I have created a WCF service and send a request to the service through soapUI I get an error in response:
The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipient of this message, causing the message to not be processed. This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process. Please ensure that the configuration of the client's binding is consistent with the service's binding
Tell me, please, how to properly set the security header?
Most likely I need to process the signature, but I don’t know how to do it. I didn't find any information on how to do this.
Here is my request:
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311"/>
<ds:Reference URI="test">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gost34311"/>
<ds:DigestValue>test</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
test
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
test
</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<S:Body xmlns:ns2="http://bip.bee.kz/SyncChannel/v10/Types"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="test">
<ns2:SendMessage>
<request>
<requestInfo>
<test>test</test>
<sender>
<test>test</test>
</sender>
<sessionId>test</sessionId>
</requestInfo>
<requestData>
<data>
<test>test</test>
</data>
</requestData>
</request>
</ns2:SendMessage>
</S:Body>
</S:Envelope>
Service.svc processing the request:
public class Service : IService
{
public string SendMessage(SendMessage request)
{
return "test";
}
}
Model:
[MessageContract(WrapperName="SendMessage", IsWrapped=true, WrapperNamespace = "")]
public class SendMessage
{
[MessageBodyMember(Namespace = "", Name = "request")]
public Request Request { get; set; }
}
[Serializable]
[XmlType(Namespace = "")]
public class Request
{
[XmlElement(ElementName = "requestInfo", Order = 0)]
public RequestInfo RequestInfo { get; set; }
[XmlElement(ElementName = "requestData", Order = 1)]
public RequestData RequestData { get; set; }
}
Config:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
If you specify verification using a certificate:
<services>
<service behaviorConfiguration="ServiceBehavior"
name="Service">
<endpoint address="" binding="customBinding" bindingConfiguration="ServiceBinding"
name="ConclusionService" contract="IService" />
</service>
</services>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="test" storeLocation="CurrentUser"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
<customBinding>
<binding name="ServiceBinding">
<security authenticationMode="AnonymousForCertificate" requireDerivedKeys="false"
messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<httpTransport />
</binding>
</customBinding>
Warning: 'Message with action '' has no message signature parts specified.'
You can view WS-Security header block in the Raw section, but before going there make some changes and resend request.
To use X.509 certificates, you need to set it up on the server side like this:
At the same time, the certificate's encodevalue authentication is used on the client: