CODEWITHSUNDEEP
javac#.netwcfws-security
JsCoder
JsCoder

Reputation: 1733

Calling Java SOAP 1.1 Service by WCF Client

Why a SOAP1.1 Web Service written in JAVA may not recognize a valid cert passed by WCF client?

We are getting 500 error from the service indicating that the service doesn't trust our cert. Can it be something to do with the WCF implementation of SOAP standard differing from what Java service expects to see?

Here's the WCF config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>

    <behaviors>
      <endpointBehaviors>
        <behavior name="ourCert">
          <clientCredentials>
            <clientCertificate x509FindType="FindBySubjectName" findValue="MyCompany"/>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>

    <bindings>
      <customBinding>
        <binding name="wsHttpSoap11" >
          <textMessageEncoding messageVersion="Soap11" />
          <httpsTransport requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>

    <client>
      <endpoint address="https://{site}.com/site.wsdl"
                binding="customBinding"
                behaviorConfiguration="ourCert"
                bindingConfiguration="wsHttpSoap11"
                contract="ServiceContract">
      </endpoint>
    </client>

  </system.serviceModel>

  <system.net>
    <defaultProxy useDefaultCredentials="true" />
  </system.net>

</configuration>

Upvotes: 1

Views: 1016

Answers (1)

Yaron Naveh
Yaron Naveh

Reputation: 24426

The certificate is validated against a trust chain so the generating framework is not relevant. Also note you use a transport level certificate so SOAP is less likely to be the source of error.

I suggest you do the following:

  1. Build a working java client to this service (either generate a certificate using openssl or use the one you have if it's in jks format). Verify the client is working.
  2. Convert the jks certificate to pfx and use it with a WCF client. The WCF client should now also be working.

If WCF still fails than compare the outgoing SOAP generated by the java and wcf clients (you can use fiddler to capture it). This might hint on other differences (maybe you actually need a message certificate and not transport, maybe your soap version is mismatched, etc).

Upvotes: 1

Related Questions