WCF client encrypt message to JAVA WS using username_token with message protection client policy

Posted by Alex on Stack Overflow See other posts from Stack Overflow or by Alex
Published on 2010-06-07T19:15:31Z Indexed on 2010/06/07 19:22 UTC
Read the original article Hit count: 625

Filed under:
|
|
|
|

I am trying to create a WCF client APP that is consuming a JAVA WS that uses username_token with message protection client policy. There is a private key that is installed on the server and a public certificate file was exported from the JKS keystore file. I have installed the public key into certificate store via MMC under Personal certificates.

I am trying to create a binding that will encrypt the message and pass the username as part of the payload. I have been researching and trying the different configurations for about a day now. I found a similar situation on the msdn forum:

http://social.msdn.microsoft.com/Forums/en/wcf/thread/ce4b1bf5-8357-4e15-beb7-2e71b27d7415

This is the configuration that I am using in my app.config

 <customBinding>
   <binding name="certbinding">
                <security authenticationMode="UserNameOverTransport">
                  <secureConversationBootstrap />
                </security>
                <httpsTransport requireClientCertificate="true" />
              </binding>
    </customBinding>

  <endpoint address="https://localhost:8443/ZZZService?wsdl"
              binding="customBinding" bindingConfiguration="cbinding"   contract="XXX.YYYPortType"
              name="ServiceEndPointCfg" />

And this is the client code that I am using:

            EndpointAddress endpointAddress = new EndpointAddress(url + "?wsdl");
            P6.WCF.Project.ProjectPortTypeClient proxy = new P6.WCF.Project.ProjectPortTypeClient("ServiceEndPointCfg", endpointAddress);
            proxy.ClientCredentials.UserName.UserName = UserName;

    proxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "67 87 ba 28 80 a6 27 f8 01 a6 53 2f 4a 43 3b 47 3e 88 5a c1");

           var projects = proxy.ReadProjects(readProjects);

This is the .NET CLient error I get: Error Log: Invalid security information.

On the Java WS side I trace the log :

SEVERE: Encryption is enabled but there is no encrypted key in the request.

I traced the SOAP headers and payload and did confirm the encrypted key is not there.

Headers: {expect=[100-continue], content-type=[text/xml; charset=utf-8], connection=[Keep-Alive], host=[localhost:8443], Content-Length=[731], vsdebuggercausalitydata=[uIDPo6hC1kng3ehImoceZNpAjXsAAAAAUBpXWdHrtkSTXPWB7oOvGZwi7MLEYUZKuRTz1XkJ3soACQAA], SOAPAction=[""], Content-Type=[text/xml; charset=utf-8]}


Payload: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:UsernameToken u:Id="uuid-5809743b-d6e1-41a3-bc7c-66eba0a00998-1"><o:Username>admin</o:Username><o:Password>admin</o:Password></o:UsernameToken></o:Security></s:Header><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><ReadProjects xmlns="http://xmlns.dev.com/WS/Project/V1"><Field>ObjectId</Field><Filter>Id='WS-Demo'</Filter></ReadProjects></s:Body></s:Envelope>

I have also tryed some other bindings but with no success:

  <basicHttpBinding>
    <binding name="basicHttp">
      <security mode="TransportWithMessageCredential">
        <message clientCredentialType="Certificate"/>
      </security>
    </binding>            
  </basicHttpBinding>  

      <wsHttpBinding>
        <binding name="wsBinding">
          <security mode="Message">
            <message clientCredentialType="UserName"  negotiateServiceCredential="false" />
          </security>  

        </binding>
      </wsHttpBinding>

Your help will be greatly aprreciatted! Thanks!

© Stack Overflow or respective owner

Related posts about wcf

Related posts about wcf-client