Open MenuGamer opened 10 months ago
SecurityMode.Message
is not supported. If you control the client and the server, you could switch to using SecurityMode.TransportWithMessageCredentials
and the authentication flow/configuration will continue to work exactly as before. You will need to communicate over https instead of http. Depending on your security requirements, this is likely to give you equal security to what you had before. The difference in security only comes into play if you have a front end which is forwarding requests or you store the requests somewhere for consumption later as the SOAP message itself is no longer encrypted, instead relying on the HTTPS connection to provide secrecy and integrity.
@mconnew , do you know why this code with WSHttpBinding like this...
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
service.ClientCredentials.UserName.UserName = _iris_options.Value.WSSecurityUser;
service.ClientCredentials.UserName.Password = _iris_options.Value.WSSecurityPassword;
..don't add <wsse:Security>
, <wsse:UsernameToken>
,<wsse:Username>
and <wsse:Password>
tags to the header?
Current request XML:
<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1">http://url</a:Action>
<a:MessageID>urn:uuid:da52bf77-db42-4af9-827c-edca7375b7c7</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<reserveCard xmlns="http://url">
<code>1031879</code>
</reserveCard>
</s:Body>
</s:Envelope>
Do i need to add this tags manually with IClientMessageInspector?
I think you don't have your security mode set right. I suspect you need to pass TransportSecurityWithMessageCredential to the constructor.
When dispatching client with
WSHttpBinding
andSecurityMode.Message
theCreateSecurityBindingElement
method fromSystem.ServiceModel.MessageSecurityOverHttp
will throw platform not supported error.My old .NET Framework 4.8 project is using the following configuration.
I've recreated it in .NET 7.0 manually as followed
Is this method not supported in .NET 7.0 or is there a workaround.