cancel
Showing results for 
Search instead for 
Did you mean: 

Trying to get SoapUI work against WCF wsHttpBinding

Highlighted
New Contributor

Trying to get SoapUI work against WCF wsHttpBinding

I saw a post from a few years ago that said SoapUI won't work with wsHttpBinding unless we remove security elements, but we noticed that it will work when we use Transport security...

We have a self hosted service that uses wsHttpBinding but can be configured for either Transport or Message security. When configured for Transport security, SoapUI works just fine. When we configure for Message security, we get an InvalidSecurity error: "An error occurred when verifying security for the message".

Our service has a behavior that specifies a certificate as service credentials:

<serviceCredentials>
<serviceCertificate findValue="CN=SomeCertName" storeLocation="LocalMachine" storeName="My"/>
</serviceCredentials>

Our .NET clients get the cert in their endpoints in the app.config when we generate service references:

<identity>
<certificate encodedValue="somebigbase64value==" />
</identity>

When we import the wsdl with soapUI, we get all the methods and properties for the service calls, but we cant make a call without getting the error mentioned above.

One thing I suspect might be the problem is that our certificate that's being used was not issued by a CA and has no valid trust chain. To get around this with our clients, we have been adding a behavior to the client endpoints to ignore the certificate Validation:


<endpointBehaviors>
<behavior name="NoTrust">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>

Our .NET clients manually add this behavior after the service reference has been created.

My questions are:

1) Some old posts I saw say that SoapUI does not support wsHttpBinding, is that still the case (even though we see that it works fine with Transport security)?
2) Is there a way to make SoapUI ignore the certificateValidation like we do with our .NET clients

Thanks for any help/insight you can provide.
2 REPLIES 2
Highlighted

Re: Trying to get SoapUI work against WCF wsHttpBinding

Hi,

Please see this post that summarizes what SoapUI will support out of the box in terms of wsHttpBinding protocols:
http://forum.soapui.org/viewtopic.php?f=5&t=23699&p=54535#p54535
What you could do is turn off the "client authentication" in File->Preferences->SSL Settings. Otherwise, configure your web service to respond to http requests rather than https.

Regards,

Giscard
SmartBear Support


Learn SmartBear products in a fun and easy way and prove your knowledge!
>>Participate in the TechCorner Challenge today
Highlighted
New Contributor

Re: Trying to get SoapUI work against WCF wsHttpBinding

Hi,

I understood from your post that SoapUI will work with wsHttpBinding with Transport security.

Can you please provide me an example for that?

 

Another thing, I was trying to do the same as you posted with the


<endpointBehaviors>
<behavior name="NoTrust">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>

 

And it still didn't work...

So for the meantime nothing is working except mode="none"

I would really appricate if you can please provide me examples for bothe cases!

 

Thanks a lot!!!

Shira

 

New Here?
Join us and watch the welcome video:
Announcements
TechCorner Leaderboard
Want a fun and easy way to learn ReadyAPI and show off your skills? Try solving weekly TechCorner challenges and get into the Leaderboard!


Challenge Status

Compare an expected JSON value and actual response in Events

Participate!

Fetch value/data from JSON response using Groovy Script

See replies!

Filtering data retrieved from a DataSource

See replies!

Get data from Petstore and add it to Excel sheets

Participate!
Top Kudoed Authors