Testing a WS-Secured Web Service
I am new to SoapUI but have used it successfully to test a new web service we are developing with various unsecured endpoint definitions. Our final production version of the service has been set-up using a wsHttpBinding endpoint with Message level encryption and UserName credentials. We have an X509 Certificate at the Service level and require only a UserName and Password be sent by the Client for the request.
My question is how do I set-up SoapUI (version 3.6.1) to test our service with this configuration. The instructions for activating WS-Security are vague at best. I have tested the service with our own test application that uses a proxy class. The proxy pulls the public key for the service certificate automatically and we include the UserName and Password in the a_objWS.ClientCredentials.UserName.UserName and a_objWS.ClientCredentials.UserName.Password fields for each method call. This works fine.
I should mention that the web service is a WCF web service developed in .Net and running on IIS 7. So far, I have set-up the Outgoing WS-Security Configuration including a UserName and Encryption entry. I am a bit confused on how to set-up the Keystore/Certificates. Since we only user a Server side service certificate, I assumed I just need to extract the public key and point to the file (.Cer format) in the Keystore/Certification definition. Is this correct?
No matter what I have tried so far, I continue to get the following error:
BadContextToken
The message could not be processed. This is most likely because the action 'http://www.CooperativeTechnologies.com/CT1035ContactWS/v20100/ICT1035ContactWebService/GetBusinessTypeList' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
Any help would be greatly appreciated. Thanks in advance.
My question is how do I set-up SoapUI (version 3.6.1) to test our service with this configuration. The instructions for activating WS-Security are vague at best. I have tested the service with our own test application that uses a proxy class. The proxy pulls the public key for the service certificate automatically and we include the UserName and Password in the a_objWS.ClientCredentials.UserName.UserName and a_objWS.ClientCredentials.UserName.Password fields for each method call. This works fine.
I should mention that the web service is a WCF web service developed in .Net and running on IIS 7. So far, I have set-up the Outgoing WS-Security Configuration including a UserName and Encryption entry. I am a bit confused on how to set-up the Keystore/Certificates. Since we only user a Server side service certificate, I assumed I just need to extract the public key and point to the file (.Cer format) in the Keystore/Certification definition. Is this correct?
No matter what I have tried so far, I continue to get the following error:
BadContextToken
The message could not be processed. This is most likely because the action 'http://www.CooperativeTechnologies.com/CT1035ContactWS/v20100/ICT1035ContactWebService/GetBusinessTypeList' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
Any help would be greatly appreciated. Thanks in advance.
