.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WS-Security, WS-SecurityPolicy, and Java interop

Posted By:      Posted Date: October 06, 2010    Points: 0   Category :WCF

I have a service that I'm trying to consume with a java client (and JBossWS). The problem I'm facing is that JBossWS supports WS-Security but not WS-SecurityPolicy.  From what i've gathered (on msdn and google) is that by adding 'Username' authentication WS-SecurityPolicy is added to the wsdl by default. Our java client is requesting that the WS-Security should be added while removing WS-SecurityPoicy.  Is that possible?


<wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='ProductionBinding_policy'>
<sp:TransportBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
<sp:HttpsToken RequireClientCertificate='false'/>
WCF Endpoint Binding:

<binding name="soapBinding">
<security authenticationMode="UserNameOverTransport" enableUnsecuredResponse="True" />
<textMessageEncoding messageVersion="Soap11" />

View Complete Post

More Related Resource Links

WCF client Java interop - No Response Headers = MessageSecurityEx

I am using a WCF client to communicate with a Websphere hosted web service.  The service requires my message to be signed, but not encrypted.  This is being done and works as expected.  I can see in my trace logs that I get a valid response back from the service.  However, it isn't making past the proxy becuase of the following error: System.ServiceModel.Security.MessageSecurityException: Security processor was un able to find a security header in the message. This might be because the message  is an unsecured fault or because there is a binding mismatch between the commun icating parties.   This can occur if the service is configured for security and the client is not using security. I've edited the binding to remove the timestamp and have verified that it is not being sent, however, I still get this error.   Here's what the header of my request looks like: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <ActivityId CorrelationId="b0d474df-8b00-4c30-bd05-d1e478529ce4" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">cb8e51de-83b4-4bfe-bf1c-fd92ce86f557</ActivityId> <o:Security s:mustUnderstand="1" xmlns:o="http://

WCF and Java Web Service Interop -- WS-Securtity 1.0 with MutualCertificate

I am trying to use WCF to call a Java Web Service.  The Web Service has several security requirements based on the Basic Security Profile 1.0:- The client and service should both use certificates  - The certificates will be used to sign and encrypt the message.- In addition, a supporting UsernameToken should be included.Based on those requirements, it seems like I should be using the MutualCertificate (or MutualCertificateDuplex) authentication mode:<customBinding> <binding name="Custom11">  <textMessageEncoding messageVersion="Soap11" />  <security defaultAlgorithmSuite="TripleDesRsa15" allowSerializedSigningTokenOnReply="true"    authenticationMode="MutualCertificate" requireDerivedKeys="false"    includeTimestamp="true" messageProtectionOrder="EncryptBeforeSign"    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"    requireSecurityContextCancellation="false">  </security>  <httpTransport /> </binding></customBinding>And then I need to add a supporting token for the user name.  Something like:BindingElementCollection elements = binding.CreateBindingElements();SecurityBindingElement security = elements.Find<SecurityBindingElement>();UserNameSecuri

WCF Security Interoperability with Java web service

Hi everybody, I'm implementing a WCF client which talks to a Java web service secured with x509 certificates and username token. The service requires both signing and encryption as message protection. Thanks to Yaron Naveh and some other guys on this forum I've managed to solve the signing stuff, but the encryption seems to be much more difficult. The problem I'm facing now is the server cannot decrypt my messages - I'm getting HTTP 500 errors. I've got a request example from the service vendor and compared with the messages my client generates, there is only one difference: in the example provided by service vendor I can see an extra tag KeyInfo under the EncryptedData, which seems to me reasonable to be there, but I don't know why WCF doesn't put that item. These are the two SOAP request sections I'm talking about: My WCF client: <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <e:CipherData> <e:CipherValue> <!-- Removed--> </e:CipherValue> </e:Cipher

