.net – Converting WSE example code to WCF

.netwcfweb-serviceswse

I am new to both WSE and WCF and I am trying to consume a web service using WCF but all the example documentation is for VS2005 + WSE. This web service uses WS-Security 1.0. I have added a service reference through visual studio but I am at a loss on how to do the equivalent of the code below in WCF:

// 1. Initialize the web service proxy
PartnerAPIWse integrationFramework = new PartnerAPIWse();

// 2. Set the username/password. This is using the Username token of WS-Security 1.0
UsernameTokenProvider utp = new UsernameTokenProvider("username", "password");
integrationFramework.SetClientCredential<UsernameToken>(utp.GetToken());

// 3. Declare the policy
Policy policy = new Policy(new UsernameOverTransportAssertion());
integrationFramework.SetPolicy(policy);

Best Solution

After spending a day doing some experimentation I figured out how to convert this code. The key was setting up the bindings on the WCF proxy that VS2008 makes correctly.

Add a service reference pointing to the WSDL

Open App.config / Web.config and locate the system.serviceModel section. Change the security mode on the default soapbinding to be TransportWithMessageCredential. Here is what my file looked like after the change:

        <basicHttpBinding>
        <binding name="SoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false"
            bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                maxBytesPerRead="4096" maxNameTableCharCount="16384" />
            <security mode="TransportWithMessageCredential">
                <transport clientCredentialType="None" proxyCredentialType="None"
                    realm="" />
                <message clientCredentialType="UserName" algorithmSuite="Default" />
            </security>
        </binding>
    </basicHttpBinding>

Change the example code above to look like this

Dim integrationFramework As New SoapClient()
integrationFramework.ClientCredentials.UserName.UserName = "username"
integrationFramework.ClientCredentials.UserName.Password = "password"

TransportWithMessageCredential is equivalent to UsernameOverTransportAssertion policy under WSE 3.0

Related Solutions

C# – wse 3.0 or wcf and where to start

The WCF framework is part of .NET 3.0 and not .NET 3.5, so you don't need .NET 3.5 in the clients.

Also with WCF you can provide services that are based on the web services standards. These services can be used even with the "old" web service clients, or other platforms, like Java.

The credential based WCF message security is fulfilling the WS-Security 1.1 standard, which can also be used with a WSE client.

http://msdn.microsoft.com/en-us/library/ms735093.aspx: WCF supports a wide variety of interoperability scenarios. The BasicHttpBinding class is targeted at the Basic Security Profile (BSP) and the WSHttpBinding class is targeted at the latest security standards, such as WS-Security 1.1 and WS-SecureConversation. By adhering to these standards, WCF security can interoperate and integrate with Web services that are hosted on operating systems and platforms other than Microsoft Windows.

I would definitely go for the WCF solution and not the WSE. I see WCF as a direct successor of WSE, which is not imporved further by Microsoft (even the WSE home link is broken from the WSE 3.0 download page).

As Alex mentioned, connecting to non-MS platform, despite the standards, might be challenging. A proof of concept is definitely neccessary in these scenarios.

C# – Could not establish trust relationship for SSL/TLS secure channel — SOAP

The following snippets will fix the case where there is something wrong with the SSL certificate on the server you are calling. For example, it may be self-signed or the host name between the certificate and the server may not match.

This is dangerous if you are calling a server outside of your direct control, since you can no longer be as sure that you are talking to the server you think you're connected to. However, if you are dealing with internal servers and getting a "correct" certificate is not practical, use the following to tell the web service to ignore the certificate problems and bravely soldier on.

The first two use lambda expressions, the third uses regular code. The first accepts any certificate. The last two at least check that the host name in the certificate is the one you expect.
... hope you find it helpful

//Trust all certificates
System.Net.ServicePointManager.ServerCertificateValidationCallback =
    ((sender, certificate, chain, sslPolicyErrors) => true);

// trust sender
System.Net.ServicePointManager.ServerCertificateValidationCallback
                = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));

// validate cert by calling a function
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);

// callback used to validate the certificate in an SSL conversation
private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors policyErrors)
{
    bool result = cert.Subject.Contains("YourServerName");
    return result;
}

Best Solution

Related Solutions

C# – wse 3.0 or wcf and where to start

C# – Could not establish trust relationship for SSL/TLS secure channel — SOAP

Related Question