I have a secured METRO 2.1 web service, and I want to develop a .NET (3.5) client that can use it. I already succeded if the WS was unsecured, but once I get
Security mechanism is Username Authentication with Symmetric Key and it's using the Development Defaults
How do I set up security in .NET? I've been reading the METRO guide, but I only found broken links to the examples and the guides didn't get me through. I successfully generated a proxy class with svcutil, but I don'T know how to use it.
svcutil warnings:
Warning 1 Custom tool warning: A security policy was imported for the endpoint. The security policy contains requirements that cannot be represented in a Windows Communication Foundation configuration. Look for a comment about the SecurityBindingElement parameters that are required in the configuration file that was generated. Create the correct binding element with code. The binding configuration that is in the configuration file is not secure.
Warning 2 Custom tool warning: The wsam:Addressing element requires a wsp:Policy child element but has no child elements.
EDIT
I've got really close to solving this (i think). I exported the default GlassFish certificate with keytool.exe:
keytool -exportcert -alias xws-security-server -storepass changeit -keystore keystore.jks -file server.cer
keytool -printcert -file server.cer //This line shows it's content
I use server.cer certificate on client side:
KDTreeWSClient wsClient = new KDTreeWSClient();
X509Certificate2 server_cert = new X509Certificate2("FullPathToCertificate/server.cer", "changeit");
wsClient.ClientCredentials.ServiceCertificate.DefaultCertificate = server_cert;
wsClient.ClientCredentials.UserName.UserName = "wsitUser"; //Default GF username
wsClient.ClientCredentials.UserName.Password = "changeit"; //Default GF password
Question This results in a MessageSecurityException, because the expected DNS-identity of the endpoint is localhost, however the endpoint has xwssecurityserver. Can I set it to localhost/xwssecurityserver manually?
Any help would be appreciated! Thanks in advance, Daniel
try to set DNS identity in client application's config file as described bellow
<endpoint address="http://localhost:8080/SecureCalculatorApp/CalculatorWSService"
binding="customBinding" bindingConfiguration="CalculatorWSPortBinding1"
contract="ServiceReference3.CalculatorWS" name="CalculatorWSPort1">
<identity>
<dns value="{YOUR ALIAS}" />
</identity>
</endpoint>
As dns value set "xwssecurityserver". In my case it works (by the way I used your question as a base when solved this problem, so thank you for pointing the right way :) )