Saturday 9 January 2021

Trials of WCF clients and .NET Core 3.1

 I've spent four days debugging a simple WCF problem. We had a WCF server that we needed to connect to. That server required WSSE username/password security, as you can see from various excerpts in the WSDL:


And from a working client, I could see that a good SOAP message looked like this:

            My Body goes here
Initially I went on a whole route of writing code to create the necessary SOAP header.

A great article is described here:

The bugs I encountered where:

The header 'Security' from the namespace '' was not understood by the recipient of this message, causing the message to not be processed.

In the end I discovered the simplest implementation was the correct one and no overrides were required. But a bug was still found.  I was getting the error:

The value 'TransportWithMessageCredential' is not supported in this context for the binding security property 'securityMode'.

The solution was found here:

c# - Why TransportWithMessageCredential is not supported in .net core? - Stack Overflow

Even though I created a new .NET Core 3.1 client, the default ServiceModel packages installed were version 4.4, and upgrading them to 4.8 allowed me to set BasicHttpsSecurityMode.TransportWithMessageCredential.

Final code

var endpointAddress = new EndpointAddress(uri);
var binding = new BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.TransportWithMessageCredential;
var client = new StartSessionServiceClient(binding, endpointAddress);
client.ClientCredentials.UserName.UserName = "MyUsername";
client.ClientCredentials.UserName.Password = "MyPassword";
var response = await client.StartSessionAsync(new SessionStartArgs());


WCF WS-Security and WSE Nonce Authentication - Rick Strahl's Web Log (

No comments:

Post a Comment