0

I am trying to consume a soap service that uses ws-security, the project runs fine in the soap UI, but at the code level I cannot receive the request, I have used WCF but it has worked, here is an example of the consumption:

WCF CONSUME

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/>
</startup>
    <system.serviceModel>
        <bindings>
            <customBinding>
            <binding name="ServicioMotorPortSoapBinding">
                <textMessageEncoding messageVersion="Soap11"/>
                <security authenticationMode="UserNameOverTransport" enableUnsecuredResponse="true" allowSerializedSigningTokenOnReply="true"
                          messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                          includeTimestamp="false">
                </security>
                <httpsTransport />
            </binding>
            </customBinding>
        </bindings>
        <client>
            <endpoint address="https://demo-servicesesb.datacredito.com.co:443/wss/DecisorWS/services/MotorService"
                binding="customBinding" bindingConfiguration="ServicioMotorPortSoapBinding"
                contract="dataCreditoGYF.MotorService" name="ServicioMotorPort.dmz.https" 
                      >
                <identity>
                    <dns value="demo-servicesesb.datacredito.com.co"/>
                </identity>
            </endpoint>
        </client>
</configuration>

//Using Binding on code
var myBinding = new CustomBinding("ServicioMotorPortSoapBinding");
            var endPoint = new EndpointAddress(new Uri(url), EndpointIdentity.CreateDnsIdentity("wtst03.girosyfinanzas.com"));
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            //ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

            MotorServiceClient objeto = new MotorServiceClient(myBinding, endPoint);
            //objeto.ChannelFactory.Open();
            objeto.ClientCredentials.UserName.UserName = "2-860006797";
            objeto.ClientCredentials.UserName.Password = "Giros123";
            //Obtengo Certificado del cliente
            objeto.ClientCredentials.ClientCertificate.SetCertificate(
                StoreLocation.CurrentUser,
                StoreName.My,
                X509FindType.FindBySubjectName,
                "wtst03.girosyfinanzas.com");
                objeto.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
                    StoreLocation.CurrentUser,
                    StoreName.My,
                    X509FindType.FindBySubjectName,
                    "wtst03.girosyfinanzas.com");
                objeto.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;

            solicitud soapRequest = new solicitud();
            executeStrategyRequest some_ = new executeStrategyRequest();
// I fill the body using object soapRequest.

            some_.solicitud = soapRequest;
//I make the request
var x = objeto.executeStrategy(some_.solicitud);

After do the request I got an error could not establish trust relationship for the ssl/tls secure channel, can anyone, tell what's it's missing?, or if i can use other tool for the consume.

brayan milian
  • 69
  • 1
  • 7

1 Answers1

0

This error may be because it is self-signed, or there is a hostname mismatch between the certificate and the server.

If the certificate is self-signed, you can add it to your CA store. If not, you can try to manually trust it by navigating the endpoint with a browser and looking for a copy of the certificate provided by the endpoint.

You could try adding a handler to the ServicePointManager's ServerCertificateValidationCallback on the client side. But this is for testing purposes only, as the client will skip SSL/TLS security checks.

System.Net.ServicePointManager.ServerCertificateValidationCallback +=
    (se, cert, chain, sslerror) =>
        {
            return true;
        };

Useful links:
Could not establish trust relationship for SSL/TLS secure channel -- SOAP
How to solve "Could not establish trust relationship for the SSL/TLS secure channel with authority"

Lan Huang
  • 613
  • 2
  • 5