CODEWITHSUNDEEP
javaweb-serviceswcf-bindingwcf-securitywcf-client
Nickz
Nickz

Reputation: 1880

Calling a WS-Security Java Web service with C# Client

I'm new at using WCF with secure services.

I'm trying to connect to a java webservice with secure HTTPS transport and it uses WS-Security UsernamePassword Token Authentication.

I've trying to connect with WCF client using the following binding with no luck.

<bindings>
  <wsHttpBinding>
    <binding name="OperationsEndpoint1Binding" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferPoolSize="524288" maxReceivedMessageSize="1015536"
        messageEncoding="Text" textEncoding="utf-8"
        useDefaultWebProxy="true">

      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />

        <security  mode="TransportWithMessageCredential">
          <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
          <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

Does anyone have a solution to connecting to java webservice HTTPS transport and use WS-Security UsernamePassword Token Authentication much appreciated.

Upvotes: 0

Views: 2131

Answers (2)

FabioThorin
FabioThorin

Reputation: 150

I did it using wcf. This worked for me to connect to a WebSphere ssl soap web service with WS-Security Username Token Authentication.

If you can use .NET4.5+, and server supports it, be sure to avoid the default tls1.0 and use tls.1.1 or 1.2.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress, 
                                                                String userName, 
                                                                X509Certificate2 clientCertificate, 
                                                                X509Certificate2 serviceCertificate, 
                                                                Int32 sendTimeoutMinutes){

// Custom Binding 
var myBinding = new CustomBinding
{
    SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0),
};
myBinding.Elements.Clear();

// asymmetric security
var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
mutual.AllowInsecureTransport = true;
mutual.AllowSerializedSigningTokenOnReply = true;
mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
mutual.EnableUnsecuredResponse = true;
mutual.IncludeTimestamp = false;
mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator};
mutual.RequireSignatureConfirmation = false;
mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
mutual.SetKeyDerivation(false);
// Sets in header the certificate that signs the Username
mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
myBinding.Elements.Add(mutual);


var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true };
httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
myBinding.Elements.Add(httpsBindingElement);


var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress);
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
factory.Endpoint.Behaviors.Remove(defaultCredentials);

var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = userName;
clientCredentials.ClientCertificate.Certificate = clientCertificate; 
clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

factory.Endpoint.Behaviors.Add(clientCredentials);

return factory;}

Upvotes: 1

Nickz
Nickz

Reputation: 1880

The solution was not to use WCF. Instead I created a web request something along the lines of Http request to web service in java which worked.

I still haven't found anything in WCF which supports this kinda request.

Upvotes: 0

Related Questions