.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How do I create a CustomBinding for wsse:Security Header with UsernameToken without security?

Posted By:      Posted Date: October 08, 2010    Points: 0   Category :WCF

Hello i'm pretty new to WebServices and i'm trying to connect my WCF-client to a JBoss-WebService with SOAP12.

My request message has to look as following: (yes there is no security at all)


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"> 
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">boo</wsse:Password>
<ns2:getNames() xmlns:ns2="http://localhost/myJBossWS" />
This is my CustomBinding, but it has no SecurityBindingElement, because nothing suits to me, they all require either ssl or a certificate.
Please help me to build a right binding to

View Complete Post

More Related Resource Links

how to create wsse:Security header programatically from code



I want to create the following wsse:Security header from C# code:

<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <wsu:Timestamp wsu:Id="Timestamp-02be6222-d34d-4c19-bb35-f4e98cc18534" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="SecurityToken-3f7f983f-66ce-480d-bce6-170632d33f92" xmlns:wsu="

SECU1075: An error was discovered processing the header


I have designed a console application as a web service client which is able to talk with webservice; however instead of using a console application, I've written a DLL that is called from a Winform app and  I am getting following error message.

Error message System.Web.Services.Protocols.SoapException: SECU1075: An error was discovered processing the <wsse:Security> header

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)


Desktop Security: Create Custom Login Experiences With Credential Providers For Windows Vista


Why is a change to the Windows logon plug-in interface so exciting? Because with credential providers you can customize the logon experience for your users.

Dan Griffin

MSDN Magazine January 2007

.NET Zero Deployment: Security and Versioning Models in the Windows Forms Engine Help You Create and


Windows Forms applications solve many of the problems inherent in building Web applications the old fashioned way?with HTML. To demonstrate the use of Windows Forms over the Web, the author takes his existing app, Wahoo!, and ports it to Windows Forms. In doing so, he discusses versioning, linked files, security, storage isolation, the deployment model, and everything else you need to get started building your own Windows Forms apps for the Web.

Chris Sells

MSDN Magazine July 2002

WSE 3.0 - Security , How do you set the mustUnderstand="0"?

Hi,I have some client code that uses wse 3.0.  The XML generated  <wsse:Security soap:mustUnderstand="1">     <wsu:Timestamp wsu:Id="Timestamp-e5dc384a-9e79-46e7-9e4d-0caf339bd7a6">       <wsu:Created>2008-09-29T20:31:18Z</wsu:Created>       <wsu:Expires>2008-09-29T20:36:18Z</wsu:Expires>     </wsu:Timestamp>     <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-f3807851-2042-442c-be07-99e36bdc337d">         <wsse:Username>andrew</wsse:Username>         <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">andrew</wsse:Password>         <wsse:Nonce>szwJdqOs2RsUGP32KT49+A==</wsse:Nonce>         <wsu:Created>2008-09-29T20:31:18Z</wsu:Created>     </wsse:UsernameToken> </wsse:Security>How do you change the header so that it reads soap:mustUnderstand="0" ?I read you have to implement a soap filter and manually change the attribute, is this true?  Is there an easier way?Thanks in Advance,Andrew

Create SharePoint Security Group populated by AD query

Is there any non-code way to create a SharePoint Security Group that is populated by an AD query? The "standard" way of getting the same "effect" is to create a group that contains an AD group but that does not allow members of a particular site to see who else is also a member of the site Any thoughts?

WCF Exception "Message security verification failed" only with header!

Hi, I've got a WCF service doing Username authentication. I authenticate with AD and authorize using AzMan on AD. I'm hosting the service in IIS 6 and its running in an app pool that runs in a domain account that has read rights on the AD. I have a custom header that goes both ways. Everything works well until I assign the custom header to return. If I never assign the custom header to return everything is ok but if I do assign the custom header to return I get the error:- Message security verification failed.Duplicate attribute found. Both 'u:Id' and 'u:Id' are from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'. Line 1, position 520. I've got service level message tracing and I can see the secure conversation stuff happening and the messages going across the interface.   If anyone has any ideas I'd be most appreciative.   Thanks,   Andy

How to create custom security groups to control different custom activities?



How to create  custom security groups to control different  custom activities?

Thanks and Regards,

Swati Jain

Security processor was unable to find a security header in the message



Recently on one of my machines, my client (WCF client) is having problem talking to WCF server. Both server and client are running on the same machine. The machine is Windows7 64 bit machine. It used to work fine until recently. The same software is working fine on all other machines with exactly same configuration. I am really confused here. Could someone please let me know what could be the problem?

Exception Type:

System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089


Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

Stack Trace: System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) System.ServiceModel.Channels.SecurityChannelListener

SOAP Security Header: EncryptedData



I am configuring WCF to talk to non-.NET SOAP Framework.

The SOAP message will be encrypted with public-key, with Timestamp and UsernameToken in the Security Header.

I am starting off with CreateAnonymousForCertificateBindingElement(), and adding UserNameSecurityTokenParameters() to EndpointSupportingTokenParameters.Signed collection.

Difficulty is: In the SOAP Security Header I get ONE EncryptedData element that is giving the 3rd party service trouble... If I use a tool to submit altered SOAP Envelope without EncryptedData element (which seems to be not needed) the 3rd party service takes the request successfuly.

1) What may be generating this EncryptedData element?
2) How could EncryptedData be turned off OR removed from the Security Header?


Thank you


Adding Actor to Security Header


I have a WSE 3.0 web service client that I am trying to upgrade to use WCF.  This is connecting to a hosted Java web service and requires the Actor security attribute. In WSE 3.0 I used a SendSecurityFilter and SecurityPolicyAssertion to send the username/password and Actor.

I was easily able to send the username/password, but haven't had much luck with the Actor.  Doing some reading (example ) WCF does will not support the Actor element.  After researching and researching I can't seem to find a way to add it.  I've seen information about a custom contract, custom behavior but I keep coming up short.  I know it is possible because I have seen it in soap people have posted discussing other issues.  The closest thing I have come to is by extending the MessageContract generated in the Reference.cs and adding another header and setting the Actor on that, but this doesn't put it in the security header.

I would appreciate it if someone can point me in the right direction.

SSRS 2008 - Vista Security - Header Only

I installed SQL 2008 Developer and Reporting Services on my Vista Ultimate x64 box.  The box is a new rebuild and only has drivers and windows updates on it.  During the setup of SQL I told it to use my login as the account to run all the SQL services as including Reporting Services.  I also used the default configuration for SSRS during the setup. 

The problem I am having is everytime open http://<mycomputer>/reports I only see the header.  I am almost sure it is a security thing because if I browse to http://<mycomputer>/reports/pages/SystemSecurity.aspx I get a "You do not have permission to access this page". 

Another problem is everytime I first load http://<mycomputer>/reports it also asks me to log in.  I type in my account information that I am currently logged in as and it lets me in but again I only see the header.  I have added http://<mycomputer> as a trusted site while running IE as administrator but it did not help. 

Please help, all the google docs I keep finding only apply to SSRS 2005.

create a "security matrix" on the reporting server


using report builder 2.0

How do I create a "security matrix" to give users access to reports on my report server?

sorry if that question is not detailed enough, let me know if more information is needed, I'm new to SSRS.



How can add, modify, delete security elements in SOAP header. Catch localhost comunication.


Hi. I have a problem with configuring security in bindings for SOAP message security (WS-Security). When I use wsHttpBinding in configuration file without any modification of binding and service behaviour and i use [ServiceContract(ProtectionLevel = ProtectionLevel.None)] for my service the result soap request from wcf test client utility is:


<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">

Trouble with client's SOAP security header


Out client has a web service I need to call to get some order details.  It's a SOAP service and I'm calling it over SSL.  The message has to include a username/password as well as a SSL certificate.  I have the SSL cert on my system and I sent them a copy of the public key to install on their web server.

I was unable to get it working in 2008 with WCF so I am now trying WSE in 2005.  I'm now generating a username and password but I cannot get my SSL cert included in the header.  When I try to add the cert through the WSE 3.0 setting I get an error saying the cert can't be used for encryption.  This is fine because the cert is only supposed to be used for identification. 

Here is an example SOAP header the client sent me:

    <wsa:Action wsu:Id="Id-d02f4053-1c85-41ad-a7a8-dbf6be15ddca">http://www.test.com/Order</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3aadc603-4235-4ca3-a09e-6ff39b65ad8a">uuid:3024666c-d0f2-48a3-b9a7-ab10eaaeee63</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b4508af4-5e71-42cf-a249-890b89e1334">

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Create ToolTip for GridView Header

The following allows you to add a tooltip to the header links of your GridView, a feature that is lacking.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend