StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POAccidentally sticking SOAP Body inside of SOAP Header attempting to access WSE service with WCF client
primarykey
Id
12159334
data
AcceptedAnswerId
12159837
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-08-28T12:34:42.390
FavoriteCount
1
LastActivityDate
2012-08-28T14:01:38.647
LastEditDate
2012-08-28T14:01:38.647
LastEditorUserId
729820
OwnerUserId
729820
ParentId
0
PostTypeId
1
Score
0
ViewCount
7688
LastEditorDisplayName
text
Body
I am attempting to hit a WSE secured web service using WCF. The SOAP header I need to generate to do this should contain a username, password, nonce, and created date... Here is a an example of a soap UI header that I use to hit the same service... <pre><code> <soap:Header> <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>----------</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">----------</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Hozef94FFwOhuiF5QixaMQ==</wsse:Nonce> <wsu:Created>2012-08-21T13:26:03.642Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> </code></pre> Now I found a tutorial that was pretty usefull. <a href="http://blog.benpowell.co.uk/2010/11/supporting-ws-i-basic-profile-password.html" rel="nofollow">usefull tutorial</a> I have successfully implemented it... But I am now sticking the SOAP body into the soap header and there isn't a nonce generated. <pre><code><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"> <s:Header> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo9VZylDHg5JMgjsNnWLhATkAAAAA+YtOxHdh0Uqd4a64raX/nIzYz20mPHlBv4Wk5S8d5PsACQAA</VsDebuggerCausalityData> <wsse:Security s:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <UsernameToken xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <Username>------------</Username> <Password>************</Password> </UsernameToken> </wsse:Security> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <GetOrganizations xmlns="http://------------------------/businessobjects/messaging/"> <personId xmlns="">0</personId> <typeId xmlns=""> <int>1</int> <int>2</int> <int>3</int> <int>4</int> </typeId> </GetOrganizations> </s:Body> </s:Header> </s:Envelope> </code></pre> Don't know why it is doing this. I followed the tutorial to the letter. My Repository getting everything... <pre><code>using (DistListServiceReference.DistributionListClient dlc = new DistListServiceReference.DistributionListClient()) { try { PasswordDigestBehavior behavior = new PasswordDigestBehavior("********", "********"); dlc.Endpoint.Behaviors.Add(behavior); GetDistributionLists gdl = new GetDistributionLists(); gdl.PersonID = 0; GetDistributionListsResponse gdlr = new GetDistributionListsResponse(); gdlr = dlc.GetDistributionLists(gdl); return gdlr; } catch (Exception e) { dlc.Abort(); return null; } } </code></pre> My PasswordDigentInspector <pre><code>public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel) { // Use the WSE 3.0 security token class UsernameToken token = new UsernameToken(this.Username, this.Password, PasswordOption.SendPlainText); WseHeader header = new WseHeader(this.Username, this.Password); // Serialize the token to XML XmlElement securityToken = token.GetXml(new XmlDocument()); MessageHeader securityHeader = MessageHeader.CreateHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken", securityToken, false); request.Headers.Add(header); // complete return Convert.DBNull; } </code></pre> How I apply client behavior <pre><code>public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime) { clientRuntime.MessageInspectors.Add(new PasswordDigestMessageInspector(this.Username, this.Password)); } </code></pre> Everything is pretty much there. I am not seing where the body is being injected into the header. Any body have any ideas? UPDATE: Debugging I am looking at the the actual header that I inject into the soap message and this is what I see... <pre><code>{<wsse:Security s:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <UsernameToken xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <Username>**********</Username> <Password>************</Password> </UsernameToken>} System.ServiceModel.Channels.MessageHeaderInfo {TestDistListApplication.Repository.WseHeader} </code></pre> Just looking at that, there is no nonce, I could build it programmatically, but I am not sure if that is a good idea. Especially since there is a nonce already and a create date in the securityToken... Not sure why they don't appear in the header though... <pre><code><wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MedTrak_Dev</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">uncJUN132012</wsse:Password> <wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">mvy9nUfF+rnT3oTasDBqxg==</wsse:Nonce> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2012-08-28T13:30:42Z</wsu:Created> </code></pre> I have the debugger stopped and I am watching both those variables. What might cause the header not to have those things and the the WSEHeader to have them? Looks like I will have to debugg that.
Tags
<wcf><soap><wse><soapheader>
Title
Accidentally sticking SOAP Body inside of SOAP Header attempting to access WSE service with WCF client
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USSoftwareSavant
UserOwnerUserId
1. USSoftwareSavant
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.