3

I need to add to my message something like this:

  <soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="unt_Z1k4LnxEmBzzKuPP">
        <wsse:Username>user</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">iNs+LF1iwwPU2AMer8uU6NKY9tfzgYqMTaP3mIEgoK0=</wsse:Nonce>
        <wsu:Created>2012-04-22T11:57:30Z</wsu:Created>
      </wsse:UsernameToken>
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsu:Created>2012-04-22T11:57:30Z</wsu:Created>
        <wsu:Expires>2012-04-22T11:58:30Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </soap:Header>

I'm calling a web service which return a 500 error response which basically means it cannot authenticate I guess cause I'm missing these information from the message, even I have an authentication header on the message. Can this be happening?

How can I add the WS-Security header in the message and add all these info in code? I added the service using Add Web Reference in Visual Studio.

Thank you.

George Taskos
  • 8,324
  • 18
  • 82
  • 147

1 Answers1

2

The most elegant solution is an obsolete solution regarding making the class llibrary that I use to make calls from .NET 3.5 to .NET 2.0, installing WSE 3.0, hacking into some VS config files to make the add-in work and enabling the class library project as WSE Enabled project.

Update Web Reference makes two proxy classes (e.g. Myservice and MyServiceWse),. One inherits from SoapHttpClient, which is the default for WCF proxy generation and latest inherits from WebServicesClientProtocol.

The latest is what you need to call old ASMX Web Services using the WS-Security headers.

The rest is so easy:

MyServiceWse client = new MyServiceWse();

        UsernameToken token = new UsernameToken(userName, password, PasswordOption.SendPlainText); // or what service specs rquired, other than plaintext.

        client.RequestSoapContext.Security.Tokens.Add(token);
        client.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;

        client.YourMethod();

So simple for an obsolete API which Microsoft is not included after VS 2005 and you need to play with Stream and string manipulation catching the message before serialize, after serialization, using extensions and stuff...

If you have a solution for this using Add Reference and not the old Add Web Reference and WSE to make a simple call with WS-Security header, UsernameToken, TimeStamp Created, Expired etc.

Please let me know.

P.S. Find the solution over this question and answer with some useful links.

Consuming non-asmx SOAP 1.1 Web Service in C# with Header Security

Community
  • 1
  • 1
George Taskos
  • 8,324
  • 18
  • 82
  • 147
  • 1
    +1 thanks Taskos. Supplemental link http://msdn.microsoft.com/en-us/library/ms819938.aspx - Microsoft's official line: edit generated source =( There's WSE v3.0 available here http://www.microsoft.com/en-gb/download/details.aspx?id=14089 – earcam Dec 28 '12 at 09:33