.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

How can add, modify, delete security elements in SOAP header. Catch localhost comunication.

Posted By:      Posted Date: April 10, 2011    Points: 0   Category :SharePoint

Hi. I have a problem with configuring security in bindings for SOAP message security (WS-Security). When I use wsHttpBinding in configuration file without any modification of binding and service behaviour and i use [ServiceContract(ProtectionLevel = ProtectionLevel.None)] for my service the result soap request from wcf test client utility is:


<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">

View Complete Post

More Related Resource Links

Why does WCF add two Signature elements in the SOAP header when using a TransportSecurityBindingEle

I try to call a web service that implements the following standards from a WCF client:   WS-I Basic Security Profile Version 1.0 Web Services Security X.509 Certificate Token Profile, OASIS Standard X.509 used for digitally signing digests of uploaded files and web service requests SOAP 1.1/1.2. HTTPS 1.1 I use the a CustomBinding created in the following maner: HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement(); httpsTransport.ProxyAddress = new Uri("http://myproxy:8080"); httpsTransport.UseDefaultWebProxy = false; // the message security binding element will be configured to require // a client certificate used to sign the message TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); // Create supporting token parameters for the client X509 certificate. X509SecurityTokenParameters clientX509SupportingTokenParameters = new X509SecurityTokenParameters(); // Specify that the supporting token is passed in message send by the client to the service clientX509SupportingTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; // Turn off derived keys clientX509SupportingTokenParameters.RequireDerivedKeys = false; // Augment the binding element to require the client's X509 certificate as an endorsing token i

SOAP Security Header: EncryptedData



I am configuring WCF to talk to non-.NET SOAP Framework.

The SOAP message will be encrypted with public-key, with Timestamp and UsernameToken in the Security Header.

I am starting off with CreateAnonymousForCertificateBindingElement(), and adding UserNameSecurityTokenParameters() to EndpointSupportingTokenParameters.Signed collection.

Difficulty is: In the SOAP Security Header I get ONE EncryptedData element that is giving the 3rd party service trouble... If I use a tool to submit altered SOAP Envelope without EncryptedData element (which seems to be not needed) the 3rd party service takes the request successfuly.

1) What may be generating this EncryptedData element?
2) How could EncryptedData be turned off OR removed from the Security Header?


Thank you


Modify SOAP header Mustunderstand attribute in WCF client

 I am writing a WCF client for a service (not WCF). Getting an error that Unprocessed 'mustUnderstand' header element: {http://www.w3.org/2005/08/addressing}Action, because request SOAP contains header with mustunderstand='true'. I have to either set it false or remove the whole header. can you show the way to do that?

Trouble with client's SOAP security header


Out client has a web service I need to call to get some order details.  It's a SOAP service and I'm calling it over SSL.  The message has to include a username/password as well as a SSL certificate.  I have the SSL cert on my system and I sent them a copy of the public key to install on their web server.

I was unable to get it working in 2008 with WCF so I am now trying WSE in 2005.  I'm now generating a username and password but I cannot get my SSL cert included in the header.  When I try to add the cert through the WSE 3.0 setting I get an error saying the cert can't be used for encryption.  This is fine because the cert is only supposed to be used for identification. 

Here is an example SOAP header the client sent me:

    <wsa:Action wsu:Id="Id-d02f4053-1c85-41ad-a7a8-dbf6be15ddca">http://www.test.com/Order</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3aadc603-4235-4ca3-a09e-6ff39b65ad8a">uuid:3024666c-d0f2-48a3-b9a7-ab10eaaeee63</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b4508af4-5e71-42cf-a249-890b89e1334">

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

WSE 3.0 - Security , How do you set the mustUnderstand="0"?

