Connecting to a WSE 3.0 Web Service From a WCF Client

Asked 7/8, 2009 at 19:52 Answered 11/10, 2011 at 6:51

I'm having difficulty connecting to a 3rd party WSE 3.0 web service from a WCF client. I have implemented the custom binding class as indicated in this KB article:

http://msdn.microsoft.com/en-us/library/ms734745.aspx

The problem seems to have to do with the security assertion used by the web service - UsernameOverTransport.

When I attempt to call a method, I get the following exception:

System.InvalidOperationException: The 'WseHttpBinding'.'[namespace]' binding for the 'MyWebServiceSoap'.'[namespace]' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality..

It is expecting a username, password, and CN number. In the example code supplied to us by the vendor, these credentials are bundled in a Microsoft.Web.Services3.Security.Tokens.UsernameToken. Here's the example supplied by the vendor:

MyWebServiceWse proxy = new MyWebServiceWse();

UsernameToken token = new UsernameToken("Username", "password", PasswordOption.SendPlainText);

token.Id = "<supplied CN Number>";

proxy.SetClientCredential(token);

proxy.SetPolicy(new Policy(new UsernameOverTransportAssertion(), new RequireActionHeaderAssertion()));

MyObject mo = proxy.MyMethod();

This works fine from a 2.0 app w/ WSE 3.0 installed. Here is a snippet of the code from my WCF client:

EndpointAddress address = new EndpointAddress(new Uri("<web service uri here>"));

WseHttpBinding binding = new WseHttpBinding(); // This is the custom binding I created per the MS KB article

binding.SecurityAssertion = WseSecurityAssertion.UsernameOverTransport;
binding.EstablishSecurityContext = false;

// Not sure about the value of either of these next two
binding.RequireDerivedKeys = true;
binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

MembershipServiceSoapClient proxy = new MembershipServiceSoapClient(binding, address);

// This is where I believe the problem lies – I can’t seem to properly setup the security credentials the web service is expecting 

proxy.ClientCredentials.UserName.UserName = "username";
proxy.ClientCredentials.UserName.Password = "pwd";
// How do I supply the CN number?                      

MyObject mo = proxy.MyMethod(); // this throws the exception

I've scoured the web looking for an answer to this question. Some sources get me close (like the MS KB article), but I can't seem to get over the hump. Can someone help me out?

Handclasp answered 7/8, 2009 at 19:52 Comment(2)

Just to make sure, does your third party know that WSE is obsolete? – Densmore 1/9, 2009 at 2:25

Have you been able to solve this? Does anyone have an idea? I'm currently stuck on the same thing. – Fanestil 29/11, 2010 at 14:15

I had success in a similar case with the following binding configuration:

<bindings>
   <customBinding>
      <binding name="FNCEWS40MTOMBinding">
         <security enableUnsecuredResponse="true" authenticationMode="UserNameOverTransport"
                   allowInsecureTransport="true" messageProtectionOrder="SignBeforeEncrypt">
            <secureConversationBootstrap />
         </security>
         <mtomMessageEncoding messageVersion="Soap12WSAddressingAugust2004"
                              maxBufferSize="2147483647" />
         <httpTransport maxReceivedMessageSize="2147483647" />
     </binding>
  </customBinding>
</bindings>

Hope it works for you too.

Showcase answered 11/10, 2011 at 6:51 Comment(0)

The error message is refering to Transport Level Security, this usually means https.

You have not shown your configuration files. But I am guessing that you have configured security to be transport (or it is required as a consiquence of another choice) and used an address that is http instead of https.

Rigi answered 10/8, 2009 at 12:29 Comment(3)

Hi Shiraz, thanks for responding. I am defining the SecurityAssertion as UserNameOverTransport programatically in the code I provide above. The web service does not use https, so I do not believe that this is the problem. – Handclasp 12/8, 2009 at 20:13

I think that this is why you are getting the error. You are sending the username/password over the transport, WCF then sees that the password will go over the wire unencrypted and refuses to start the service. – Rigi 12/8, 2009 at 20:21

It seems that would be a major difference between WSE3.0 and WCF, then. I can use a WSE 3.0 client without SSL to connect to my WSE3 service, but a WCF client won't connect with the same message Dave got in his sample. – Fanestil 29/11, 2010 at 14:19

Recommended topics

Hot tags