I am trying to call a Java web service, over Http not Https, using .Net. The only hint I got from the web service team is to pass the credential either in SOAP message or in the endpoint settings.
I have created a simple console application and added a service reference to the web service. The following is the generated binding (I see that there is warning about unrecognized policy but cannot figure what it means or whether it is relevant or not):
<customBinding>
<binding name="CurrencyInformationServiceSoapBinding">
<!-- WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://www.openuri.org/': -->
<!-- <wsdl:binding name='CurrencyInformationServiceSoapBinding'> -->
<!-- <ns1:SupportingTokens xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">..</ns1:SupportingTokens> -->
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<!--<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>-->
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
Here are my trials:
Trail #1:
-----------
Using the following code:
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
or supplying the credentials in Windows property
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("crmuser", "welcome1");
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
or supplying the credentials in UserName property
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
resulted in
System.ServiceModel.FaultException: Error on verifying message against security policy Error code:1000
Trail #2:
-----------
As per one comment I have seen, I have tried to add the following tag in the binding and call the web service by passing the credentials in UserName property of ClientCredentials
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>
but the result was
System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.
Trail #3:
-----------
I have tried to use WSHttpBinding instead of the CustomBinding generated by VS as follows:
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
EndpointAddress ea = new EndpointAddress("http://someurl/CurrencyInformationService.jws");
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient(binding, ea);
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
but the result was
System.ServiceModel.ProtocolException: Content Type application/soap+xml; charset=utf-8 was not supported by service http://someurl/CurrencyInformationService.jws. The client andservice bindings may be mismatched. ---> System.Net.WebException: The remote server returned an error: (415) Unsupported Media Type.
Update:
-----------
I have received a working request from the vendor and tried it in soapUI and it gave a correct response.
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="SecurityToken-35598fb7-5aa2-4623-b07b-3277c6578beb" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>someuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somepassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<getAllForeignCurrencies xmlns="http://www.openuri.org/">
</getAllForeignCurrencies>
</soap:Body>
</soap:Envelope>
Can someone give me a hint how to generate such a SOAP request?
I was facing the same issue while consuming a java web service using .Net, and this thread helped me partially in being able to consume web service.
But, somehow I came across this post and it worked as a final solution for me : http://weblog.west-wind.com/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication
Below settings worked fine for me:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomSoapBinding">
<security includeTimestamp="false"
authenticationMode="UserNameOverTransport"
defaultAlgorithmSuite="Basic256"
requireDerivedKeys="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2000000000"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://notrealurl.com:443/services/RealTimeOnline"
binding="customBinding"
bindingConfiguration="CustomSoapBinding"
contract="RealTimeOnline.RealTimeOnline"
name="RealTimeOnline" />
</client>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0"
sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
If you use SSL use this:
<basicHttpBinding>
<binding name="NewBinding0">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
If no SSL then use CUB.
Related
I'm new on WSO2 and for a huge project we are using the EI 6.1.1.
One of our goals is to create some REST services that must substitutes some legacy SOAP services: for do that, we are developing Spring Boot REST and our idea is to expose these one in a SOAP way, with same WSDL of the legacy service.
We are creating a Proxy Service on WSO2 and we are able to call the rest service in backend, but, even if the REST logging show us that everything goes fine, the SOAP call never send back response, and "die" with a read timeout.
How can we fix that? I'll post you the proxyService configuration:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="VerificaAmbitiSET_SOAP_AWS"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="http,https">
<target>
<inSequence>
<filter xmlns:ver="http://XXXXXX.XXXXXX.XXXXXX"
xpath="//ver:getAmbitiSet">
<then>
<property expression="//ver:getAmbitiSet/ver:codiceFiscale"
name="REST_URL_POSTFIX"
scope="axis2"
type="STRING"/>
<property name="HTTP_METHOD" scope="axis2" type="STRING" value="GET"/>
</then>
<else/>
</filter>
<header name="Accept" scope="transport" value="*/*"/>
<send>
<endpoint>
<address format="rest"
uri="http://localhost:8280/services/A_SERVICE/ambitiSet"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL key="conf:/wsdl/A_WSDL.wsdl"/>
<description/>
</proxy>
and this is the REST controller sign:
#GetMapping(value = "/ambitiSet/{codiceFiscale}")
public List<Ambito> getAmbitiSET(#PathVariable("codiceFiscale") String codiceFiscale)
Finally, my SOAP request looks like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ver="http://XXXX.XXXXX.XXXXXX">
<soapenv:Header/>
<soapenv:Body>
<ver:getAmbitiSet>
<ver:codiceFiscale>XXZXZXZXZ</ver:codiceFiscale>
</ver:getAmbitiSet>
</soapenv:Body>
</soapenv:Envelope>
Greeting.
You can test where the response is getting dropped via enabling wire logs. Please follow the blog https://medium.com/#tharika/how-to-read-and-understand-wire-logs-in-wso2-products-c384af0b8ea5
I have to use a SOAP web service in a VPN network (so you couldn't test it), written in Java (JAX-WS webservice).
I don't have access at server side. When i try to call a web method from a C# 4.0 client I get this exception:
The CustomBinding on the ServiceEndpoint with contract 'ServicesSoap' lacks a TransportBindingElement. Every binding must have at least one binding element that derives from TransportBindingElement.
at System.ServiceModel.Channels.Binding.EnsureInvariants(String contractName)
at System.ServiceModel.Channels.ServiceChannelFactory.BuildChannelFactory(ServiceEndpoint serviceEndpoint, Boolean useActiveAutoClose)
at System.ServiceModel.ChannelFactory.CreateFactory()
at System.ServiceModel.ChannelFactory.OnOpening()
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ChannelFactory.EnsureOpened()
at System.ServiceModel.ChannelFactory`1.CreateChannel(EndpointAddress address, Uri via)
at System.ServiceModel.ClientBase`1.CreateChannel()
at System.ServiceModel.ClientBase`1.CreateChannelInternal()
at System.ServiceModel.ClientBase`1.get_Channel()
at GatewayClient.Lotto.ServicesSoapClient.GatewayClient.Lotto.ServicesSoap.InfoRequest(InfoRequestRequest request)
at GatewayClient.Lotto.ServicesSoapClient.InfoRequest(infoDataIn request)
at GatewayClient.MainWindow.InfoRequestButton_Click(Object sender, RoutedEventArgs e)
This is my app.config:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="ServicesSoapPortBinding">
<textMessageEncoding messageVersion="Soap12" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://xxx.yyy/Services"
binding="customBinding" bindingConfiguration="ServicesSoapPortBinding"
contract="ServiceReference1.ServicesSoap" name="ServicesSoapPort" />
</client>
</system.serviceModel>
Any help?
I've solved the issue adding httpTransport in the binding tag, in the app.config:
<binding name="ServicesSoapPortBinding">
<textMessageEncoding messageVersion="Soap12" />
<httpTransport/>
</binding>
I have to add the service reference within Visual Studio "Service References" feature. Trying to use svcutil, I get another different exception.
I am trying to call a Java service using WCF. The service sends a message back but it does not make back to my program. WCF generates:
No Timestamp is available in security header to do replay detection.
I captured the returned message in Fiddler and there is a Timestamp field in the body.
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SecurityToken-</wsse:BinarySecurityToken>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#Id-649325bc-661f-ede4-9ba7-6366c9de792e"><dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>Pm0bbVqKJfz05tPpphXtBJjDyew=</dsig:DigestValue>
</dsig:Reference></dsig:SignedInfo>
<dsig:SignatureValue> *snip*</dsig:SignatureValue>
<dsig:KeyInfo>
<SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#SecurityToken-65e3d200-a1e1-b453-03f6-dd800869423d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Id-649325bc-661f-ede4-9ba7-6366c9de792e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ns0:ResponseMessage xmlns:ns0="http://www.ercot.com/schema/2007-06/nodal/ews/message"><ns0:Header><ns0:Verb>reply</ns0:Verb><ns0:Noun>BidSet</ns0:Noun><ns0:ReplayDetection><ns0:Nonce>09f359b4ddb89f0a23dd6d05508cc372</ns0:Nonce><ns0:Created>2012-03-08T09:44:16.865-06:00</ns0:Created></ns0:ReplayDetection><ns0:Revision>001</ns0:Revision><ns0:Source>ERCOT</ns0:Source><ns0:UserID>API_EMP327</ns0:UserID><ns0:MessageID>temp</ns0:MessageID>
</ns0:Header><ns0:Reply><ns0:ReplyCode>OK</ns0:ReplyCode><ns0:Timestamp>2012-03-08T09:44:16.865-06:00</ns0:Timestamp></ns0:Reply>
<ns0:Payload>*snip*</ns0:Payload>
I have looked at:
http://social.msdn.microsoft.com/forums/en-US/wcf/thread/3be779e7-1d73-455c-8aa0-cb90026e8993/
and modified my config appropriately. Adding securityHeaderLayout="Lax"
and
<customBinding>
<binding name="NodalCustomBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00">
<textMessageEncoding messageVersion="Soap11" />
<security
authenticationMode="MutualCertificate"
requireDerivedKeys="false"
includeTimestamp="true"
securityHeaderLayout="Lax"
keyEntropyMode="ClientEntropy"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="false"
allowSerializedSigningTokenOnReply="true"
enableUnsecuredResponse="true" >
<secureConversationBootstrap />
<localClientSettings detectReplays="false"/>
<localServiceSettings detectReplays="false"/>
</security>
<httpsTransport />
I am still getting the same error.
Any help would be appreciated!
Keith
The error is saying there is no timestamp in the wsse:Security element in the soap envelope header. The timestamp element I see is in the body element and has no applicability to the ws-security configuration. Also, the includeTimestamp attribute is set to true. Just guessing here but have you tried setting it to false?
Using the following sample WSDL file, I've generated a new project in SOAP UI (version 3.5), and created the example test suite, test case, and mock service.
WSDL
<definitions name="HelloService"
targetNamespace="http://www.examples.com/wsdl/HelloService.wsdl"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:tns="http://www.examples.com/wsdl/HelloService.wsdl"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<message name="SayHelloRequest">
<part name="firstName" type="xsd:string"/>
</message>
<message name="SayHelloResponse">
<part name="greeting" type="xsd:string"/>
</message>
<portType name="Hello_PortType">
<operation name="sayHello">
<input message="tns:SayHelloRequest"/>
<output message="tns:SayHelloResponse"/>
</operation>
</portType>
<binding name="Hello_Binding" type="tns:Hello_PortType">
<soap:binding style="rpc"
transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="sayHello">
<soap:operation soapAction="sayHello"/>
<input>
<soap:body
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="urn:examples:helloservice"
use="encoded"/>
</input>
<output>
<soap:body
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
namespace="urn:examples:helloservice"
use="encoded"/>
</output>
</operation>
</binding>
<service name="Hello_Service">
<documentation>WSDL File for HelloService</documentation>
<port binding="tns:Hello_Binding" name="Hello_Port">
<soap:address
location="http://www.examples.com/SayHello/"/>
</port>
</service>
</definitions>
I can start up the mock service and access via the browser, whereby I see a link to the wsdl and can view it.
However, by using the default generated soap request (as follows), it returns an html response (appears to be the web page) rather than the soap response I have configured.
REQUEST
POST http://localhost:8088/SayHello/ HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "sayHello"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: localhost:8088
Content-Length: 467
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:examples:helloservice">
<soapenv:Header/>
<soapenv:Body>
<urn:sayHello soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<firstName xsi:type="xsd:string">James</firstName>
</urn:sayHello>
</soapenv:Body>
</soapenv:Envelope>
RESPONSE
HTTP/1.1 200 OK
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Server: Jetty(6.1.x)
<html><body><p>There are currently 1 running soapUI MockServices</p><ul><li>Hello_Binding MockService</li></ul></p></body></html>
I've configured a sample response as follows :
SAMPLE RESPONSE ON MOCK
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:examples:helloservice">
<soapenv:Header/>
<soapenv:Body>
<urn:sayHelloResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<greeting xsi:type="xsd:string">?</greeting>
</urn:sayHelloResponse>
</soapenv:Body>
</soapenv:Envelope>
Its configured as the default response, so I have no idea why it is not being returned.
Any suggestions? +1's to anything that helps me progress this.
Thanks
No service is started for the endpoint URL from your request: http://localhost:8088/SayHello/. The only started service is located at URL http://localhost:8088/mockHello_Binding as reported in the service response. SoapUI returns list of all started mock services in HTML page when a non-existed one is requested. Consider fixing endpoint address to resolve this issue.
I have hit the same problem using soap ui 5.4.0. It have happend beacuse the path of created mock service was incorrect.
If you click in the soap UI, on the created mock service - properties button on the bottom - you will see that your path looks like /mockBindingservice, it should say /.
To change it, double click on the created mock service, click stop service than settings button (located next to stop and start buttons).Change Path to / and double check host.
Save, start service. Should work now.
I know it is an old post, but hopefully it will help sombody looking for the anwser.
The Url you are hitting is incorrect. The MockService URL is created while you import the WSDL to SOAP with default port 8088.
Solution:
1)Create new Project
2)Import WSDL
3)Check Create Mockervice
4)Then you will SEE the URL where mockservice will run::-->mockSearchURL(for eg)
5)hit HTTP://{IP}:8088/mockSearchURL
DONE!!
i think is the name in Url and the name in request
Url : SayHello
Request : sayHello S and s
name should be matched
I has similar issue with BizTalk 2010 Send Port and Mock SOAPUI webservice.
I found out that the 2 URL er different
When I open this in IE..I see the HTML response.
http://localhost:8088/MockUpdateBasicHttp
When you opened this in IE I got a blank white screen which normally means success.
http://localhost:8088//MockUpdateBasicHttp
The correct URL is with a single '/' after port number.
http://localhost:8088/MockUpdateBasicHttp
I am trying to figure out how to call a Java Web Service (blackbox) from .NET which expects each request to be signed with a certificate (which is no problem).
I don't get it. Whatever I try, it fails. After spending hours with researching and testing I think the right way should be to use a customBinding instead of a basicHttpBinding. What I want to achieve is to sign the header as well as the message body.
By using authentication mode CertificateOverTransport only the SOAP header is signed, not the body. By using authentication mode MutualCertificate everything is signed and encrypted.
Do I have any chance to disable the encryption of the whole message?
I got it.
Binding:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="FFB">
<context protectionLevel="Sign" />
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificateDuplex" includeTimestamp="true" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
And additionally:
service.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;