WCF Testing with WSHTTPBINDING
Pardon if this is covered elsewhere, I did several searches and didn't find anything that directly corelated to my situation.
Basically we have a couple of internally developed services that use WCF Service - WSHTTPBINDING with a client authentication type of Windows. Apparently the service will/can use my credentials.
I do not have the ablility to turn the security on or off, dev develops it and throws it over the wall and we test it, so I cannot take it to basic binding. I have to test it in this; production-ready code.
How might I go about setting the security settings in SOAPUI to get past the Binding to send and receive the data that I need to test. Understand that I am not testing the security on this service only the request and response. I want to use SOAPUI to check all of my SOAP requests and validate all possible error scenarios via assertions, which is my normal use for SOAPUI. It is just that this service has the security up front.
As an aside and if this helps at all, I have exported the security data from HP Service test which appears to easily address this WSHTTPBINDING incase it has any information that might help me configure SOAPUI to run the tests. Which is my preference.
Here is the response from SOAPUI when I attempt to send the request
I would be happy to provide any more information that you might need to help me work past this.
Thanks,
Jim
Basically we have a couple of internally developed services that use WCF Service - WSHTTPBINDING with a client authentication type of Windows. Apparently the service will/can use my credentials.
I do not have the ablility to turn the security on or off, dev develops it and throws it over the wall and we test it, so I cannot take it to basic binding. I have to test it in this; production-ready code.
How might I go about setting the security settings in SOAPUI to get past the Binding to send and receive the data that I need to test. Understand that I am not testing the security on this service only the request and response. I want to use SOAPUI to check all of my SOAP requests and validate all possible error scenarios via assertions, which is my normal use for SOAPUI. It is just that this service has the security up front.
As an aside and if this helps at all, I have exported the security data from HP Service test which appears to easily address this WSHTTPBINDING incase it has any information that might help me configure SOAPUI to run the tests. Which is my preference.
<SecurityModelPrototype z:Id="1" z:Type="HP.ST.Shared.SecurityModel.SecurityModelPrototype" z:Assembly="HP.ST.Shared.SecurityModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a55d8ef45e7637d3" xmlns="http://schemas.datacontract.org/2004/07/HP.ST.Shared.SecurityModel" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/"><CurrentScenarioID z:Id="2">httpBinding</CurrentScenarioID><ScenarioData z:Id="3" z:Type="HP.ST.Shared.SecurityModel.WSHTTPBindingContainerData" z:Assembly="HP.ST.Shared.SecurityModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a55d8ef45e7637d3"><AdvancedFormData z:Id="4"><AddressingVersion>WSAddressing10</AddressingVersion><AllowCookies>false</AllowCookies><AllowSerializedSigningTokenOnReply>false</AllowSerializedSigningTokenOnReply><AuthenticationSchema>Anonymous</AuthenticationSchema><BypassProxyOnLocal>false</BypassProxyOnLocal><DefaultAlgorithmSuite>Basic256</DefaultAlgorithmSuite><EnableSecureSession>true</EnableSecureSession><Encoding>Text</Encoding><IncludeTimeStamp>true</IncludeTimeStamp><IsReliableMessagingUsed>false</IsReliableMessagingUsed><IsSecurityUsed>false</IsSecurityUsed><KeepAliveEnabled>true</KeepAliveEnabled><KeyEntropyMode>CombinedEntropy</KeyEntropyMode><MaxResponseSizeStrValue z:Id="5">65</MaxResponseSizeStrValue><MessageProtectionOrder>SignBeforeEncryptAndEncryptSignature</MessageProtectionOrder><MessageSecurityVer>WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11</MessageSecurityVer><NegotiateServiceCredentials>true</NegotiateServiceCredentials><ProtectionLevel>EncryptAndSign</ProtectionLevel><ProxyAddress z:Id="6"/><ProxyAuthenticationSchema>Anonymous</ProxyAuthenticationSchema><Realm z:Ref="6" i:nil="true"/><ReliableMessageVersion>WSReliableMessagingFebruary2005</ReliableMessageVersion><ReliableMessagingOrdered>true</ReliableMessagingOrdered><RequireClientCertificate>false</RequireClientCertificate><RequireDerivedKeys>true</RequireDerivedKeys><RequireSecurityContextCancellation>false</RequireSecurityContextCancellation><RequireSignatureConfirmation>false</RequireSignatureConfirmation><SecurityHeaderLayout>Strict</SecurityHeaderLayout><SpecifyViaAddress>false</SpecifyViaAddress><TabCreationFlags>None</TabCreationFlags><TransferMode>Buffered</TransferMode><Transport>HTTP</Transport><UseDefaultWebProxy>true</UseDefaultWebProxy><ViaAddress z:Ref="6" i:nil="true"/><X509ClauseType>Thumbprint</X509ClauseType><X509InclMode>Never</X509InclMode><X509RefStyle>External</X509RefStyle><X509RequireDerivedKeys>true</X509RequireDerivedKeys></AdvancedFormData><Description z:Id="7">Use None (Anonymous) scenario to test Web Services where:
• Client uses the server's X.509 certificate for encryption.
• Client is not authenticated.
