window.