Hi I'm reading through the MCTS Training kit for the 70-503 exam, about tracing and message logging in WCF. And I've noticed that the trace file seems to have a more detailed header in the SOAP message when logEntireMessage is set to false, which doesn't make sense to me. So could someone explain this to me.
My app.config looks like this, where I've defined a filter:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="false" logMessagesAtTransportLevel="true" maxMessagesToLog="3000" maxSizeOfMessageToLog="2000">
<filters>
<add xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
/soap:Envelope/soap:Header/a:Action[starts-with(text(), 'http://schemas.xmlsoap.org')]
</add>
</filters>
</messageLogging>
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="IGetHeaders">
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8731/Design_Time_Addresses/DemoService/HeaderService/" binding="wsHttpBinding" bindingConfiguration="IGetHeaders" contract="DemoService.IGetHeaders" name="IGetHeaders">
<headers>
<MyHeader xmlns="http://tempuri.org" name="Sample">This is my header data</MyHeader>
</headers>
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchName="Information, ActivityTracing">
<listeners>
<add name="log" type="System.Diagnostics.XmlWriterTraceListener" initializeData="Traces.svclog"/>
</listeners>
</source>
</sources>
<trace autoflush="true"/>
</system.diagnostics>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
And the below is the trace file, when logEntireMessage is set to true
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2013-11-04T12:26:27.6791265Z" />
<Source Name="System.ServiceModel.MessageLogging" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="TestClient.vshost" ProcessID="6392" ThreadID="8" />
<Channel/>
<Computer>MY-PC</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<MessageLogTraceRecord Time="2013-11-04T13:26:27.6591254+01:00" Source="TransportReceive" Type="System.ServiceModel.Channels.BufferedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
<a:RelatesTo>urn:uuid:a7c94fd2-fb5a-4ba8-b18f-e9531c9a4cc6</a:RelatesTo>
</s:Header>
<s:Body>
<t:RequestSecurityTokenResponse Context="uuid-656588df-463f-4558-b59d-277cd3b854d6-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">oYG6MIG3oAMKAQGhDAYKKwYBBAGCNwICCqKBoQSBnk5UTE1TU1AAAgAAAA4ADgA4AAAANcKa4ltbUQc7i9awkCraAQAAAABYAFgARgAAAAYBsR0AAAAPQgBBAEgAUgAtAFAAQwACAA4AQgBBAEgAUgAtAFAAQwABAA4AQgBBAEgAUgAtAFAAQwAEAA4AQgBhAGgAcgAtAFAAQwADAA4AQgBhAGgAcgAtAFAAQwAHAAgAHid5FVnZzgEAAAAA</t:BinaryExchange>
</t:RequestSecurityTokenResponse>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
And this is the same file, with the only difference, that logEntireMessage has been set to false. In this file though, I noticed that it seems that there is a lot more information regarding the header in the SOAP message, i.e. my custom endpoint header <MyHeader> is included, and the <ReplyTo> tag etc.
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2013-11-04T12:44:36.0783794Z" />
<Source Name="System.ServiceModel.MessageLogging" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="TestClient.vshost" ProcessID="8044" ThreadID="9" />
<Channel/>
<Computer>MY-PC</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<MessageLogTraceRecord Time="2013-11-04T13:44:36.0463775+01:00" Source="TransportSend" Type="System.ServiceModel.Channels.BodyWriterMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID xmlns:a="http://www.w3.org/2005/08/addressing">urn:uuid:a44c286b-1d4b-4446-994c-85f3916f7898</a:MessageID>
<a:ReplyTo xmlns:a="http://www.w3.org/2005/08/addressing">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://localhost:8731/Design_Time_Addresses/DemoService/HeaderService/</a:To>
<MyHeader name="Sample" a:IsReferenceParameter="true" xmlns="http://tempuri.org" xmlns:a="http://www.w3.org/2005/08/addressing">This is my header data</MyHeader>
</s:Header>
</s:Envelope>
</MessageLogTraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2013-11-04T12:44:40.7496466Z" />
<Source Name="System.ServiceModel.MessageLogging" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="TestClient.vshost" ProcessID="8044" ThreadID="9" />
<Channel/>
<Computer>MY-PC</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<MessageLogTraceRecord Time="2013-11-04T13:44:40.7396460+01:00" Source="TransportReceive" Type="System.ServiceModel.Channels.BufferedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
<a:RelatesTo xmlns:a="http://www.w3.org/2005/08/addressing">urn:uuid:a44c286b-1d4b-4446-994c-85f3916f7898</a:RelatesTo>
</s:Header>
</s:Envelope>
</MessageLogTraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2013-11-04T12:44:40.8846543Z" />
<Source Name="System.ServiceModel.MessageLogging" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="TestClient.vshost" ProcessID="8044" ThreadID="9" />
<Channel/>
<Computer>MY-PC</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<MessageLogTraceRecord Time="2013-11-04T13:44:40.8836542+01:00" Source="TransportSend" Type="System.ServiceModel.Channels.BodyWriterMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
<a:MessageID xmlns:a="http://www.w3.org/2005/08/addressing">urn:uuid:aec9f076-b9a2-42c2-9e4b-b745e45c3c4c</a:MessageID>
<a:ReplyTo xmlns:a="http://www.w3.org/2005/08/addressing">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://localhost:8731/Design_Time_Addresses/DemoService/HeaderService/</a:To>
<MyHeader name="Sample" a:IsReferenceParameter="true" xmlns="http://tempuri.org" xmlns:a="http://www.w3.org/2005/08/addressing">This is my header data</MyHeader>
</s:Header>
</s:Envelope>
</MessageLogTraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2013-11-04T12:44:40.8906546Z" />
<Source Name="System.ServiceModel.MessageLogging" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="TestClient.vshost" ProcessID="8044" ThreadID="9" />
<Channel/>
<Computer>MY-PC</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<MessageLogTraceRecord Time="2013-11-04T13:44:40.8906546+01:00" Source="TransportReceive" Type="System.ServiceModel.Channels.BufferedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1" xmlns:a="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action>
<a:RelatesTo xmlns:a="http://www.w3.org/2005/08/addressing">urn:uuid:aec9f076-b9a2-42c2-9e4b-b745e45c3c4c</a:RelatesTo>
</s:Header>
</s:Envelope>
</MessageLogTraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
The MSDN documentation says about logEntireMessage attribute:
This value specifies whether the entire message (message header and body) is logged. The default value is false, meaning that only the header is logged. This setting affects service and transport message logging levels.
So why do the headers seem different? What am I missing here?
These are not the same message. Look closely at the action. The first is an RST (Request for Security Token). The second is an RSTR (Request for Security Token Response). Hence the reason for the difference.
When you compare for the same message, you will see just headers when logEntireMessage is false. The SOAP Body is included when you set it to true.
Related
I'm trying to consume a java web service from a WCF client with this specifications:
The request must be signed (but NOT encrypted). I have my client's certificate installed on my computer.
The response is signed (not encrypted) by the server. I have the server's certificate installed on my computer.
Communication is over HTTPS (certificate installed on my computer).
This is the configuration of the client:
Endpoint:
<endpoint address="https://..."
