0

I would like to add a security header to my WCF SOAP message that looks like the following:

<s:Header> <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">URLWithAction</Action> <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Username>Username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password> </wsse:UsernameToken> </Security> </s:Header>

Yet, I am unable to figure out if this can be done with basicHttpBinding or another standard one, or if I have to make a custom one and how I can make a custom one... Is anyone able to help?

Improve this question
3
  • Is this an outgoing or incoming message? Do you want to add the header on the client side or the server side? Commented Sep 10, 2015 at 15:13
  • This is an outgoing message from the client Commented Sep 10, 2015 at 15:22
  • And the client is C# and using WCF? The answer below is still valid if so. You can use an IClientMessageInspector. I will update my answer Commented Sep 10, 2015 at 15:41

2 Answers 2

Reset to default
3

It turned out that I had to play a bit more with the attributes for the security element in my custom binding. I added the tag includeTimestamp="false" and then the security header worked, even though the action element was not added to the header.

Final result of the custombinding was:

<customBinding> <binding name="BasicHttpBinding_WebService"> <textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8" /> <security authenticationMode="UserNameOverTransport" includeTimestamp="false"/> <httpsTransport /> </binding> <binding name="BasicHttpBinding_WebService1"/> </customBinding>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This saved my day! I've spent a full day trying to make it work. Finally found this answer. Thanks!
1

If you are wanting to add the message on either the server or the client side then please look at this answer How to add a custom HTTP header to every WCF call?

Improve this answer

1 Comment

Even though it now works with the configuration changes, you are right that this is the correct way of adding custom header tags in WCF.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.