Friday, March 6, 2015

I'm struggling to get a WCF web service with TransportWithMessageCredential to play nicely with SmartBear's SoapUI.

My WCF web service does work. I can spin up a dummy ASP.NET application that uses the web service just fine. I did get through a few hurdles. I guess I can document those. Pick "New SOAP Project" from the "File" menu to start up a new project. You will need to enter the value for "Initial WSDL" in the "New SOAP Project" dialog box which appears. If your .svc endpoint is at https://www.example.com/WebServices/ConnectivityTester.svc then https://www.example.com/WebServices/ConnectivityTester.svc?wsdl is what to give here. Notice that I've just appended ?wsdl on the end and nothing more. On the other side of the import I can expand "ConnectivityTester" (my web service) at the upper left to see "WSHttpBinding_IConnectivityTester" and that then expands to show "Test" which is the one method on the web service (should return true or false). "Test" moreover expands to show "Request 1" and double-clicking upon this opens up a "Request 1" window. From here I may click the green rightward pointing "Go" arrow at the upper left of the window to attempt to connect to the web service. At this point I get back:

The message could not be processed. This is most likely because the action 'http://tempuri.org/IConnectivityTester/Test' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.

 
 

I tried to fight around this by:

  1. clicking on the Auth tab at the lower left of the "Request 1" window
  2. changing the "Authorization" dropdown to "Add New Authorization..."
  3. picking "Basic" from the "Type" dropdown in the "Add Authorization" pop up which appears
  4. pressing "OK" at the "Add Authorization" pop up
  5. entering my Username
  6. entering my Password
  7. checking the "Authenticate pre-emptively" radio button

...back at the selection of "Request 1" in the main window there is a list of properties at the lower left for "Request 1" (assuming "Request 1" is selected) and here I also changed the empty property for "WSS-Password Type" to "PasswordText" as well. And, yet, I have not progressed any farther.

 
 

Wait!

Since typing the above a coworker has solved the puzzle! OK, just set the username and password at the Properties pane above "WSS-Password Type" and don't worry about "Authenticate pre-emptively" at all. Instead of going to the "Auth" tab at the "Request 1" window, go to the "WS-A" tab and herein click the "Add default wsa:To" checkbox. The last thing that is needed is a change to Web.config itself.

<message clientCredentialType="UserName" />

 
 

...must become...

<message clientCredentialType="UserName" establishSecurityContext="false"/>

 
 

Yay! Now everything works! FYI: This false flag forces you to authenticate every time you hit the endpoint. Your valid identity will not be kept in session.

No comments:

Post a Comment