binding="customBinding" bindingConfiguration="SincronSoapCustom" behaviorConfiguration="webEndpointExtern"
contract="Proves.Service.SincronSoap" name="SincronSoap">
<identity>
<dns value="Test app"/>
</identity>
</endpoint>
Custom binding:
<customBinding>
<binding name="SincronSoapCustom" >
<security authenticationMode="MutualCertificate" allowSerializedSigningTokenOnReply="true" requireSignatureConfirmation="false" requireDerivedKeys="false" includeTimestamp="true" securityHeaderLayout="LaxTimestampLast" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8" ></textMessageEncoding>
<httpsTransport transferMode="Buffered" ></httpsTransport>
</binding>
</customBinding>
Behavior:
<behavior name="webEndpointExtern">
<clientCredentials>
<clientCertificate findValue="19cab2cd6bc982fb" storeLocation="CurrentUser"
storeName="My" x509FindType="FindBySerialNumber" />
<serviceCertificate>
<defaultCertificate findValue="311a360557c1056c5367435e7dad3866" storeLocation="CurrentUser"
storeName="My" x509FindType="FindBySerialNumber" />
<authentication certificateValidationMode="PeerOrChainTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
To only sign the message (and avoid encryption) I set the protection level in the service contract:
<System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0"),
System.ServiceModel.ServiceContract([Namespace]:="http://xxxx/", ProtectionLevel:=Net.Security.ProtectionLevel.Sign)>
Public Interface SincronSoap
<System.ServiceModel.OperationContractAttribute(Action:="http://xxxxxx", ReplyAction:="*", ProtectionLevel:=Net.Security.ProtectionLevel.Sign),
System.ServiceModel.XmlSerializerFormatAttribute(SupportFaults:=True)>
Function procesa(ByVal request As Service.procesaRequest) As Service.procesaResponse
<System.ServiceModel.OperationContractAttribute(Action:="http://xxxxxx", ReplyAction:="*")>
Function procesaAsync(ByVal request As PdibService.procesaRequest) As System.Threading.Tasks.Task(Of Service.procesaResponse)
End Interface
With this configuration, my requests are processed correctly by the server but my client throws an error when processing the response:
Cannot read the token from the 'SignatureConfirmation' element with the 'http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd' namespace for BinarySecretSecurityToken, with a '' ValueType. If this element is expected to be valid, ensure that security is configured to consume tokens with the name, namespace and value type specified.
Ok, my client uses WS-Security 1.0 and the SignatureConfirmation element is only allowed in WS-Security 1.1. The provider of the service confirms to me that the correct versión is 1.1.
So I change from:
WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
to:
WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
But when I make a request using this config, the remote server returns an error:
WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto propery file supplied for decryption)
It seems that in this case my client is including some encryption in the request and the server doesn't expects it. This is the request:
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<ActivityId xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics" CorrelationId="868039bc-362d-4d3b-93fa-afb7ccdaf7e9">8160d724-54b3-4aa5-acbd-82d26abbf3b5</ActivityId>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#" Id="uuid-caa9c9fc-8225-403e-b844-fffa7e439ec6-1">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">M0m/j9IjdvtsfXoboTzGX4jRw5I=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>..removed..</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
<o:BinarySecurityToken>
<!--Removed-->
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="_0">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>m6K+Htbhimq+ncV9cu48xtaHCXU=</DigestValue>
</Reference>
<Reference URI="#uuid-caa9c9fc-8225-403e-b844-fffa7e439ec6-2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>DptGdl9nICPuR7ym4VB4DAsT05o=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>b7kn3APi45hTIGgnbhSvwInLmMP=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-caa9c9fc-8225-403e-b844-fffa7e439ec6-1" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>80Q2miLGWvPm9Tl8qN2CwPHwbIA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>..removed..</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-20121b2c-b772-4bc9-83fe-f422d6a80a0b-1" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="uuid-caa9c9fc-8225-403e-b844-fffa7e439ec6-2">
<u:Created>2017-01-23T11:48:37.635Z</u:Created>
<u:Expires>2017-01-23T11:53:37.635Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" u:Id="_1">
.................. removed ............................
</s:Body>
</s:Envelope>
And this is the request when I use WS-Security 1.0:
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<ActivityId xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics" CorrelationId="8797dc6e-b03a-4681-ab6f-6d52c561a79a">3e959f6f-2b84-4aca-a024-b5b50f429730</ActivityId>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<o:BinarySecurityToken>
<!--Removed-->
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>frO7LOsocv71gm5QWTGhfem0VQY=</DigestValue>
</Reference>
<Reference URI="#uuid-5768e670-1786-4c0c-b563-0306ac7fc3eb-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>/FLwiT1IYuqSWdrthZRebVeql0c=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>..removed..</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-2cf2ba54-442a-422c-a2e7-b6861431c23b-2" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="uuid-5768e670-1786-4c0c-b563-0306ac7fc3eb-1">
<u:Created>2017-01-23T11:36:11.128Z</u:Created>
<u:Expires>2017-01-23T11:41:11.128Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" u:Id="_1">
... removed ...
</s:Body>
</s:Envelope>
In this case no encryption is included in the request.
The question is, why my client uses encryption when I change from WS-Security 1.0 to 1.1?
