I am trying to use a WCF client to call a third party web service.
The web Service usses username token authentication WSS-Security 1.0 Soap Message Security
Here is a sample soap authentication header for what the web service expects
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken namespaces>
<wsse:Username>username</wsse:Username>
<wsse:Password Type="type info">password</wsse:Password>
<wsse:Nonce>nonce</wsse:Nonce>
<wsu:Created>date created</wsu:Created>
</wsse:UsernameToken>
<wsse:Security>
</soap:Header>
<soap:Body>
<WebServiceMethodName xmlns="Web Service Namespace" />
I configured the client to the following way
<basicHttpBinding>
<binding name="Binding1">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic"/>
</security>
</basicHttpBinding>
but recieved an error that stating that the nonce and datecreated attributes were missing in the header. Does anyone know how to configure a WCF client to work with
WSS-Security 1.0 Soap Message Security username token authentication?
Best Answer
I had the same problem. Instead of the custom token serlializer I used a
MessageInspector
to add the correctUsernameToken
in theBeforeSendRequest
method. I then used a custom behavior to apply the fix.The entire process is documented (with a demo project) in my blog post Supporting the WS-I Basic Profile Password Digest in a WCF client proxy. Alternatively, you can just read the PDF.
If you want to follow my progress through to the solution, you'll find it on StackOverflow titled, "Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme":