Forum Discussion

gilesrpa's avatar
gilesrpa
New Contributor
9 years ago

SoapUI WCF using SSL certificate

After looking around the forums and the internet in general, I was unable to find anything that answered my problem, so I have resorted to placing my question here.

 

Firstly, sorry if this has already had a answer supplied.

 

My problem is this. I have an existing C# WCF service hosting in IIS and secured by an SSL. This is working code and is currently in our Live, UAT, Test and Development environments.

 

I have been asked to use SoapUI for testing firstly on existing services and any new services that we are about to build.

 

So far, I have created the project by supplying the WDSL, setup the keystore with the SSL cert, created an outgoing and incoming WS-Sec config.

 

When in the request, I have created a basic authorization using the defined outgoing and incoming configs created above.

 

After clicking on the submit button, I get the following response.

 

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
   </s:Header>
   <s:Body>
      <s:Fault>
         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-GB">An error occurred when verifying security for the message.</s:Text>
         </s:Reason>
      </s:Fault>
   </s:Body>
</s:Envelope>

I did see an article that inferred that I should switch the 'Enable WS_A addressing' switch off. I did this, but this just caused the submit request to timeout.

 

I have checked that the service is running by viewing the WSDL from the IIS server and also using the application to call the service and all is OK.

 

I am sure that I missed a simple step, so would be grateful for any help.

 

Thanks

 

Paul.

 

P.S.

 

I have just tried what is described in the following link and it still does not work:

 

Update vmoptions file

 

Came across this article:

 

Message Security

 

Sam's comments about:

 

<serviceSecurityAudit 
    auditLogLocation="Application" 
    serviceAuthorizationAuditLevel="Failure" 
    messageAuthenticationAuditLevel="Failure" 
    suppressAuditFailure="true"/>

Worked great.

 

On looking at the Application Evnt Log the following message was recorded:

 

The description for Event ID 4 from source ServiceModel Audit 4.0.0.0 cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

http://localhost:57978/WCFService.svc
http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence
<null>
MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security.

The locale specific resource for the desired message is not present

Which leads me back to the fact that I have missed comething.

 

Ay ideas?

  • gilesrpa's avatar
    gilesrpa
    New Contributor

    Started looking at WCF Storm as this tool works out of the box with Microsofts flavor of WS-Security.

     

    After extensive searching, it appears that SoapUi is using the Java WS-Security model which is not the same as Microsoft's.

     

    This is OK, if that is the answer. 

     

    Can anyone confirm this so that I can start using WCF Storm instead of SoapUi.

    • Flozilla's avatar
      Flozilla
      New Contributor

      Testing WCF Services with SoapUI works fine.

      Regarding to your error message it seems that SoapUI didn't add security information to the soap header.

      Have a look in the raw request tab.

      If SoapUI wasn't able to add the security information you should see the reason for that in the SoapUI error log.