CODEWITHSUNDEEP
wcfwsdlws-securitysvcutil.exewse
UNeverNo
UNeverNo

Reputation: 583

Importing wsdl using svcutil fails for security config

I try to access a java-webservice which uses ws-security (wsse). I tried to consume it using svcutil:

svcutil *.wsdl *.xsd /language:C# /tcv:Version35

This works well, but I get an error importing this block in wsdl-file

<wsp:Policy wsu:Id="myServiceRequestResponseSoapBindingPolicy" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken11/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

saying

An unsupported security policy assertion was detected

So this gets ignored.

As you may expect communicating with the service returns an error saying "unauthorized". The information I got from the webservice owner pointed out that my message contains no WSSecurity-part.

I found this thread svcutil getting stuck on usernameToken Policy but the policy seems to differ because I don't have any certificate. So I don't get anywhere on this path.

I installed WSE3 cos I had the impression I'd need it for something, but I'm quite unsure now if this is the case and how this needs to interact with my wcf-client.

Any suggestions appreciated, thank you.

Upvotes: 2

Views: 1626

Answers (2)

UNeverNo
UNeverNo

Reputation: 583

Googling for wcf and usernametoken brought me to this solution - it's so easy if you get the right search words...

http://weblog.west-wind.com/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication

Upvotes: 0

Yaron Naveh
Yaron Naveh

Reputation: 24396

Don't worry about that warning, the WSDL section is not relevant (you can even remove it). What you should have is a sample working SOAP request from a wroking client (e.g. Java) or from a sample of the vendor, with the security in it. Then you can configure your binding to support it. Just from the WSDL section you published you might want to try basicHttpBinding with security mode of TransportWithMessageCredential.

Upvotes: 0

Related Questions