WCF client, WSE service, UsernameOverCertificate
- From: "Phil Lee" <phil.lee@xxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Dec 2007 14:26:56 -0000
Hi,
I have an existing WSE3 implementation using UsernameOverCertificate and decided the best way to migrate to WCF was to migrate the client first and the service later.
After studying the available samples (e.g. http://msdn2.microsoft.com/en-us/library/ms752257.aspx) I have managed to migrate the client but still have a few issues.
They are:
1) It doesn't work if I set EstablishSecurityContext=true in the client and set establishSecurityContext="true" in the service's policy.
2) Our service populates SoapException.Detail with extra information when raising an exception. The WCF client rejects this with:
System.ServiceModel.CommunicationException
Server returned an invalid SOAP Fault. Please see InnerException for more details.
End element 'Fault' from namespace 'http://www.w3.org/2003/05/soap-envelope' expected. Found element 'detail' from namespace ''.
3) If the server throws any SoapException (without setting the fault detail) the client reports
"The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state."
and no further information appears to be available.
So my questions are:
1) Is it possible to use EstablishSecurityContext with WCF -> WSE3 and if so how?
2) Is it possible to configure the WCF client to accept the custom fault detail information?
3) I would have thought exception info generated by a WSE3 service be available in a WCF client. What's going wrong?
I can post my test code if required, however the basics are below.
The WCF client can be configured using app.config + some code, or all in code.
This is the .config version:
<configuration>
<system.serviceModel>
<behaviors />
<bindings>
<customBinding>
<binding name="Service1Wse">
<security authenticationMode="UserNameForCertificate" messageProtectionOrder="SignBeforeEncrypt">
<secureConversationBootstrap messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" />
</security>
<textMessageEncoding messageVersion="Soap12WSAddressingAugust2004" />
<httpTransport />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://localhost:2345/Service1.asmx"; binding="customBinding"
bindingConfiguration="Service1Wse" contract="Service.Service1Soap"
name="Service1WseEndPoint">
<identity>
<dns value="Test" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
This is the code version:
EndpointAddress address = new EndpointAddress(new Uri("http://localhost:2345/Service1.asmx";),
EndpointIdentity.CreateDnsIdentity("Test"));
WseHttpBinding binding = new WseHttpBinding(); // from "Interoperating with WSE" sample (http://msdn2.microsoft.com/en-us/library/ms752257.aspx)
binding.SecurityAssertion = WseSecurityAssertion.UsernameForCertificate;
binding.EstablishSecurityContext = false;
binding.RequireDerivedKeys = true;
binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
Service1SoapClient client = new Service1SoapClient(binding, address);
Plus configure certificate in code:
ClientCredentials clientClientCredentials = client.ClientCredentials;
UserNamePasswordClientCredential userNamePassword = clientClientCredentials.UserName;
userNamePassword.UserName = "user";
userNamePassword.Password = checkBox1.Checked ? "password" : "rubbish";
clientClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectDistinguishedName,
"CN=Test");
Regards,
Phil Lee
.
- Prev by Date: MTOM Error Meesage
- Next by Date: RE: WSE2 How to set SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
- Previous by thread: MTOM Error Meesage
- Next by thread: RE: WSE2 How to set SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
- Index(es):
Relevant Pages
|