How can I avoid this?
Thanks.
I created WCF client that integrates Java WS. The idea is quite easy. I should sign my request with client's certificate and the server should return signed response. Signed by server's private key. All communications runs over SSL.
I enabled .NET tracing and I can see that my request is processed successfully and that the response is received. Unfortunately I received the following exception:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type.
I found a Yaron blog and he proposed a solution that does not work me.
Here is my client configuration:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.diagnostics>
<sources>
<source propagateActivity="true" name="System.ServiceModel" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel.IdentityModel" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source propagateActivity="true" name="System.ServiceModel.Activation" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging" switchValue="All" logKnownPii="true">
<listeners>
<add name="xml" />
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="c:\log\Traces.svclog" type="System.Diagnostics.XmlWriterTraceListener"
name="xml" traceOutputOptions="None">
</add>
</sharedListeners>
<trace autoflush="true" indentsize="2">
<listeners>
<add name="xml"/>
</listeners>
</trace>
</system.diagnostics>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logKnownPii="true" logMalformedMessages="false"
logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true"
/>
<endToEndTracing propagateActivity="true" activityTracing="true"
messageFlowTracing="true" />
</diagnostics>
<client>
<endpoint address="https://www.server.com/ws"
behaviorConfiguration="clientCertificateBehaviour" binding="customBinding"
bindingConfiguration="appCustomBinding" contract="ws.services"
name="app-servicesSOAP" >
</endpoint>
</client>
<bindings>
<customBinding>
<binding name="appCustomBinding">
<security allowSerializedSigningTokenOnReply="true" enableUnsecuredResponse="true"
authenticationMode="CertificateOverTransport" requireDerivedKeys="false"
securityHeaderLayout="Lax" allowInsecureTransport="false"
messageProtectionOrder="SignBeforeEncrypt" protectTokens="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false" />
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport authenticationScheme="Digest" transferMode="Buffered"
requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientCertificateBehaviour">
<clientCredentials>
<clientCertificate findValue="CLIENT_CERT" storeLocation="CurrentUser"
x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="SERVER_CERT" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And the response I am receiving is:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-14514880453351538613570">
<wsu:Created>2015-12-30T15:07:25Z</wsu:Created>
<wsu:Expires>2015-12-30T15:12:25Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-14501832448541055407999">MASASIFIjCCB.......</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1450183244852-860467203">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-14514880453351164099649">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>./SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/ds:Signature[1]/ds:KeyInfo/wsse:SecurityTokenReference</ds:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</wsse:TransformationParameters>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>5kmj7l.....</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#XWSSGID-14514880453351538613570">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>GssfNgXcx....</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>zcfVW....</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1451488045318234803139">
<wsse:Reference URI="#XWSSGID-14501832448541055407999" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-14514880453351164099649">
body content
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The exception i received should indicate that the certificate is incorrectly referenced but I do not see anything to be wrong in the response. Is this WCF related issue?
Thanx!
Try authenticationMode of "mutualCertificate", set ProtectionLevel.Sign on the contract, and posisbly also allowSerializedTokenOnResponse=true. Some more information here: https://gist.github.com/yaronn/6775810
I have an wcf service that has classical username-password message security.
On transport level this service has https
Binding is typical
<bindings>
<wsHttpBinding>
<binding name="RgiServiceBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
But. Now we should add client signing to this interchange. We decide to use standard wsse headers for this signature.
Example:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IRgiService/RegisterAuction</a:Action>
<a:MessageID>urn:uuid:054cd820-1e0c-4643-881d-48d8c7682080</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://ws.test.rosim.ru:8443/RGI_ETP/RgiService.svc</a:To>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken b:Id="urn:uuid:bc811ecb-4313-44f4-a627-9237d147294e" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:b="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<Username>login</Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</Password>
</UsernameToken>
</Security>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:actor="http://esugi.rosim.ru/pibi/actors/etp">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411" />
<Reference URI="#body8d018149d5ea441a817ea018da2c8ce1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411" />
<DigestValue>0pgHWuhnDlw/s8aHBxbk2FrHc072go1xXE/JnUBboRk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>aL6ag12120eSmz6CQYQY8HjgZ+Gdz6UfaRZdV9qXY21ccxVfCkme1zsSw9Vy4jh2ofK/QYsebomEnWd51xIq1w==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#cert9c65aba5ea814fc5a27137859c9c3df2" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="cert9c65aba5ea814fc5a27137859c9c3df2">therewascertificateinbase64</wsse:BinarySecurityToken>
</wsse:Security>
</s:Header>
<s:Body>
<RegisterAuction xmlns="http://tempuri.org/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" wsu:Id="body8d018149d5ea441a817ea018da2c8ce1">
<auctionInfo xmlns:b="http://schemas.datacontract.org/2004/07/Rgi.Etp.Service.Contract.DataContracts">
<b:AuctionNumber>1112233</b:AuctionNumber>
<b:Note>Новый аукцион создан</b:Note>
</auctionInfo>
<tradeRequestInfo xmlns:b="http://schemas.datacontract.org/2004/07/Rgi.Etp.Service.Contract.DataContracts">
<b:TradeRequestDate>2015-03-11T00:00:00</b:TradeRequestDate>
<b:TradeRequestNumber>111</b:TradeRequestNumber>
</tradeRequestInfo>
</RegisterAuction>
</s:Body>
</s:Envelope>
But WCF don't want to work with multiple wsse headers. It says "An error occurred when verifying security for the message." without any additional info, and it is before my own code.
Can I do something to get my signatures on server side and my username validation works?
I'm trying to connect with an external Java Web service with WS-Security enabled over https with a WCF client.
The service use UserNameToken authentication.
When the client call the service, I get this exception:
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.
I use a custom binding with this configuration:
The endpoint:
<endpoint address="https://des-afirma.redsara.es/afirmaws/services/ValidarFirma"
binding="customBinding" bindingConfiguration="ValidarFirmaBinding"
contract="AFirma.Firma" name="ValidarFirma" />
</endpoint>
The binding:
<binding name="ValidarFirmaBinding">
<textMessageEncoding messageVersion="Soap11" />
<security
allowSerializedSigningTokenOnReply="true"
authenticationMode="UserNameOverTransport">
<secureConversationBootstrap />
</security>
<httpsTransport>
<extendedProtectionPolicy policyEnforcement="Never" />
</httpsTransport>
</binding>
I read this link http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html and I configured the allowSerializedSigningTokenOnReply value, but it failed.
This is the message generated by WCF:
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action />
<wsa:MessageID>urn:uuid:5b36bb8b-4a59-4c5f-9c67-065543db51d5</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://des-afirma.redsara.es/afirmaws/services/ValidarFirma</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-cef53b94-4432-4ede-89ea-7a42b7a686d2">
<wsu:Created>2012-11-13T13:49:32Z</wsu:Created>
<wsu:Expires>2012-11-13T13:54:32Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="SecurityToken-40deaa3d-fe02-4462-963e-7705e4648b24">
<wsse:Username>UserName</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">[Password]</wsse:Password>
<wsse:Nonce>G5CU1R6lKSTpBQ0FAF01rA==</wsse:Nonce>
<wsu:Created>2012-11-13T13:49:32Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ValidarFirma xmlns="http://afirmaws/services/ValidarFirma">
<paramIn xmlns="">[Param value (XML String)]</paramIn>
</ValidarFirma>
</soap:Body>
</soap:Envelope>
And this is the response:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="binaryToken">
MIIG2TCCBcGgAwIBAgIISXHqSo0f+C0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UEAxMIQUNDVi1D
[...]
</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signature-BDFADICIJJIDI81">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#SignedBody-BDFADICIJJIDI81">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>TFKLyv9zd1G7RXK4sJV+hG2WfqQ=</DigestValue>
</Reference>
<Reference URI="#keyInfo-BDFADICIJJIDI81">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>SWO3sIcC16EcT17pBREoGe3CVes=</DigestValue>
</Reference>
<Reference URI="#binaryToken">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>GT+8/UoUzQgUAhvc25bn+DL6T1E=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue Id="SignatureValue-BDFADICIJJIDI81">
sTVgtvYlVuwhQ9XGcTfHh7lKdUcsf8vF6vyJ/5LVxuwarRDAjMzHcQlvFBlZTn8f
[..]
