I'm using WCF (.NET 3.5) to communicate with a server using SOAP. When running in debug mode, I use System.ServiceMode.Dispatcher.IClientMessageInspector and log4Net to log the request content.
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
log.Debug(request);
}
My difficulty is that sometimes the SOAP message contains authentication information that I must mask before writing to the logs
e.g. in the following example I would like to log the password element as <password>**********</password>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://service.soap.host.com/credentials</Action>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<credentials xmlns="http://service..soap.host.com/credentials">
<username>MyUsername</username>
<password>MyPassword</password>
</credentials>
</s:Body>
</s:Envelope>
I'm able to achieve this in a crude way using regular expression matching on the output of request.ToString() but I wonder if there's a more elegant and efficient approach that will allow me to modify the value of the password element before converting the message to a string.
No simple way for this, except if you make sure you NEVER send credentials that way (there are many ways to send tokens instead of the actual credential).
If you're passing these information only to log on to your service, you should use SSL anyway. If that's the case, your MessageInspector could check if the current binding uses SSL or transport security and if that's the case, does not log anything.
As an aside, if you want to log messages in development, you'd be better off leveraging the WCF tracing infrastructure instead of doing the low level tracing yourself (that way you don't have to add inspectors in debug mode). See http://msdn.microsoft.com/en-us/library/ms732023.aspx for more info about built-in WCF activity and message tracing.
Related
I have some existing code which uses a third party SOAP client to retrieve data from another third party web service. As we switched to a new data provider, we also switched to their new endpoint. We found out that our current requests are all failing and the error we get in return is "Policy Falsified".
I have used SOAP UI to test the new web service and I can successfully obtain data this way. That is why I compared the two soap messages and found out that the problem is likely with the URI used for the soap namespace.
Code generated soap message
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Request>
//...
</Request>
</s:Body>
</s:Envelope>
Working message with SOAP UI
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Request>
//...
</Request>
</soap:Body>
</soap:Envelope>
The only differences in these messages are the namespace prefixes and the soap namespace (the data inside the request tag are identical). I would like to know if this web service is rejecting my soap message purely by the soap namespace that it's using, or that something else might play a problem?
Obviously I am likely going to need to make my own implementation to generate the soap messages myself, but I'd still like to know if the webservice is set to only accept messages with that specific soap namespace or that it's some other kind of issue?
I hit this error today when deploying a WCF client to QA:
System.ServiceModel.CommunicationException: Unrecognized message version.
In Fiddler I noticed that the WCF client sends its request wrapped in a SOAP Envelope (as expected) but that the response from the remote web service is not wrapped in a SOAP Envelope. That is, our local debug web service sends a response like this:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header />
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Response xmlns="urn:example">
<Success>true</Success>
...
</Response>
</s:Body>
</s:Envelope>
But the remote web service is just sending this:
<?xml version="1.0" encoding="utf-8"?>
<ns0:Response xmlns:ns0="urn:example">
<ns0:Success>true</ns0:Success>
...
</ns0:Response>
As far as I can tell the WCF client is throwing the exception because there's no SOAP Envelope. So my questions are:
Is my assumption correct or should be I looking elsewhere?
Is there some way to configure the WCF client's bindings to remove the SOAP Envelope expectation?
Should I just tell the remote service implementor to fix their service (which they wrote just for us from a supplied WSDL)?
The WCF client is using basicHttpBindings (and HTTP Basic Authentication over SSL/TLS). I'd considered using IClientMessageInspector.AfterReceiveReply() to rewrite the response but the exception gets thrown before that method is invoked, i.e.: We already have an implementation of it for request/response logging and it's not hitting a breakpoint in there.
More info:
After communicating with the service developer it sounds like they completely ignored the .wsdl and (svcutil generated) IService.cs files we gave them and wrote a POX (Plain-Old XML) service from scratch.
I'm not confident that we can convince them to do it properly, so now I'm looking for tips to convert a properly behaving WCF SOAP client into a POX client.
This may be caused by that your service uses Soap1.2 while you are using a different version to call it.
Please try "Add Service Reference" - "Advanced..." - "Add Web Reference..." as a compatibility approach.
I had this issue as well. I know this is an older post, but in my case I modified the app.config file in my C# .NET app that calls this web service. I think it was adding
<security mode="Transport" />
to the basicHttpBinding element that solved it. I also extended the timeouts and maxBufferPoolSize.
Microsoft has documentation that describes this, in case this helps someone else.
In my most recent project, I've been given a WSDL and a sample request to build a web service with. WCF has weak contract first capability, but I did come up with something complicated that might work (I tried a number of tools, the best being WSCF.Blue). The SOAP request headers, unwrapped body, and XSD are unorthodox and I'm afraid that this integration partner will have lots of strange XML issues, so I'd rather, if possible, just have a service that looks something like this:
[ServiceContract]
public interface IMyService
{
[OperationContract]
XmlElement DoStuff(XmlElement request);
}
instead of...