Hi,I have some client code that uses wse 3.0.  The XML generated  <wsse:Security soap:mustUnderstand="1">     <wsu:Timestamp wsu:Id="Timestamp-e5dc384a-9e79-46e7-9e4d-0caf339bd7a6">       <wsu:Created>2008-09-29T20:31:18Z</wsu:Created>       <wsu:Expires>2008-09-29T20:36:18Z</wsu:Expires>     </wsu:Timestamp>     <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-f3807851-2042-442c-be07-99e36bdc337d">         <wsse:Username>andrew</wsse:Username>         <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">andrew</wsse:Password>         <wsse:Nonce>szwJdqOs2RsUGP32KT49+A==</wsse:Nonce>         <wsu:Created>2008-09-29T20:31:18Z</wsu:Created>     </wsse:UsernameToken> </wsse:Security>How do you change the header so that it reads soap:mustUnderstand="0" ?I read you have to implement a soap filter and manually change the attribute, is this true?  Is there an easier way?Thanks in Advance,Andrew

How do I do not encrypt the soap header using WCF ?

  Hello Yaron, After reading your post at http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/e1288179-63aa-41d7-ad5b-72363d4cc7d8 I decided ask for your help. If you can give some head light about my problem I'll really apretiate it. I'm trying to consume a java webservice that requires that the request message be signed with a certificate. For testing purponses I created a x509 certificate using de makecert.exe on my localmachine and thogth the certmgr.msc I genereated the public key (a .cer file) and passed to the java webservices team that developed that webservice to install it on the server...) Now I'm trying to create a simple client that consumes that java webservice but I'm percepting that the request message is going to the server, encrypted, what I do not want. The java Team told me that the webservice expects a message just signed but not encrypted. They told me that the request message should be something like this:   ID: 26 Address: http://localhost:9000/SubjectService Encoding: UTF-8 Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:8a0433e7-4756-47e3-a611-a38163a9e50c"; start="<root.message@cxf.apache.org>"; start-info="text/xml" Headers: {SOAPAction=[""], Accept=[*/*]} Payload: --uuid:8a0433e7-4756-47e3-a611-a38163a9e50c Content-Type: application/xop

WCF Exception "Message security verification failed" only with header!

Hi, I've got a WCF service doing Username authentication. I authenticate with AD and authorize using AzMan on AD. I'm hosting the service in IIS 6 and its running in an app pool that runs in a domain account that has read rights on the AD. I have a custom header that goes both ways. Everything works well until I assign the custom header to return. If I never assign the custom header to return everything is ok but if I do assign the custom header to return I get the error:- Message security verification failed.Duplicate attribute found. Both 'u:Id' and 'u:Id' are from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'. Line 1, position 520. I've got service level message tracing and I can see the secure conversation stuff happening and the messages going across the interface.   If anyone has any ideas I'd be most appreciative.   Thanks,   Andy

Security processor was unable to find a security header in the message



Recently on one of my machines, my client (WCF client) is having problem talking to WCF server. Both server and client are running on the same machine. The machine is Windows7 64 bit machine. It used to work fine until recently. The same software is working fine on all other machines with exactly same configuration. I am really confused here. Could someone please let me know what could be the problem?

Exception Type:

System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089


Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

Stack Trace: System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout) System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout) System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) System.ServiceModel.Channels.SecurityChannelListener

WSE 2.0 and/or WCF - how to set wsa:Action in soap:Header different from HTTP header SoapAction?


I currently have a WSE 2.0 WebServicesClientProtocol object (generated from WSDL) created which has a a valid uri as its soapAction (from the WSDL binding). I need to set the <wsa:Action> value in the <soap:Header> to something other than the binding's soapAction. I know this violates W3C protocol, but the web services are another party's and cannot be changed.

I code (where "transport" is the WebServicesClientProtocol object) :

transport.RequestSoapContext.Addressing.Action = new Microsoft.Web.Services2.Addressing.Action(reqAction);

and can see in the VS debugger that it sets the action, but when I call the method to send the web request the <wsa:Action> is reset to the same value as the soapAction in the HTTP header. I assume WSE 2.0 is doing this. Can a custom SoapOutputFilter help me to "manually override" the <wsa:Action>?

If I abandon WSE 2.0 (which I kno

Hyperlink to add, modify and delete?


