I was testing below SOAP web service security example.
http://www.mulesoft.org/documentation/display/current/SOAP+Web+Service+Security+Example
Here in the soap component configuration, key value pair is action and UsernameToken TimeStamp. In Enabling WS-Security it is mentioned that key value are constant of WSHandlerContant class. But if instead of UsernameToken i use the constant variable USERNAME_TOKEN of WSHandlerContant class i am getting errors.
Can anyone tell me where i can find possible value of key value for SOAP security.
http://www.mulesoft.org/documentation/display/current/Enabling+WS-Security
http://people.apache.org/~coheigea/stage/wss4j/1.5.5/site/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html#PW_CALLBACK_CLASS
Below are the contant field values that we can use in SOAP Security configuration.
http://people.apache.org/~coheigea/stage/wss4j/1.5.5/site/apidocs/constant-values.html#org.apache.ws.security.handler.WSHandlerConstants.RECEIVE
Related
Message contract we can use when we have pass authentication detail to soap header instead passing as paratmeter in datacontract like ex. license key or user credentials. Passing parameter is not secure.
But we can secure datacontract using security(transport or message). Why do we need messageContract? then what is difference bewteen message contract and data contract/
"Message contract has full control on SOAP message and we can also add Protection Level and message can encrypted and secure. It could be signing or encrypting SOAP header information.
Mixing message and data contracts will cause a runtime error when you generate WSDL from the service."
I have wcf service in which I want to identify a wcf call by some identifier. OperationContext.Current.Incoming. MessageId is the option in case of wshttpbinding. But I am using basic http binding. Suggest me other field as identifier. How can I get such unique identifier per wcf call using basic http binding?
I am creating a WCF webservice whose requests/responses are supposed to be signed only.
For this, on ServiceContract attribute I have set
ProtectionLevel = ProtectionLevel.Sign
That works ok.
Due to requirements some SoapFaults are supposed to be thrown from service; two types of SoapFaults:
related to application
related to WS-Addressing (e.g. MessageID is missing)
For this I am using the normal of approach of dealing with SoafFaults: create an IErrorHandler in which a Message instance is created with MessageFault.CreateFault.
Almost all the returned SoapFaults are not encrypted (which is ok for me),
my question is why the ones with action="http://www.w3.org/2005/08/addressing/fault" or "http://www.w3.org/2005/08/addressing/soap/fault" are encrypted?
Check out http://msdn.microsoft.com/en-us/library/aa347791.aspx and http://msdn.microsoft.com/en-us/library/system.servicemodel.faultcontractattribute.aspx.
It states that
If you select a binding that enables security and you do not set the
ProtectionLevel property anywhere on the contract, all application
data will be encrypted and signed.
I guess that the build in types by default use this behaviour. You can verify this by looking at which exception is actually thrown.
I have a WCF Service which returns a list or array. When it is called by a third party, does it automatically serialize into the proper soap envelope?
Yes it does automatically serialize it, by wrapping it with a SOAP Envelope.
This can be disabled if required.
I'm building a WCF SOAP application. The WSDL file has numerous operations of which many have the same argument type. The WSDL file defines all soapAction attributes as "''". When I try to start such a service WCF throw an exception saying that soapActions have to be unique.
After some googling I'm even more puzzled than before. I used SOAPUI to create a mock service with two operations which take the same input type and without the soapActions defined it always chooses the same operation. When the actions are defined it works fine.
My questions are:
Can you make a WCF SOAP service without unique soapActions (actually leaving the soapActions "''" as defined in the original WSDL)?
How can a service choose the right operation without the soapAction defined?
Edited:
I'm not in control of the WSDL. I'm using the WSCF.Blue tool to create a service stub from the WSDL file. I might be able to modify the WSDL, but I want to see if there is some possibility to leave it as it is.
It is not very clear from your question but I suggest you are building service based on some defined WSDL, aren't you? WCF by default uses SOAP action because it is required part of WS-I Basic Profile 1.1 offered by WCF services with BasicHttpBinding. WSDLs with empty SOAP actions are used when the action is defined by root body element.
WCF samples provides example of custom DispatchOperationSelector which is able to route messages to operations by their root body element. This is probably what you need to add to your service so that clients based on provided WSDL can call it.