Search code examples
c#wcfsoapwcf-security

Wcf service server - authentication with usernametoken

we are trying to create server from given demo wsdl. Wsdl does not contains security but we need implement usernametoken where request header looks like this: 

<soap:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:env="http://www.w3.org/2003/05/soap-envelope" env:mustUnderstand="true">
            <wsse:UsernameToken wsu:Id="UsernameToken-7dd435a5-b8bb-4388-bba3-f77512a14351">
                <wsse:Username>CES</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">e8I23Z92JGgSREAb=</wsse:Password>
                <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">v21JzUcrKZiZ7MC==</wsse:Nonce>
                <wsu:Created>2017-10-13T13:00:02.221Z</wsu:Created>
            </wsse:UsernameToken>
            <wsse:SecurityTokenReference>
                <wsse:Embedded wsse:ValueType="http://www.asktirweb.org/security/authentication/username" wsu:Id="alex"/>
            </wsse:SecurityTokenReference>
        </wsse:Security>
        <Action xmlns="http://www.w3.org/2005/08/addressing">http://www.asktirweb.org/services/TIRAccountingService-1/sendInvoice</Action>
        <MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:321a0dff-61a8-4eae-8934-7f06e8d87648</MessageID>
        <To xmlns="http://www.w3.org/2005/08/addressing">http://wiesbaden:8040/askdemo/hs/AskTirWebDemo/WsSecurityRequests</To>
        <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
            <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
        </ReplyTo>
    </soap:Header>

Any suggestions ?

Solution

  • Please try the below custom binding, it might be useful to you.

    <customBinding>
   <binding name="mybinding">
     <textMessageEncoding messageVersion="Soap12WSAddressing10">
     </textMessageEncoding>
     <security authenticationMode="UserNameOverTransport" includeTimestamp="false" >
     </security>
     <httpsTransport></httpsTransport>
   </binding>
 </customBinding>

    And the request body captured by Fiddle.
    enter image description here
    Besides, can we use the WSDL file to generate the client configuration, which has contained the essential binding type and security authentication mode? Like the below Tools.
    https://learn.microsoft.com/en-us/dotnet/framework/wcf/servicemodel-metadata-utility-tool-svcutil-exe
    By default, it is a built-in tool in VS Developer Command Prompts.

    svcutil https://vabqia969vm:21011

    It will generate the output.config in the current directory, it contains the binding configuration to be used in WCF.
    Feel free to let me know if there is anything I can help with.