• Communication may utilize advanced standards such as secure conversation and MTOM.
Use Windows scenario to test Web Services where:
• Client and server use Windows authentication.
• Security is based on Kerberos or SPNEGO negotiations.
• Communication may utilize advanced standards such as secure conversation and MTOM.
Use Certificate scenario to test Web Services where:
• Client uses the server's X.509 certificate for encryption.
• Client uses its own X.509 certificate for signature.
• Communication may utilize advanced standards such as secure conversation and MTOM.
Use Username (message protection) scenario to test Web Services where:
• Client uses the server's X.509 certificate for encryption.
• Client is authenticated with a username and password.
• Communication may utilize advanced standards such as secure conversation and MTOM.</Description><Flags>Full</Flags><Mode>Private</Mode><ProtocolType z:Id="8">customBinding</ProtocolType><SharedURL i:nil="true"/><UIType z:Id="9">httpBinding</UIType><m_isModified>false</m_isModified><ActiveScenarioData z:Id="10" z:Type="HP.ST.Shared.SecurityModel.WSHTTPBindingWindowsData" z:Assembly="HP.ST.Shared.SecurityModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a55d8ef45e7637d3"><AdvancedFormData z:Id="11"><AddressingVersion>WSAddressing10</AddressingVersion><AllowCookies>false</AllowCookies><AllowSerializedSigningTokenOnReply>false</AllowSerializedSigningTokenOnReply><AuthenticationSchema>Anonymous</AuthenticationSchema><BypassProxyOnLocal>false</BypassProxyOnLocal><DefaultAlgorithmSuite>Basic256</DefaultAlgorithmSuite><EnableSecureSession>true</EnableSecureSession><Encoding>Text</Encoding><IncludeTimeStamp>true</IncludeTimeStamp><IsReliableMessagingUsed>false</IsReliableMessagingUsed><IsSecurityUsed>false</IsSecurityUsed><KeepAliveEnabled>true</KeepAliveEnabled><KeyEntropyMode>CombinedEntropy</KeyEntropyMode><MaxResponseSizeStrValue z:Id="12">65</MaxResponseSizeStrValue><MessageProtectionOrder>SignBeforeEncryptAndEncryptSignature</MessageProtectionOrder><MessageSecurityVer>WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11</MessageSecurityVer><NegotiateServiceCredentials>true</NegotiateServiceCredentials><ProtectionLevel>EncryptAndSign</ProtectionLevel><ProxyAddress z:Ref="6" i:nil="true"/><ProxyAuthenticationSchema>Anonymous</ProxyAuthenticationSchema><Realm z:Ref="6" i:nil="true"/><ReliableMessageVersion>WSReliableMessagingFebruary2005</ReliableMessageVersion><ReliableMessagingOrdered>true</ReliableMessagingOrdered><RequireClientCertificate>false</RequireClientCertificate><RequireDerivedKeys>true</RequireDerivedKeys><RequireSecurityContextCancellation>false</RequireSecurityContextCancellation><RequireSignatureConfirmation>false</RequireSignatureConfirmation><SecurityHeaderLayout>Strict</SecurityHeaderLayout><SpecifyViaAddress>false</SpecifyViaAddress><TabCreationFlags>None</TabCreationFlags><TransferMode>Buffered</TransferMode><Transport>HTTP</Transport><UseDefaultWebProxy>true</UseDefaultWebProxy><ViaAddress z:Ref="6" i:nil="true"/><X509ClauseType>Thumbprint</X509ClauseType><X509InclMode>Never</X509InclMode><X509RefStyle>External</X509RefStyle><X509RequireDerivedKeys>true</X509RequireDerivedKeys></AdvancedFormData><Description z:Ref="6" i:nil="true"/><Flags>Full</Flags><Mode>Private</Mode><ProtocolType z:Id="13">wsHttpSPNego</ProtocolType><SharedURL i:nil="true"/><UIType z:Ref="6" i:nil="true"/><m_isModified>true</m_isModified><ClientWindowsDomain z:Ref="6" i:nil="true"/><ClientWindowsUserName z:Ref="6" i:nil="true"/><ExpectedServerSPN z:Ref="6" i:nil="true"/><ExpectedServerUPN z:Ref="6" i:nil="true"/><IsCurrentUser>true</IsCurrentUser><IsCustomUser>false</IsCustomUser><IsSPN>true</IsSPN><IsUPN>false</IsUPN><m_clientWindowsPassword z:Ref="6" i:nil="true"/></ActiveScenarioData></ScenarioData></SecurityModelPrototype>
Here is the response from SOAPUI when I attempt to send the request
<s:Body>
<s:Fault>
<s:Code>
<s:Value>s:Sender</s:Value>
<s:Subcode>
<s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc">a:BadContextToken</s:Value>
</s:Subcode>
</s:Code>
<s:Reason>
<s:Text xml:lang="en-US">The message could not be processed. This is most likely because the action 'http://tempuri.org/ACHValidation.Services/ValidateACHRoutingNbrJson' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.</s:Text>
</s:Reason>
</s:Fault>
</s:Body>
I would be happy to provide any more information that you might need to help me work past this.
Thanks,
Jim
