How to turn off SecureConversationToken in WCF web service
Asked Answered
S

1

1

I have a WCF web service with WS-* security and I need to write a Java client for it using WSS4J API. But, as it turns out WSS4J does not support the <SecurityContextToken> and <DerivedKeyToken> tags, which are specific to WS-SecureConversation.

is there a way to turn it off via code or better, via web.config?

UPDATE:

Service definition:

      <service name="my.service" 
           behaviorConfiguration="SecureTransport">
    <endpoint 
      address="mex" 
      binding="mexHttpBinding" 
      contract="IMetadataExchange" />
    <endpoint 
      contract="my.interface" 
      binding="wsHttpBinding" 
      bindingConfiguration="UsernameAndPassword"/>
  </service>

Behaviour and Bindings:

<behaviors>
  <serviceBehaviors>
    <behavior name="SecureTransport">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true"/>
      <serviceCredentials>
        <userNameAuthentication   userNamePasswordValidationMode="Custom"
                                  customUserNamePasswordValidatorType="example.API.Security.CustomUserNameValidator, APISecurity" />
        <serviceCertificate findValue="CN=Example" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectDistinguishedName" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="UsernameAndPassword">
      <security mode="Message">
        <message clientCredentialType="UserName" />            
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
Subtilize answered 18/12, 2011 at 13:30 Comment(2)
What is your current WCF config (binding)?Hylozoism
I've updated the post with the wcf configurations.Subtilize
H
0

Just turn security context and probably also negotiation in your binding configuration:

<bindings>
  <wsHttpBinding>
    <binding name="UsernameAndPassword">
      <security mode="Message">
        <message clientCredentialType="UserName" establishSecurityContext="false"
                 negotiateServiceCredential="false" />            
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
Hylozoism answered 21/12, 2011 at 20:26 Comment(1)
Thanks, I'll try it and if it works I'll come back here and mark your answer :)Subtilize

© 2022 - 2024 — McMap. All rights reserved.