WCF fails to deserialize correct(?) response message security headers (Security header is empty)
- by Soeteman
I'm communicating with an OC4J webservice, using a WCF client. The client is configured as follows:
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
My clientcode looks as follows:
ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();
string username = ConfigurationManager.AppSettings["user"];
string password = ConfigurationManager.AppSettings["pass"];
// client instance maken
WebserviceClient client = new WebserviceClient();
client.Endpoint.Binding = new BasicHttpBinding("MyBinding");
// credentials toevoegen
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
//uitvoeren request
var response = client.Ping();
I've altered the CertificatePolicy to accept all certificates, because I need to insert Charles (ssl proxy) in between client and server to intercept the actual Xml that is sent across te wire.
My request looks as follows:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2010-04-01T09:47:01.161Z</u:Created>
<u:Expires>2010-04-01T09:52:01.161Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-9b39760f-d504-4e53-908d-6125a1827aea-21">
<o:Username>user</o:Username>
<o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username- token-profile-1.0#PasswordText">pass</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<getPrdStatus xmlns="http://mynamespace.org/wsdl">
<request xmlns="" xmlns:a="http://mynamespace.org/wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<a:IsgrStsRequestTypeUser>
<a:prdCode>LEPTO</a:prdCode>
<a:sequenceNumber i:nil="true" />
<a:productionType i:nil="true" />
<a:statusDate>2010-04-01T11:47:01.1617641+02:00</a:statusDate>
<a:ubn>123456</a:ubn>
<a:animalSpeciesCode>RU</a:animalSpeciesCode>
</a:IsgrStsRequestTypeUser>
</request>
</getPrdStatus>
</s:Body>
</s:Envelope>
In return, I receive the following response:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://mynamespace.org/wsdl">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" />
</env:Header>
<env:Body>
<ns0:getPrdStatusResponse>
<result>
<ns0:IsgrStsResponseTypeUser>
<ns0:prdCode>LEPTO</ns0:prdCode>
<ns0:color>green</ns0:color>
<ns0:stsCode>LEP1</ns0:stsCode>
<ns0:sequenceNumber xsi:nil="1" />
<ns0:productionType xsi:nil="1" />
<ns0:IAndRCode>00</ns0:IAndRCode>
<ns0:statusDate>2010-04-01T00:00:00.000+02:00</ns0:statusDate>
<ns0:description>Gecertificeerd vrij</ns0:description>
<ns0:ubn>123456</ns0:ubn>
<ns0:animalSpeciesCode>RU</ns0:animalSpeciesCode>
<ns0:name>gecertificeerd vrij</ns0:name>
<ns0:ranking>17</ns0:ranking>
</ns0:IsgrStsResponseTypeUser>
</result>
</ns0:getPrdStatusResponse>
</env:Body>
</env:Envelope>
Why can't WCF deserialize this response header? I'm getting a "Security header is empty" exception:
Server stack trace:
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Who knows what is going on here? I've already tried Rick Strahl's suggestion and removed the timestamp from the request header. Any help greatly appreciated!
