Geek Answers Handbook

Remove timestamp element from ws-security headers generated by WCF

I am using an old Java web service from WCF, which requires a request in the form:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Header> <wsse:Security mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="xxx" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ssecurity-utility-1.0.xsd"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </s:Header> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> ... </s:Body> </s:Envelope>

Using the following hack configuration "works", but I do not want the username and password displayed in config:

 <binding name="bindingName"> <security mode="Transport"> <transport clientCredentialType="Certificate" /> </security> </binding> ... <endpoint address="https://endpoint address" binding="basicHttpBinding" bindingConfiguration="bindingName" contract="contract" name="bindingName"> <headers> <wsse:Security mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-8293453" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ssecurity-utility-1.0.xsd"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </headers> </endpoint>

What I want to use is something like:

 <binding name="bindingName"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="Certificate" /> <message clientCredentialType="UserName" /> </security> </binding>

But this generates a timestamp element in the security element that java-webservice starts.

What I need to do is remove the timestamp from the XML it creates or have some kind of special binding to do this for me.

I tried to create user credentials, but that only changed the usernameToken element.

I have already covered many, many SO issues (many from 2007 and earlier), including the following without joy:

What is the best, easiest and most elegant way to remove a timestamp element.

Thank you in advance

+3
source share
1 answer

Found a response to a blog post by Kristian Kristensen about his problems integrating with the Java web service AXIS 1.X and WSS4J. . So much simpler and simpler than the hacks I tried earlier.

You can solve this problem with a simple user binding in App.config as follows:

BUGFIX - there is an error in the previous version - forgot to add a certificate to httpTransport

 <system.serviceModel> <bindings> <customBinding> <binding name="CustomBindingName"> <security authenticationMode="UserNameOverTransport" includeTimestamp="false"> <secureConversationBootstrap /> </security> <textMessageEncoding messageVersion="Soap11" /> <httpsTransport useDefaultWebProxy="false" requireClientCertificate="true" /> </binding> </customBinding> </bindings> <client> <endpoint address="<endpoint address>" binding="customBinding" bindingConfiguration="CustomBindingName" contract="<contract goes here>" name="EndpointName" /> </client> </system.serviceModel>

This gives the correct ws-security SOA header without the timestamp that confused the java server just by calling this code

 var client = new [clientType](); client.ClientCredentials.ClientCertificate.Certificate = [certificate]; client.ClientCredentials.UserName.UserName = [UserName]; client.ClientCredentials.UserName.Password = [Password]; System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls; // TODO wrap in try catch client.Open(); var result = client.[action](new [RequestType] { ... });

Further reading:

+2
source

More articles:


All Articles