On the home page of my SP2010 site (http://blahblah.com/Dev/default.aspx ) I have a few icons.  On the left is the usual SP Libraries and Lists.  In one of the lists is a fairly elaborate InfoPath based add/remove/delete screens (http://blahblah/Dev/Lists/CMDB/AllItems.aspx ).  I'd like to make the icons on the home page hyperlinked to allow the user to jump directly into the 'Add new Item' to a list, 'Edit' a list item, or 'Modify' a list item ... all in modal dialog format.

If I go to the list I want to have this work for and hover over the Add New Item in the List I get this:


Is there a way to easily provide a hyperlink to this?


SECU1075: An error was discovered processing the header


I have designed a console application as a web service client which is able to talk with webservice; however instead of using a console application, I've written a DLL that is called from a Winform app and  I am getting following error message.

Error message System.Web.Services.Protocols.SoapException: SECU1075: An error was discovered processing the <wsse:Security> header

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)


error sending SOAP data to http://localhost/myWCFService/MyWCFService.svc


I am a beginner with WCF services, trying to learn. I created a WCF service where MyWCFServiceInterface has service and data contracts. MyWCFService class implements this interface and has two methods that connect to sqlServer DB to run Sprocs to fetch data. I am hosting this WCFService using IIS6.0. I created a webclient to test the service, which works fine. When I call the service using soap request I get the following error: Could not POST file MyWCFService/MyWCFService.svc on server localhost(415). error sending SOAP data to http://localhost/MyWCFService/MyWCFService.svc


Please check the following wsdl and the soap request and suggest corrections. I greatly appreciate your help. Thanks.



<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:tns="http://tempuri.org/" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:soap12=&q

SSIS calling proxy class but need to add soap header (?)

Hi guys I am a bit of newbie to both web services and SSIS.....
I have a SSIS 2005 (not 2008!) package that consumes a WCF Web service which was written by another company.  This company generated a proxy class in VB for me and I copied and pasted the code into my SSIS VB script task.
Here is the beginning of the proxy class:
Namespace abc.xxx.xxxxxxx.Client.xxxxx
    <System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038"), _
     System.Diagnostics.DebuggerStepThroughAttribute(), _
     System.ComponentModel.DesignerCategoryAttribute("code"), _
     System.Web.Services.WebServiceBindingAttribute(Name:="BasicHttpBinding_Idkdkdkdkdkdk", [Namespace]:="http://blah/"), _
     System.Xml.Serialization.XmlIncludeAttribute(GetType(dddddddddd))> _
    Partial Public Class class1
It appears to be fine but when I tried to call any web service method, it returns a soap error "username is not in HTTP header".  I asked the company that wrote the Web service and

WCF interoperability with Java SOAP service - sign elements order, force wsu id value



I need to consume a SOAP web service created in Java from a WCF client. By intensively searching this on the web in general and on this forum in particular, I've seen that quite a lot of people have problems in this area, however I never found the answer to the questions I will post on this thread.

The service I have to consume has the following constraints:

  • needs transport level security by communicating over HTTPS 
  • needs signatures on the body (soap:body element) and a custom header of each request. The signature is done using a client certificate and complies with http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf. The signature is required only on requests. Service responses are not signed.

After an intensive amount of work I managed  to make my request messages look like (intercepted with fiddler):

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u<

how to create wsse:Security header programatically from code



I want to create the following wsse:Security header from C# code:

<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <wsu:Timestamp wsu:Id="Timestamp-02be6222-d34d-4c19-bb35-f4e98cc18534" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="SecurityToken-3f7f983f-66ce-480d-bce6-170632d33f92" xmlns:wsu="

How do I create a CustomBinding for wsse:Security Header with UsernameToken without security?


Hello i'm pretty new to WebServices and i'm trying to connect my WCF-client to a JBoss-WebService with SOAP12.

My request message has to look as following: (yes there is no security at all)


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"> 
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">boo</wsse:Password>
<ns2:getNames() xmlns:ns2="http://localhost/myJBossWS" />
This is my CustomBinding, but it has no SecurityBindingElement, because nothing suits to me, they all require either ssl or a certificate.
Please help me to build a right binding to
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend