Trying to get WCF client to work with wss 1.0 username token security

I am trying to 开发者_开发技巧use a WCF client to call a third party web service. The web Service usses username token authentication WSS-Security 1.0 Soap Message Security

Here is a sample soap authentication header for what the web service expects

<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken namespaces>
<wsse:Username>username</wsse:Username>
<wsse:Password Type="type info">password</wsse:Password>
<wsse:Nonce>nonce</wsse:Nonce>
<wsu:Created>date created</wsu:Created>
</wsse:UsernameToken>
<wsse:Security>
</soap:Header>
<soap:Body>
<WebServiceMethodName xmlns="Web Service Namespace" />

I configured the client to the following way

<basicHttpBinding>
<binding name="Binding1">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic"/>
</security>
</basicHttpBinding>

but recieved an error that stating that the nonce and datecreated attributes were missing in the header. Does anyone know how to configure a WCF client to work with

WSS-Security 1.0 Soap Message Security username token authentication?

I had the same problem. Instead of the custom token serlializer I used a MessageInspector to add the correct UsernameToken in the BeforeSendRequest method. I then used a custom behavior to apply the fix.

The entire process is documented (with a demo project) in my blog post Supporting the WS-I Basic Profile Password Digest in a WCF client proxy. Alternatively, you can just read the PDF.

If you want to follow my progress through to the solution, you'll find it on StackOverflow titled, "Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme":

Been looking at the same problem and my findings are that unfortunately WCF doesn't support Nonce values.

If you want to send username and password (timestamp is included by default) change the config to

     <basicHttpBinding>
        <binding name="BasicHTTP">
          <!-- UsernameToken over Transport Security -->
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType ="UserName" />
          </security>
        </binding>
      </basicHttpBinding>

Also be aware that it appears to be a defect (at least different interpretation of the standards) with regards to the UserNameToken when exchanged between WCF and WSS4J see http://social.msdn.microsoft.com/Forums/en/wcf/thread/6bc1b0e4-424b-4e2a-909c-815095be631f

WSSConfig.getDefaultWSConfig().setAllowNamespaceQualifiedPasswordTypes(true); might be a workaround on the WSS4J side.

UPDATE: On the WCF side you can get around the problem by implementing a CustomCredential and CustomTokenSerializer ref last post at http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee

Dagfinn