Saturday, 9 January 2021

Trials of WCF clients and .NET Core 3.1

 I've spent four days debugging a simple WCF problem. We had a WCF server that we needed to connect to. That server required WSSE username/password security, as you can see from various excerpts in the WSDL:


    
        
            
                
            
        
    

And from a working client, I could see that a good SOAP message looked like this:


    
        
            
                2021-01-09T08:50:59.443Z
                2021-01-09T08:55:59.443Z
            
            
                MyUsername
                MyPassword
            
        
    
    
            My Body goes here
    
Initially I went on a whole route of writing code to create the necessary SOAP header.

A great article is described here:

The bugs I encountered where:

The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipient of this message, causing the message to not be processed.

In the end I discovered the simplest implementation was the correct one and no overrides were required. But a bug was still found.  I was getting the error:

The value 'TransportWithMessageCredential' is not supported in this context for the binding security property 'securityMode'.

The solution was found here:

c# - Why TransportWithMessageCredential is not supported in .net core? - Stack Overflow

Even though I created a new .NET Core 3.1 client, the default ServiceModel packages installed were version 4.4, and upgrading them to 4.8 allowed me to set BasicHttpsSecurityMode.TransportWithMessageCredential.


Final code

var endpointAddress = new EndpointAddress(uri);
var binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.TransportWithMessageCredential;
var client = new StartSessionServiceClient(binding, endpointAddress);
client.ClientCredentials.UserName.UserName = "MyUsername";
client.ClientCredentials.UserName.Password = "MyPassword";
var response = await client.StartSessionAsync(new SessionStartArgs());


References

WCF WS-Security and WSE Nonce Authentication - Rick Strahl's Web Log (west-wind.com)



No comments:

Post a Comment