MessageSecurityException for WCF customBinding UsernameOverTransport for WSSE
I need to implement a WCF service that conforms to the specifications in the CORE 270 Phase II Communication Rule . I created a service using svcutil.exe
and supplied wsdl .
Given that we chose to handle security via username / password over SSL and the requirement for SOAP 1.2 addressing, I configured the service as
customBinding:
<customBinding>
<binding name="ServiceBinding">
<security
authenticationMode="UserNameOverTransport"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap12" />
<httpsTransport />
</binding>
</customBinding>
The work WSDL
matches the WSDL
one provided by the specification. Using the supplied message for soap:
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-21621663">
<wsse:Username>bob</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordText">bobPW</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns1:COREEnvelopeRealTimeRequest
xmlns:ns1="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd">
<PayloadType> X12_270_Request_005010X279A1004010X092A1</PayloadType>
<ProcessingMode>RealTime</ProcessingMode>
<PayloadID>f81d4fae-7dec-11d0-a765-00a0c91e6bf6</PayloadID>
<TimeStamp>2007-08-30T10:20:34Z</TimeStamp>
<SenderID>HospitalA</SenderID>
<ReceiverID>PayerB</ReceiverID>
<CORERuleVersion>2.2.0</CORERuleVersion>
<Payload><![CDATA[ISA*00* *00* *ZZ*NEHEN780 *ZZ*NEHEN003 ...IEA*1*000000031]]></Payload>
</ns1:COREEnvelopeRealTimeRequest>
</soapenv:Body>
</soapenv:Envelope>
and SoapUI
, i get
System.ServiceModel.Security.MessageSecurityException
,System.ServiceModel
, Security Server could not find a security header in the message. This could be because the message is an unsecured error or because there is a coherent mismatch between the communicating parties. This can happen if the service is configured for security and the client is not using security.
It would seem that the service does not understand the namespace prefix wsse, as if I were tossing the namespace prefix on o
the service had no problem with the request.
EDIT
I can't seem to find a binding inconsistency or an issue with their message indicating that I'm chasing the wrong tree. Any other potential findings would be helpful. Is there a way to make a custom SOAP
1.2 addressable binding interact with the message SOAP
?
source to share
No one has answered this question yet
Check out similar questions: