We Keep Coding

Basicbinding ServiceSecurityContext Null

I have a service that uses wsHttpBinding security mode="Message" message clientCredentialType="Windows" negotiateServiceCredential="false" establishSecurityContext="false" .
When a client calls the service, on the service side I can use ServiceSecurityContext context = OperationContext.Current.ServiceSecurityContext; in order to get the callers credentials.
However, now I need a Java client to call this service. Apparently, wsHttpBinding does not interop easily w/Java (I thought that was the whole point of services). So I need to change the binding to basicHttpBinding to get the interop, but now OperationContext.Current.ServiceSecurityContext returns null.
I have tried mutliple combinations from posts I have seen, but all the post are slightly different and did not work for me.
I am hoping that someone smarter than I can resolve this once and for all.
Here are the requirements:
1.)Basicbinding needs to be used.
2.)OperationContext.Current.ServiceSecurityContext needs to be populated automatically and retrieved on server side like it is with wsHttpBinding.
Here are the basic bindings I used among others..
<basicHttpBinding>
<binding name="CustomBasicBinding"
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
Is it possible?
Thanks in advance

WCF wsHttpBinding in SoapUI

I am trying to add WCF service with wsHttpBinding to soapUI.
I am using message security and it works with test client but SoapUI returns
An error occurred when verifying security for the message
Here is service configuration:
<wsHttpBinding>
<binding name="wsHttpSecure">
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="true"
establishSecurityContext="false" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
Here http://www.soapui.org/SOAP-and-WSDL/applying-ws-security.html is a document but they say I need .jks file. I only have encoded public key value generated by SvcUtil in test client configuration file.

after a lot of research I found a solution on a blog.
You need to check the WS-A:To checkbox, located on the WS-A options tab.
After doing that, my problem was solved.
This is the blog containing the solution. Thanks David!!

this setting is not interoperable with soapUI:
negotiateServiceCredential="true"
change it to false

UsernameToken and SSL in WCF 4 web service

I am creating a web service that will be consumed by a single client in another part of the world. I don't have any knowledge or control over the technology they are using but have been asked to
"use SSL to encrypt the message during transport and use UsernameToken
for client authentication"
I'm planning to use WCF4 to create the service and know generally how to set this all up. However I'm struggling to find the correct configuration for bindings etc. Google gives me lots of results around WSE 3.0 but I'm pretty sure (please correct me if I'm wrong) that I shouldn't be using WSE for a WCF service.
This article initially seems to suggest I should be using a custom binding but then also says I should "consider using the WCF system-defined bindings with appropriate security settings instead of creating a custom binding". However I can't see any examples of what this should be.
I would be grateful if anyone can point me in the right direction.
tl;dr: What are the WCF4 config settings to support SSL and UsernameToken?

Take a look at the WsHttpBinding. You can use a security mode of TransportWithMessageCredential to use SSL and a message credential of UserName. If you are hosting in IIS set up SSL there.
You can set up the binding in config as follows.
<bindings>
<wsHttpBinding>
<binding name="secureBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
You can then use this binding config as follows
<services>
<service name="ServiceName">
<endpoint address="" binding="wsHttpBinding" contract="ContractType" bindingConfiguration="secureBinding" />
</service>
</services>
Both these elements are children of the system.serviceModel element in config.

wsHttpBinding Message Security

I have a wsHttpBinding like this
<wsHttpBinding>
<binding name="binding1">
<security mode="Message" >
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
If only NTLM is available,
Is this mean WCF will send client's credential through SOAP message?
Is this configuration compatible with ws-security?
Thanks

Both your questions are answered with a YES. Please read http://www.codeproject.com/KB/WCF/HttpBinding.aspx for details:
As WsHttBinding supports WS-*, it has WS-Security enabled by default. So the data is not sent in plain text.

WCF - Transport Security w/ message level encryption

Is it possible to use both Transport security (HTTPS, authentication with a Client cert) in addition to message-level encryption via configuration in WCF? Is this done with wsHttpBinding out-of-the-box?
I am attempting to accomplish this with a custom binding, but am unable to tell if the requests are being encrypted at the message level because they appear as plain text in the trace logs.
I've done quite a bit of research but can't seem to find any solid answers. Any help is appreciated!

Yes, it's possible to have both as described in this MSDN article. The article is pretty thorough & detailed but the crux of enabling this functionality is this setting:
<!-- snipped -->
<wsHttpBinding>
<binding name="wsHttp">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate"/>
<message clientCredentialType="Certificate"
negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
<!-- snipped -->