Hello Everyone,
We have an asp.net web application (.Net 4.6) that needs to consume few services which are exposed through an enterprise integration platform. The enterprise platform requires all clients to send the security header that matches the basic security profile username token specification:
http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#Nonce/@EncodingType_Attribute_Mandatory
To consume these web services, our asp.net web application created a proxy class by importing the wsdl. And then on the proxy class, we add the user credentials...as an example it is shown below:
proxyStatusClient.RequestSoapContext.Security.Tokens.Add(token);
proxyStatusClient.SetClientCredential<UsernameToken>(token);
This generates the soap header to have the user credentials along with the nonce element however nonce element does not have the encodingtype attribute which is mandatory for the enterprise platform.
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>;
<wsse:Nonce>rqgwyErTk7l5l7t1DqhdK</wsse:Nonce>
<wsu:Created>2013-05-31T17:49:07.888Z</wsu:Created>
Since encodingtype attribute is missing on Nonce, platform rejects the request.
We could obviously fix the issue by modifying the security header before sending the request to the platform, however we would like to avoid tampering the headers which are generated by .Net.
Any ideas why this is happening and what should be done at configuration level to allow .Net generate the nonce element with encodingtype attribute?
Thanks
Bala
