问题
I have tried using soapUI to test, however it does not support wsHttpBinding when security is enabled. soapUI does work when using wsHttpBinding and security is none.
We also tried out the WCF Storm, which does work and we can load our our client config file, however we are looking at other alternatives to WCF Storm.
Are there any other tools which are similar to soapUI, which SO recommends and that will work with the above configurations?
回答1:
wsHttpBinding is just Microsoft's obscure naming for some WS-* related configurations. Some configurations related to security are supported by SOAPUI and if you use TransportWithMessageCredential security mode you should have no trouble. You just need to connect to correctly secured HTTPS endpoint and provide credentials (User name) for your request (and maybe also a timestamp).
回答2:
I had a similar problem when tried to test a wcf service with wsHttpBinding and TransportWithMessageCredential securiuty set.
On each call SoapUI would get a error message stating:
The message could not be processed. This is most likely because the action 'http://www.mysite.com/ISomeService/SomeMethod' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
After much trial and error and browsing a gazillion articles on the web that I needed to enable WS-A addressing and enable the wsa:To element.
This got me a bit further, but still I got the same error message.
So what about this security context thing, is it needed? My clients dispose after each call, so there would be no need for a SCT ref: SO post.
Setting the establishSecurityContext="false" got me beyound the security context token error, and it turns out everything is ready to rock and roll.
However, if you do disable the security context, and do not enable the wsa:To element, then you would get an error message like this:
The message with To '' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Check that the sender and receiver's EndpointAddresses agree.
But do take notice in the ref post. If you're not disposing the clients after each call, then it would probably be wise to add another separate binding with establishSecurityContext set to false.
In other words: It seems that SoapUI does not support the security context, as far as I can tell at this point.
回答3:
My solution was using Outgoing WS-Security Configurations, i'll explain the steps:
- "Show Project View" (Right click on Proyect folder)
- Go to "WS-Security Configurations" tab
- Add icon on top and specify "user" or whatever.
- Then go to second add icon (bottom pannel) and input the username, the password and the PasswordType in "PasswordText" (leave other 2 checkboxes marked).
- For last go to the soap request an select Authorization Basic and "Outgoing WSS:" user or another created by you.
Remeber close all request windows after add the Outgoing WSS.
Hope it helps, cheers.
来源:https://stackoverflow.com/questions/13729270/testing-wcf-service-wshttpbinding-with-security-mode-transportwithmessagecreden