CODEWITHSUNDEEP
c#.netwcfsoap
user2417907
user2417907

Reputation: 45

WCF Username and Password in SOAP Header

I'm trying to get a WCF client to call a web service with security information provided in the SOAP Header of the request, as follows.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
                    xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                    xmlns:ah_etas_order="http://types.defra.gov.uk/ahw/eartagging/order"
                    xmlns:ah_common="http://types.defra.gov.uk/ahw/common/complextypes" 
                    xmlns:ah_assettype="http://types.defra.gov.uk/ahw/asset"
                    xmlns:ah_ref_data_sets="http://types.defra.gov.uk/ahw/common/referencedatasets"
                    xmlns:ah_custtype="http://types.defra.gov.uk/ahw/customer" 
                    xmlns:m5="http://types.defra.gov.uk/bs7666" 
                    xmlns:m6="http://www.govtalk.gov.uk/people/bs7666" 
                    xmlns:m7="http://types.defra.gov.uk/ahw/common/derivedtypes" 
                    xmlns:ah_etas_type="http://types.defra.gov.uk/ahw/eartagging">
    <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:Security soap:role="system" soap:mustUnderstand="true">
            <wsse:UsernameToken>
                <wsse:Username>username here</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password here</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>...</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

I'm using Visual Studio 2012 and .NET 4. The docs say the version of SOAP messaging used for CARA Services is SOAP 1.2.

I've added a service reference with has added a web.config file with an endpoint and the following custom binding.

<customBinding>
    <binding name="ProcessOrderBinding">
        <textMessageEncoding messageVersion="Soap12" />
        <httpTransport />
    </binding>
</customBinding>

I've tried lots of different web.config options but can't seem to get the correct soap header. Can anyone point me in the right direction?

Update:

@Yaron, Here is the soap header using your binding. I've added a includeTimestamp=false to remove the timestamp.

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">
            uIDPoxqYDT0sMwVImscgqVaf7GYAAAAAjin6KftLjkaS2CW99IXxrnWGCjfQnzFFuf4zGaQpeqIACQAA
        </VsDebuggerCausalityData>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:UsernameToken u:Id="uuid-79885712-d6eb-451c-9483-4df2b68722bd-1">
                <o:Username>username here</o:Username>
                <o:Password>password here</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">...</s:Body>
</s:Envelope>

As you can see it's missing the following before the password.

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">

Upvotes: 4

Views: 7523

Answers (1)

Yaron Naveh
Yaron Naveh

Reputation: 24396

Use this binding:

<customBinding>
    <binding name="NewBinding0">
        <textMessageEncoding messageVersion="Soap12" />
        <security authenticationMode="UserNameOverTransport">
            <secureConversationBootstrap />
        </security>
        <httpsTransport />
    </binding>
</customBinding>

Of course you also need to supply user/pass on the proxy:

proxy.ClientCredentials.Username.Username = "user"
proxy.ClientCredentials.Username.Password = "pass"

All this assumes you also use SSL. If you don't then check out CUB.

Upvotes: 3

Related Questions