soapUI With WCF Message Security

wcf wcf-security soapui
Milen picture Milen · Jul 6, 2011 · Viewed 16.1k times · Source

I am trying to configure my WCF (.NET 4.0) service so that it can be tested using soapUI. I am using wsHttpBinding with message security. My goal is to expose the service on a public test endpoint and try to load-test it with loadUI which uses soapUI tests. For this to work the endpoint needs to be secure and since my production endpoint will use message security I figure my test one should also use it in order to achieve close to production load test results.

I can't seem to be able to configure soapUI to successfully call the service. I have tried a number of combinations of signing and encrypting input and output with the client and server certificate. Has anybody managed to achieve a successful message security configuration of WCF and soapUI?

The following are exerpts from my configuration:

Binding:

  <wsHttpBinding>

            <binding name="MessageSecurity">
                <security mode="Message">
                    <message clientCredentialType="Certificate" negotiateServiceCredential="false"/>
                </security>
            </binding>

        </wsHttpBinding>

Behavior

    <behaviors>
        <serviceBehaviors>
            <behavior name="customBehavior">
                <serviceMetadata httpGetEnabled="True"/>
                <serviceDebug includeExceptionDetailInFaults="True"/>

                <serviceCredentials>
                    <clientCertificate>
                        <authentication certificateValidationMode="PeerTrust"/>
                    </clientCertificate>
                    <serviceCertificate findValue="MyWebServicesCertificate" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>

        <endpointBehaviors>
            <behavior name="webHttp">
                <webHttp/>
            </behavior>
        </endpointBehaviors>

    </behaviors>
</system.serviceModel>

Service:

            <service behaviorConfiguration="customBehavior" name="MyService">

            <!-- Service Endpoint -->
            <endpoint name="Production" address="" binding="wsHttpBinding" bindingConfiguration="MessageSecurity" contract="IMyService">

                <identity>
                    <dns value="web_services_svr"/>
                </identity>
            </endpoint>




            <host>
                <baseAddresses>
                    <add baseAddress="http://web_services_svr/MyService.svc" />
                </baseAddresses>
            </host>

        </service>

Answer

Yaron Naveh picture Yaron Naveh · Apr 8, 2012

set negotiateServiceCredential to false and also establishSecuritySession to false.

after this interoperability is possible. If you add ProtectionLecel.Sign on your contracts (e.g. do not encrypt) it is even easier.

Related questions

WCF Error "This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case"

I'm having a problem using a WCF call from a Windows service to my WCF service running on my web server. This call has been working for a number of weeks, but then stopped working all of a sudden, and …

Read More
Correct way communicate WSSE Usernametoken for SOAP webservice

I am attempting to consume a web service through its corresponding wsdl. This service is dependent upon authentication conforming to Web Services Security Basic Security Profile 1.0 including that the correct xmls namespace of http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-secext-1.0.…

Read More
The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate').

The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for …

Read More