WCF Testing with WSHTTPBINDING

SoapUI Pro announcements and discussions

WCF Testing with WSHTTPBINDING

Postby jball » 10 Sep 2012 19:12

Pardon if this is covered elsewhere, I did several searches and didn't find anything that directly corelated to my situation.

Basically we have a couple of internally developed services that use WCF Service - WSHTTPBINDING with a client authentication type of Windows. Apparently the service will/can use my credentials.

I do not have the ablility to turn the security on or off, dev develops it and throws it over the wall and we test it, so I cannot take it to basic binding. I have to test it in this; production-ready code.

How might I go about setting the security settings in SOAPUI to get past the Binding to send and receive the data that I need to test. Understand that I am not testing the security on this service only the request and response. I want to use SOAPUI to check all of my SOAP requests and validate all possible error scenarios via assertions, which is my normal use for SOAPUI. It is just that this service has the security up front.

As an aside and if this helps at all, I have exported the security data from HP Service test which appears to easily address this WSHTTPBINDING incase it has any information that might help me configure SOAPUI to run the tests. Which is my preference.

Code: Select all
<SecurityModelPrototype z:Id="1" z:Type="HP.ST.Shared.SecurityModel.SecurityModelPrototype" z:Assembly="HP.ST.Shared.SecurityModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a55d8ef45e7637d3" xmlns="http://schemas.datacontract.org/2004/07/HP.ST.Shared.SecurityModel" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/"><CurrentScenarioID z:Id="2">httpBinding</CurrentScenarioID><ScenarioData z:Id="3" z:Type="HP.ST.Shared.SecurityModel.WSHTTPBindingContainerData" z:Assembly="HP.ST.Shared.SecurityModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a55d8ef45e7637d3"><AdvancedFormData z:Id="4"><AddressingVersion>WSAddressing10</AddressingVersion><AllowCookies>false</AllowCookies><AllowSerializedSigningTokenOnReply>false</AllowSerializedSigningTokenOnReply><AuthenticationSchema>Anonymous</AuthenticationSchema><BypassProxyOnLocal>false</BypassProxyOnLocal><DefaultAlgorithmSuite>Basic256</DefaultAlgorithmSuite><EnableSecureSession>true</EnableSecureSession><Encoding>Text</Encoding><IncludeTimeStamp>true</IncludeTimeStamp><IsReliableMessagingUsed>false</IsReliableMessagingUsed><IsSecurityUsed>false</IsSecurityUsed><KeepAliveEnabled>true</KeepAliveEnabled><KeyEntropyMode>CombinedEntropy</KeyEntropyMode><MaxResponseSizeStrValue z:Id="5">65</MaxResponseSizeStrValue><MessageProtectionOrder>SignBeforeEncryptAndEncryptSignature</MessageProtectionOrder><MessageSecurityVer>WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11</MessageSecurityVer><NegotiateServiceCredentials>true</NegotiateServiceCredentials><ProtectionLevel>EncryptAndSign</ProtectionLevel><ProxyAddress z:Id="6"/><ProxyAuthenticationSchema>Anonymous</ProxyAuthenticationSchema><Realm z:Ref="6" i:nil="true"/><ReliableMessageVersion>WSReliableMessagingFebruary2005</ReliableMessageVersion><ReliableMessagingOrdered>true</ReliableMessagingOrdered><RequireClientCertificate>false</RequireClientCertificate><RequireDerivedKeys>true</RequireDerivedKeys><RequireSecurityContextCancellation>false</RequireSecurityContextCancellation><RequireSignatureConfirmation>false</RequireSignatureConfirmation><SecurityHeaderLayout>Strict</SecurityHeaderLayout><SpecifyViaAddress>false</SpecifyViaAddress><TabCreationFlags>None</TabCreationFlags><TransferMode>Buffered</TransferMode><Transport>HTTP</Transport><UseDefaultWebProxy>true</UseDefaultWebProxy><ViaAddress z:Ref="6" i:nil="true"/><X509ClauseType>Thumbprint</X509ClauseType><X509InclMode>Never</X509InclMode><X509RefStyle>External</X509RefStyle><X509RequireDerivedKeys>true</X509RequireDerivedKeys></AdvancedFormData><Description z:Id="7">Use None (Anonymous) scenario to test Web Services where:&#xD;
  • Client uses the server's X.509 certificate for encryption.&#xD;
  • Client is not authenticated.&#xD;
  • Communication may utilize advanced standards such as secure conversation and MTOM.&#xD;
Use Windows scenario to test Web Services where:&#xD;
  • Client and server use Windows authentication.&#xD;
  • Security is based on Kerberos or SPNEGO negotiations.&#xD;
  • Communication may utilize advanced standards such as secure conversation and MTOM.&#xD;
Use Certificate scenario to test Web Services where:&#xD;
  • Client uses the server's X.509 certificate for encryption.&#xD;
  • Client uses its own X.509 certificate for signature.&#xD;