WCF - Java web service interop - Signed outgoing message not accepted

Hi, I try to sign a message using a certificate and a private key to call a java (JBoss) web service, but the server refuses to accept my signed message. It only echoes back the same message that I've sent. I have successfully signed the outgoing message using the certificate, and the structure of the message look alright when I compare it to an exampel message supplied by the web service creator. I use a custom binding declared as shown below <binding name="FSACustomServiceBinding"                  closeTimeout="00:01:00"                  openTimeout="00:01:00"                  receiveTimeout="00:10:00"                  sendTimeout="00:01:00">           <textMessageEncoding             messageVersion="Soap11" />           <security             authenticationMode="MutualCertificate"             requireDerivedKeys="false"             keyEntropyMode="ClientEntropy"        &nb

WCF - Java web service interop - Problem with asymmetric binding

Hi, I try to communicate with a Java web service and run into the following error: Error: System.ServiceModel.Security.MessageSecurityException: The incoming message was signed with a token which was different from what used to encrypt the body.  This was not expected. Server stack trace:    at System.ServiceModel.Security.TokenTracker.RecordToken(SecurityToken token)    at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)    at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)    at System.ServiceModel.Security.StrictModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)    at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)    at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)    at System.ServiceModel.Security.AsymmetricSecurity

Microsoft.Interop.Security.AzRoles registration issue


Hi All,

I am facing an issue with the Azroles dll when using with a Smart client application. 

Below is the complete exception:

Handling instance: fb5809ad-828d-45b6-873a-5dd0d4e65cf5

Date and time: 30/11/2010 11:47:00

Machine name: LDSCXA3

IP Address:

Current User: ITVPLC\AdarSree

Application Domain: ConMaint.exe

Assembly codebase: file:///M:/Program Files/Genersys/ConMaint.exe

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

COM Interop in C# 4.0

Let's take a bit of a recap of how far we've come. We've chatted about dynamic binding in C# and how that all plays in with the DLR, and about named and optional arguments and how they change the way methods are bound. The only other major piece in C# 4.0 is this notion of COM interop. We chatted about how dynamic really is a gateway to interop with different object models and languages (ie interacting with dynamic languages, dynamic object models, javascript objects, HTML DOM etc), but in C# 4.0, we want to go a bit further and provide you a few more tools to help make your interop life much easier.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

XBAP Security


We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Security Question Answer Retrieval


I know there is a method built in for retrieving the encrypted password, but how do I retrieve the encrypted security answer?

What I want to do is have a member profile update screen that the end user can update their password and security question and answer. However, when they get to this page, I want to already be showing the security question (the easy part) and its answer (the not so easy part).

I have updated web.config with passwordFormat=Encrypted and have added a machineKey with the generator (forgot the link, but located on eggheadcafe somewhere).

I haven't done ANYTHING yet, since I already have a user store with hashed information. I wanted to get some functionality done before publishing, wiping the store and recreating users (only a couple developers).


C# / Java webservice


I am writting a client applicatin that acesses a webservice written by another company.  I need to test against this webservice but since it is live I need another place to test with.  I don't have access to the code from the webservice but have added a reference to my project.  I would like to create a test platform using C# which will run on IIS and not Java.

I have created a basic webserive using both the NetBeans platform and the VS/C# platform.  The problem I am having is if I dynamically change the web address from one to the other my client application complains that the webservice is invalid.  I have verified all the calls are the same.

Are there any setting with VS/C# that allow me to configure it to behave more like the Java webservice?  I don't have the server support to host the Java application for full testing along with other problems using the Java version.

I have run both services in the "WCF Test Client" and can see where the WCF service uses the varibles for request and the Java uses body/request but can't get the WCF to follow that format.  I read somewhere about changing the OperationContract with SoapRpcMethod but then the mentod is not longer exposed. I also tried a Web Service in .NET 3.5 instead of a WCF server but that seems to be more trouble and does not

WCF The Security Support Provider Interface (SSPI) negotiation failed


I am using a wcf service that I created, when both hosting machine and the client machine are on the same domain everything works just fine. When I publish the client app to the webserver in the DMZ I am getting the following error:

SOAP security negotiation with '' for   
'' failed. See inner exception  
for more details.The Security Support Provider Interface (SSPI) negotiation failed.

Here is my service main where I set up the service


 Uri baseAddress = new Uri("Http://");
      ServiceHost selfHost = new ServiceHost(typeof(QBService), baseAddress);

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend