soapUI With WCF Message Security

Question

I am trying to configure my WCF (.NET 4.0) service so that it can be tested using soapUI. I am using wsHttpBinding with message security. My goal is to expose the service on a public test endpoint and try to load-test it with loadUI which uses soapUI tests. For this to work the endpoint needs to be secure and since my production endpoint will use message security I figure my test one should also use it in order to achieve close to production load test results.

I can't seem to be able to configure soapUI to successfully call the service. I have tried a number of combinations of signing and encrypting input and output with the client and server certificate. Has anybody managed to achieve a successful message security configuration of WCF and soapUI?

The following are exerpts from my configuration:

Binding:

  <wsHttpBinding>

            <binding name="MessageSecurity">
                <security mode="Message">
                    <message clientCredentialType="Certificate" negotiateServiceCredential="false"/>
                </security>
            </binding>

        </wsHttpBinding>

Behavior

    <behaviors>
        <serviceBehaviors>
            <behavior name="customBehavior">
                <serviceMetadata httpGetEnabled="True"/>
                <serviceDebug includeExceptionDetailInFaults="True"/>

                <serviceCredentials>
                    <clientCertificate>
                        <authentication certificateValidationMode="PeerTrust"/>
                    </clientCertificate>
                    <serviceCertificate findValue="MyWebServicesCertificate" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>

        <endpointBehaviors>
            <behavior name="webHttp">
                <webHttp/>
            </behavior>
        </endpointBehaviors>

    </behaviors>
</system.serviceModel>

Service:

            <service behaviorConfiguration="customBehavior" name="MyService">

            <!-- Service Endpoint -->
            <endpoint name="Production" address="" binding="wsHttpBinding" bindingConfiguration="MessageSecurity" contract="IMyService">

                <identity>
                    <dns value="web_services_svr"/>
                </identity>
            </endpoint>




            <host>
                <baseAddresses>
                    <add baseAddress="http://web_services_svr/MyService.svc" />
                </baseAddresses>
            </host>

        </service>

What is exactly the error you get from SOAPUI trying to connect? — kroonwijk, Sep 18 '11 at 20:30
Try calling the service from the console application. capture the request and response using fiddler and verify. — taher chhabrawala, Jul 13 '12 at 18:32

score 1 · Answer 1 · answered Apr 08 '12 at 20:39

1

set negotiateServiceCredential to false and also establishSecuritySession to false.

after this interoperability is possible. If you add ProtectionLecel.Sign on your contracts (e.g. do not encrypt) it is even easier.

answered Apr 08 '12 at 20:39

Yaron Naveh

23,560
32
103
158

+1: That is a good suggestion, but it still does not want to work. After I set `negotiateServiceCredential` and `establishSecuritySession` to false, there is another error in the WCF trace logs - "There was no channel that could accept the message with action 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue'." – VoodooChild Nov 18 '12 at 21:24
if you set both to false then in soapui also there is no need in any kind of security – Yaron Naveh Nov 19 '12 at 12:19

score 1 · Answer 2 · answered Oct 12 '13 at 03:03

You might want to check for few things.

1) Set negotiateServiceCredential="false"

<wsHttpBinding>
   <binding name="wsHttpSecure">
      <security mode="Message">
         <message clientCredentialType="UserName" negotiateServiceCredential="false"    
                  establishSecurityContext="false" algorithmSuite="Default" />
      </security>
   </binding>
</wsHttpBinding>

2) Also make sure in SOAP UI you check mark "Add default WSA To"

Check this link http://ddkonline.blogspot.com.br/2012/10/wcf-45-host-unreachable-when-calling.html

3) For passing client certificate check following link

http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html

I hope that helps.

score 0 · Answer 3 · answered Apr 05 '12 at 11:11

0

There is an issue with SoapUI in a network where there is a web proxy. You must configure the proxy settings in SoapUI to get this to work, assuming there was no other problem.

answered Apr 05 '12 at 11:11

Sentinel

3,582
1
30
44

score 0 · Answer 4 · answered Jan 14 '13 at 19:34

Try making the call using firefox plugin or curl. If you can get the call running successfuly using any tool, try to copy the request and run it from soapUI. If the call works using any other tool, it should work as well in soapUI unless you making soap/tcp call

score 0 · Answer 5 · answered Feb 13 '12 at 18:10

0

Had the same problem.

Eventually gave up and took the security out - WCF : soapUI error "BadContextToken"

answered Feb 13 '12 at 18:10

rbrayb

46,440
34
114
174

soapUI With WCF Message Security

5 Answers5