  • Communication may utilize advanced standards such as secure conversation and MTOM.&#xD;
Use Username (message protection) scenario to test Web Services where:&#xD;
  • Client uses the server's X.509 certificate for encryption.&#xD;
  • Client is authenticated with a username and password.&#xD;
  • Communication may utilize advanced standards such as secure conversation and MTOM.</Description><Flags>Full</Flags><Mode>Private</Mode><ProtocolType z:Id="8">customBinding</ProtocolType><SharedURL i:nil="true"/><UIType z:Id="9">httpBinding</UIType><m_isModified>false</m_isModified><ActiveScenarioData z:Id="10" z:Type="HP.ST.Shared.SecurityModel.WSHTTPBindingWindowsData" z:Assembly="HP.ST.Shared.SecurityModel, Version=1.0.0.0, Culture=neutral, PublicKeyToken=a55d8ef45e7637d3"><AdvancedFormData z:Id="11"><AddressingVersion>WSAddressing10</AddressingVersion><AllowCookies>false</AllowCookies><AllowSerializedSigningTokenOnReply>false</AllowSerializedSigningTokenOnReply><AuthenticationSchema>Anonymous</AuthenticationSchema><BypassProxyOnLocal>false</BypassProxyOnLocal><DefaultAlgorithmSuite>Basic256</DefaultAlgorithmSuite><EnableSecureSession>true</EnableSecureSession><Encoding>Text</Encoding><IncludeTimeStamp>true</IncludeTimeStamp><IsReliableMessagingUsed>false</IsReliableMessagingUsed><IsSecurityUsed>false</IsSecurityUsed><KeepAliveEnabled>true</KeepAliveEnabled><KeyEntropyMode>CombinedEntropy</KeyEntropyMode><MaxResponseSizeStrValue z:Id="12">65</MaxResponseSizeStrValue><MessageProtectionOrder>SignBeforeEncryptAndEncryptSignature</MessageProtectionOrder><MessageSecurityVer>WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11</MessageSecurityVer><NegotiateServiceCredentials>true</NegotiateServiceCredentials><ProtectionLevel>EncryptAndSign</ProtectionLevel><ProxyAddress z:Ref="6" i:nil="true"/><ProxyAuthenticationSchema>Anonymous</ProxyAuthenticationSchema><Realm z:Ref="6" i:nil="true"/><ReliableMessageVersion>WSReliableMessagingFebruary2005</ReliableMessageVersion><ReliableMessagingOrdered>true</ReliableMessagingOrdered><RequireClientCertificate>false</RequireClientCertificate><RequireDerivedKeys>true</RequireDerivedKeys><RequireSecurityContextCancellation>false</RequireSecurityContextCancellation><RequireSignatureConfirmation>false</RequireSignatureConfirmation><SecurityHeaderLayout>Strict</SecurityHeaderLayout><SpecifyViaAddress>false</SpecifyViaAddress><TabCreationFlags>None</TabCreationFlags><TransferMode>Buffered</TransferMode><Transport>HTTP</Transport><UseDefaultWebProxy>true</UseDefaultWebProxy><ViaAddress z:Ref="6" i:nil="true"/><X509ClauseType>Thumbprint</X509ClauseType><X509InclMode>Never</X509InclMode><X509RefStyle>External</X509RefStyle><X509RequireDerivedKeys>true</X509RequireDerivedKeys></AdvancedFormData><Description z:Ref="6" i:nil="true"/><Flags>Full</Flags><Mode>Private</Mode><ProtocolType z:Id="13">wsHttpSPNego</ProtocolType><SharedURL i:nil="true"/><UIType z:Ref="6" i:nil="true"/><m_isModified>true</m_isModified><ClientWindowsDomain z:Ref="6" i:nil="true"/><ClientWindowsUserName z:Ref="6" i:nil="true"/><ExpectedServerSPN z:Ref="6" i:nil="true"/><ExpectedServerUPN z:Ref="6" i:nil="true"/><IsCurrentUser>true</IsCurrentUser><IsCustomUser>false</IsCustomUser><IsSPN>true</IsSPN><IsUPN>false</IsUPN><m_clientWindowsPassword z:Ref="6" i:nil="true"/></ActiveScenarioData></ScenarioData></SecurityModelPrototype>



Here is the response from SOAPUI when I attempt to send the request
Code: Select all
<s:Body>
      <s:Fault>
         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc">a:BadContextToken</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-US">The message could not be processed. This is most likely because the action 'http://tempuri.org/ACHValidation.Services/ValidateACHRoutingNbrJson' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.</s:Text>
         </s:Reason>
      </s:Fault>
   </s:Body>

I would be happy to provide any more information that you might need to help me work past this.

Thanks,

Jim
jball
User
 
Posts: 4
Joined: 21 Jun 2012 18:30

Re: WCF Testing with WSHTTPBINDING

Postby SmartBear Support » 11 Sep 2012 08:51

Hi Jim,

unfortunately soapUI doesn't support WsHttpBinding at this point - you will need to publish the service under a separate binding (BasicHttpBinding) to able to test it with soapUI - alternatively you can configure the WsHttpBinding and disable authentication/security related features - which should make it work with soapUI as well.

Sorry for the inconvenience..

regards!

/Ole
SmartBear Software
SmartBear Support
Administrator
Administrator
 
Posts: 8688
Joined: 16 Feb 2009 10:53


Return to SoapUI Pro Support