Reputation: 3410
How do I remove WSS-Password Type requirement in WCF Service?
I built a WCF service with basicHttpBinding with the binding configuration as shown below
<basicHttpBinding>
<binding name="basicHttpBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"/>
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
When I host this service on IIS add this in SoapUI for testing, it forces me to set WSS-Password Type as PasswordText.
The consumer of this service uses some tool to access service methods claim, they can't supply password type in their tool or language. (out of topic).
So, I have tried various ways setting security mode as None, Message but nothing worked.
I need to receive user name and password so non-authenticated requests are not the requirements here.
<behavior name="customBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="CustomServices.Library.UserValidator, CustomServices"/>
</serviceCredentials>
</behavior>
How do I host this service to accept user name and password but not password-type as a requirement?
Upvotes: 1
Views: 1645
Answers (1)
Reputation: 2345
SOAP UI properties seem to simply construct the same SOAP elements which you can write by hand. For instance, after adding a header my whole test message would look like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>john1</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tem:GetData>
<tem:value>123</tem:value>
</tem:GetData>
</soapenv:Body>
</soapenv:Envelope>
The Security header passes all the user credentials in the above example.
I presume that it's a basic functionality to send messages in the SOAP format when dealing with WCF-services and your client can easily tap into it, can't they?
Upvotes: 1
Related Questions
- How to set password type "PasswordText" in the WSSE Security Header with WCF
- set WCF security to windows authentication
- How to disable credentials input for HTTPS call to my WCF hosted in windows service
- WCF Client with WS-Security
- WCF security: user name, password and one more parameter
- How to put a password on a WCF Service?
- WCF security, username password without certificate
- How do you set a username / password on a WCF Client using configuration?
- WCF Service, Windows Authentication
- How do I get a WCF service's WSDL to say that it requires basic authentication?