2

I am getting errors when trying to add a reference to a Web Service in Visual Studio 2010. The Web Service is implemented in Java using the JAX-WS/Metro/GlassFish stack and contains a UsernameToken policy. Here's an excerpt from the WSDL:

<wsp:Policy
        xmlns:wsp="http://www.w3.org/ns/ws-policy"
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
        wsu:Id="UsernameToken">
    <sp:SupportingTokens>
        <wsp:Policy>
            <sp:UsernameToken sp:IncludeToken=".../IncludeToken/AlwaysToRecipient" />
        </wsp:Policy>
    </sp:SupportingTokens>
</wsp:Policy>

When I try to add a service reference to this web service in Visual Studio, I get the following warnings:

Custom tool warning:
  The following Policy Assertions were not Imported:
  XPath://wsdl:definitions[@targetNamespace='http://archfirst.org/bfoms/tradingservice.wsdl']/wsdl:binding[@name='TradingWebServicePortBinding']
  Assertions:
    <sp:SupportingTokens xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'>..</sp:SupportingTokens>

Custom tool warning:
  Endpoint 'TradingWebServicePort' at address 'http://localhost:8080/bfoms-javaee/TradingService'
  is not compatible with Silverlight 4. Skipping...

Custom tool warning:
  No endpoints compatible with Silverlight 4 were found. The generated client
  class will not be usable unless endpoint information is provided via the
  constructor.

Why is Visual Studio not able to import the assertion?

P.S. I was able to import and test the web service using the SoapUI tool.

Naresh
  • 23,937
  • 33
  • 132
  • 204

1 Answers1

3

WCF by default only supports username token over secured transport = HTTPS (or with message security provided by certificates but message security is not supported by Silverlight at all). There is a way to build custom binding to allow user name token over unsecured transport but allowInsecureTransport is probably not supported by Silverlight 4 (I also didn't find it when creating custom binding).

WCF also does not support username token with digested password. If you need username token with digested password you have to implement additional part of WCF security pipeline. Again it can be problem with limited feature set of Silverlight.

You can try to create proxy service in your hosting application. This service will be called by Silverlight application and it will call Java service.

Community
  • 1
  • 1
Ladislav Mrnka
  • 360,892
  • 59
  • 660
  • 670
  • Thanks Ladislav. Since I have control over the server, I can change it to whatever I want. What is the easiest WS-I based authentication mechanism that is supported by the Silverlight client? My only requirement on the Java side is to authenticate the calling user and determine their username. It would be great if you could also refer me to link that explains how to set it up on the Silverlight side. Thanks. – Naresh Feb 06 '11 at 14:14
  • Just wanted to add that I was trying to avoid HTTPS because I did not want the headache of setting up the certificates. However, if that effort is less than trying to make authentication work in Silverlight, then I am ready to go that route. – Naresh Feb 06 '11 at 14:33
  • 1
    @Naresh: I think that you should try to use HTTPS. It will hopefully work. – Ladislav Mrnka Feb 06 '11 at 14:38
  • After bunch of experiments on both the Java server side and the Silverlight client, I have come to the conclusion that going HTTPS is going to be horribly complex - to implement and maintain. It is probably worth the effort for a production app, but I am doing a proof-of-concept in which the web service is an insignificant part. So I am now looking for a solution that is simple enough to get me going. May be just the basicHttpBinding (over HTTP) that I have working already and add couple of soap headers for username and password. Again since it's a POC, it doesn't have to be secure. Thoughts? – Naresh Feb 07 '11 at 14:52