Reputation: 6020
Missing security headers in FaultException
I'm using a custom binding in my service and client which basically looks like this:
public class UserNameWsTrustBinding : Binding
{
public override BindingElementCollection CreateBindingElements()
{
var coll = new BindingElementCollection();
coll.Add(CreateSecurityBindingElement());
coll.Add(new TextMessageEncodingBindingElement());
coll.Add(new HttpsTransportBindingElement());
return coll;
}
private SecurityBindingElement CreateSecurityBindingElement()
{
var elem = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
elem.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
return elem;
}
}
This binding works prety well. Except for FaultExceptions which I throw e.g. when validating the user's credentials.
I throw non-generic FaultExceptions like this; nothing special I think:
throw new FaultException(new FaultReason("Blah blah"), new FaultCode("Code42"));
WCF then takes care of putting these faults into a SOAP envelope. The problem is, that there don't get security headers (namely a WS-Security timestamp) baked in:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
<a:RelatesTo>urn:uuid:ff1f54d7-53a0-4650-b967-03a75def5fa4</a:RelatesTo>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode><s:Value>Code42</s:Value></s:Subcode>
</s:Code>
<s:Reason><s:Text>Blah blah</s:Text></s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
When the client application receives this response it complains about it with the following error message:
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
This is not surprising, since there is no security header included. I can then get the FaultException from the MessageSecurity's InnerException. It works, but it doesn't feel good.
What is really surprising, however, is that unhandled exceptions that are not caught in my server code get wrapped in a FaultException automatically. And these FaultExceptions have a security header!
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher/fault</a:Action>
<a:RelatesTo>urn:uuid:0baffa8b-07ee-4feb-bc44-7e2c7ae85c22</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2022-07-11T13:41:22.007Z</u:Created>
<u:Expires>2022-07-11T13:46:22.007Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Receiver</s:Value>
<s:Subcode><s:Value xmlns:a="http://schemas.microsoft.com/net/2005/12/windowscommunicationfoundation/dispatcher">a:InternalServiceFault</s:Value></s:Subcode>
</s:Code>
<s:Reason><s:Text>The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the %lt;serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.</s:Text></s:Reason>
</s:Fault>
</s:Body>
</s:Envelope>
So, long story short: What am I doing wrong? Or in other words: What do I have to do to make my self-thrown FaultExceptions include a timestamp as well?
Upvotes: 0
Views: 542
Answers (0)
Related Questions
- WCF Error - Security processor was unable to find a security header in the message
- Unable to add WS-Security header to request built from web reference
- Use wsse security header in soap message (Visual Studio 2015, .Net Framework 4.5)
- WCF service - security in SOAP header
- C# Webservice error: Message security verification failed
- No WS-Security header found
- WSIT does not understand SOAP Security header after request with custom security header
- WS SOAP Security Header Error
- C# .NET 4.0 WCF MessageSecurityException, "Security header is empty." when consuming a service
- WCF Security processor was unable to find a security header in the message