c# – How to add wsse: Security header (SOAP)

Question:

There is a web service. In C # I write a program that connects and pulls data. In order to connect, you need to go through authorization. Tried it through WSE3.0, but this option is not suitable for CRM. Actually, such an envelope should be.

POST http://wsservice:8980/crmws/crmws HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: ""
Content-Length: 1074
Host: smr01-app02:8980
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_102)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sup="http://support.diasoft.ru">
   <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-DAFFC35F833AA27EE214919177923171"><wsse:Username>ws-user</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">p@ssw0rd</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">E6lB35rE2Ijk+HtjeIhPwg==</wsse:Nonce><wsu:Created>2017-04-11T13:36:32.316Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
   <soapenv:Body>
      <sup:DSLegalFindByIDReq>
         <!--Optional:-->
         <sup:LegalID>?</sup:LegalID>
      </sup:DSLegalFindByIDReq>
   </soapenv:Body>
</soapenv:Envelope>

I tried to do it with this method, but until I figure out how to substitute UserToken, Password there.

using (var client = new WSPORTTYPEClient())
            using (var scope = new OperationContextScope(client.InnerChannel))
            {
                MessageHeader usernameToken = MessageHeader.CreateHeader("UsernameToken",
                    "http://wsservice:8980/crmws/crmws", "ws-user");
                OperationContext.Current.OutgoingMessageHeaders.Add(usernameToken);

                MessageHeader passwordTextHeader = MessageHeader.CreateHeader("PasswordText",
                    "http://wsservice:8980/crmws/crmws", "p@ssw0rd");
                OperationContext.Current.OutgoingMessageHeaders.Add(passwordTextHeader);

                MessageHeader sessionTypeHeader = MessageHeader.CreateHeader("SessionType",
                    "http://smr1-app02:8980/crmws/crmwshttp://wsservice:8980/crmws/crmws", "None");
                OperationContext.Current.OutgoingMessageHeaders.Add(sessionTypeHeader);



                DSLegalFindByIDReq req = new DSLegalFindByIDReq();

                req.LegalID = 234234234234;
                req.LegalIDSpecified = true;

                DSLegalFindByIDRes res = new DSLegalFindByIDRes();

                res = client.dsLegalFindByID(req);

                Console.WriteLine(res);
            }
            Console.ReadKey();

Answer:

You need to use a binding that has security settings. You may need to put together a custom binding. Here's an example of where to start picking:

  <system.serviceModel>
    <bindings>
      <customBinding>
        <binding>
          <security allowInsecureTransport="true" authenticationMode="UserNameOverTransport" />
          <textMessageEncoding />
          <httpTransport />
        </binding>
      </customBinding>
    </bindings>
  </system.serviceModel>

Likewise, you can compile the binding programmatically if you don't like putting it into the config.

The login and password must be recorded in client.ClientCredentials.Username :

client.ClientCredentials.UserName.UserName = ...;
client.ClientCredentials.UserName.Password = ...;
Scroll to Top