Reputation: 2914
BinarySecurityToken with wcf
I've successfully tested connecting to a SOAP service using SoapUI (5.1.2), and now I need to generate the soap requests from a C# application.
I added a keystore to SoapUI, where the certificate is stored, and the security configuration from SoapUI is fairly straighforward...
And here is a working sample request (details removed)
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:typ="url.removed">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
wsu:Id="X509-08AC5A2756F38141D814355761534501"> <!-- data removed --></wsse:BinarySecurityToken>
<ds:Signature Id="SIG-08AC5A2756F38141D814355761534824"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="soap typ" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
</ds:SignedInfo>
<ds:SignatureValue><!-- data removed --></ds:SignatureValue>
<ds:KeyInfo Id="KI-08AC5A2756F38141D814355761534752">
<wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"
wsu:Id="STR-08AC5A2756F38141D814355761534763"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#X509-08AC5A2756F38141D814355761534501"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<typ:SoapDataRequest>
<header>
<dataremoved />
</header>
<bodyremoved />
</typ:SoapDataRequest>
</soap:Body>
</soap:Envelope>
I'm trying to programmatically create the bindings/configuration required, I already have the web reference imported into my project, just need to select the right combination from the myriad of options in wcf to get this working. If I don't provide the SSL cert required, it is an obvious error, so I know I'm fetching the certificate correctly from cert store (as opposed to *.pfx file from soupUI), but eveything else fails with "Policy Falsified", which is a security mismatch as far as I can see.
Upvotes: 3
Views: 5763
Answers (1)
Reputation: 2914
I followed the instructions here to get it working for me :
http://www.codeproject.com/Tips/672063/Calling-a-service-with-oasis-header-in-Csharp
using Soap 1.2 and not Soap 1.1
Upvotes: 1
Related Questions
- BinarySecurityToken in log
- How to make WCF client sign SecurityTokenReference:Reference
- How to Include a Security Token to the SOAP Request?
- ClientMessageInspector add BinarySecurityToken and Signature
- WCF - Cannot find a token authenticator for X509SecurityToken
- Secure WCF via X.509 certificate with BinarySecurityToken
- How do i sign a BinarySecurityToken in soap message
- Accepting both UsernameToken and BinarySecurityToken in WCF customBinding
- WCF Client Verifying BinarySecurityToken in response
- How to implement a Security token in a WCF soap response?