</SignatureValue>
<KeyInfo Id="keyInfo-BDFADICIJJIDI81">
<KeyValue>
<RSAKeyValue>
<Modulus>
tCxb/yk9DgCJmdxshvm6RwQtRMHqTdI2nDzQ2C761KEGmAaz7jrv8PtVSoNMRVr9
[...]
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>
MIIG2TCCBcGgAwIBAgIISXHqSo0f+C0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE
[...]
</X509Certificate>
<X509IssuerSerial>
<X509IssuerName>Certificate name</X509IssuerName>
<X509SerialNumber>Serial number</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
<wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#binaryToken" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="SignedBody-BDFADICIJJIDI81">
<ValidarFirmaResponse xmlns="http://afirmaws/services/ValidarFirma">
<ValidarFirmaReturn xmlns="" xsi:type="c0bxsd:string">
[return value (XML String)]
</ValidarFirmaReturn>
</ValidarFirmaResponse>
</soapenv:Body>
</soapenv:Envelope>
I tried the web service with WSE 3.0 and it works, but I can't install the package in the server because it is Windows Server 2008 and the installation failed.
Try to play with MessageSecurityVersion (for example
WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11) and security tag. And look at soap envelop.
I am trying the samples from the Learning WCF book and trying to inspect the HTTP request/response. I can see the HTTP Request headers in MS TraceViewer but strangely not the response headers. (only envelope). If you notice something amiss, could you please let me know?
<configuration>
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtServiceLevel="true"/>
</diagnostics>
<!--other stuff-->
<system.diagnostics>
<sources>
<source name="System.ServiceModel" switchValue="Off, ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add initializeData="x.log" type="System.Diagnostics.XmlWriterTraceListener"
name="sdt">
<filter type="" />
</add>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging" switchValue="Verbose,ActivityTracing">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add name="ServiceModelMessageLoggingListener">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="D:\temp\messages.xml" type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
name="ServiceModelMessageLoggingListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
</configuration>
Request gets logged properly:
<MessageLogTraceRecord>
<HttpRequest xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<Method>POST</Method>
<QueryString></QueryString>
<WebHeaders>
<SOAPAction>"http://www.thatindigogirl.com/samples/2006/06/GigManagerServiceContract/SaveGig"</SOAPAction>
<Connection>Keep-Alive</Connection>
<Content-Length>485</Content-Length>
<Content-Type>text/xml; charset=utf-8</Content-Type>
<Expect>100-continue</Expect>
<Host>localhost:8000</Host>
</WebHeaders>
</HttpRequest>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<To s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://localhost:8000/GigManagerService</To>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://www.thatindigogirl.com/samples/2006/06/GigManagerServiceContract/SaveGig</Action>
</s:Header>
<s:Body>
<SaveGig xmlns="http://www.thatindigogirl.com/samples/2006/06">
<item xmlns:a="wcf_expts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<a:DateEnd>2009-11-01T05:30:00</a:DateEnd>
<a:DateStart>2009-10-31T22:30:00</a:DateStart>
<a:Description>some desc</a:Description>
<a:Id>0</a:Id>
<a:Place i:nil="true"></a:Place>
<a:Title>some boring event</a:Title>
<a:Url>http://askfdj.com</a:Url>
</item>
</SaveGig>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
and the Response I see in Trace Viewer (why no headers, http response?)
<MessageLogTraceRecord>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://www.thatindigogirl.com/samples/2006/06/GigManagerServiceContract/SaveGigResponse</Action>
</s:Header>
<s:Body>
<SaveGigResponse xmlns="http://www.thatindigogirl.com/samples/2006/06"></SaveGigResponse>
</s:Body>
</s:Envelope>
</MessageLogTraceRecord>
Are you doing streaming on the response side? That would explain it - when you use streaming, only headers will be logged (not the streamed data).
Marc
If the message was streamed, you would see "...stream..." in the Body tag of the trace (I wrote a post on that.
Aare there other headers than the SOAP headers for a response to an HttpRequest? I mean what you seem to look for is HttpRequest headers, but the response isn't an HttpRequest. I'm not sure, so I might be very wrong :)