[ServiceContract]
public interface IMyService
{
[OperationContract]
[XmlSerializerFormat(SupportFaults = true, Style = OperationFormatStyle.Document, Use = OperationFormatUse.Literal)]
ResponseType DoStuff(RequestType request);
}
A super simplified version of what this SOAP request looks like below:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<ns1:CustomHeader priority="1" txId="1" xmlns:ns1="http://namespace"/>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<UnwrappedRequest creationDateTime="2014-04-21T16:15:37Z" xmlns="http://anothernamespace.com">
<ns1:SomeDataNode xmlns:ns1="http://namespace">
<ns1:MoreData AFlag="false" Thingy="Dude">
</ns1:MoreData>
</ns1:SomeDataNode>
</UnwrappedRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The main reason I want to stick with WCF instead of just creating an HTTP handler or something is because we have to use WS-Security also, which includes a bunch of other headers and the session establishing request before the actual API call. I've tried a couple things that almost work, but they exclude the top node of the request and all of it's attributes (the node in the sample above). I also need the custom header XML. I know you can bind that into an property on the request object, but I want the request to just be a string of XML.
You would think that every framework out there should be able to easily do this and I know that WCF isn't an exception. The thing we all love about WCF is how flexible and powerful it is. The problem is that most of us don't live in WCF and integration, so we don't ever become experts, and I have a timeline to meet. Any help would be greatly appreciated!!
I know I could have done this by implementing or overriding a bunch of WCF internal interfaces and classes, but I took the easy route and built a custom HttpHandler to handle the soap call. It works perfectly (and it's SUPER fast). The only somewhat challenging piece was building in the WS-Security stuff, but even that wasn't too bad. It is clear to me that the system they were calling from was just performing a custom HTTP post anyway. It's unfortunate that Microsoft's tooling doesn't support such a large number of valid Web Service scenarios. I talked to a few experienced integration experts, and they abandoned WCF for custom solutions in many of their partner integrations. If you are in control of both sides of an integration project, then great, use WCF. If you are working with partners that have a wide variety of technologies to integrate with, be prepared to either become an expert at customizing WCF or find alternate solutions.
Feel free to send me a message if you are having this same problem and I can share my code with you. There is just too much to paste in here.
I'm trying to connect a SAP soap provider with a C# program...
#Edit: SAP on it's non-public webservice provider, prompts for user and password (before anything)
Using the info here:
I came to the webservice I have to attach to, and when user/password prompted, I've placed it. However I think I've written the password wrong (See EDIT II down below), because the soap response is this one:
- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
- <soap:Body>
- <soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>No binding data for configuration key: "005056AA63891ED480C5CC2F714805E3"</faultstring>
- <detail xmlns:slibfault="http://xml.sap.com/2005/11/esi/slib/fault/">
<slibfault:timestamp>Tue, 15 Jul 2014 16:01:21 GMT</slibfault:timestamp>
- <slibfault:exception>
<slibfault:text>No binding data for configuration key: "005056AA63891ED480C5CC2F714805E3"</slibfault:text>
<slibfault:position program="CL_SRT_WSP_WSDL_HANDLER=======CP" include="CL_SRT_WSP_WSDL_HANDLER=======CM00K" line="82" />
</slibfault:exception>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Now, User and Password aren't prompted, as if a "Remind My Password" checkbox were checked.
Is there any way to refresh the "Visual Studio WebService cache" or something?
#EDIT II: I've tried twice now (by adding it to another project with the same results) and it's not problem that the passwd has been miswritten, the pass is correct, but the reference builder keeps showing this.
WebServices Found at this URL:
There was an error downloading 'http://fooserver:8000/sap/bc/srt/wsdl/srvc_005056AA63891ED480C5CC2F714805E3/wsdl11/allinone/ws_policy/document?sap-client=400/_vti_bin/ListData.svc/$metadata'.
The request failed with the error message:
--
<soap:Envelope xmlns:soap="http://s
Any Ideas?
When this response is the one you receive from SAP, it means the service exposed has been deprecated.
I cannot explain what is happening from the SAP side, (since I'm a C# dev), but What I do can tell you is that the SAP side is intentionally (manual abap developer handling) not expecting further communications from clients.
So... ask your ABAPer on your SAP side, he may have done something with the service you where trying to connect to, since it's no longer available.
You can also verify that by going to the wsdl page "manually" by placing it in the browser. You'll see the same XML response.
#Icing-on-the-cake Edit: If you encounter the issue that credentials is somewhat stored/cached by .Net, simply
go to the Solution Panel,
left click on the project on which you tried to add the reference
and select unload project.
Afterwards repeat that but to Load that same project.
That will "refresh" the credentials "stored".
I have and android client, that uses ksoap to communicate with a wsdl web service written in c# asp.net. I have a problem with matching the argument types between the web service and the client.
The web server expects to this kind of request (auto generated):
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetDetails xmlns="http://host.org/">
<event_id>int</event_id>
</GetDetails>
</soap:Body>
</soap:Envelope>
the client sends requests using ksoap, and they look like this:
<v:Envelope xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:d="http://www.w3.org/2001/XMLSchema" xmlns:c="http://schemas.xmlsoap.org/soap/encoding/" xmlns:v="http://schemas.xmlsoap.org/soap/envelope/">
<v:Header />
<v:Body>
<n0:GetDetails id="o0" c:root="1" xmlns:n0="http://tempuri.org">
<event_id i:type="d:int">1</event_id>
</n0:GetDetails>
</v:Body>
</v:Envelope>
For some reason the WS parses the following' client's request as 0 (I guess because of the additional type attributes - i:type="d:int") when the request is assembled manually to look like the first option, it works correctly.
How can i make the web service read the ksoap format correctly or how can i change it's expected format to look like ksoap request. (the web service soap protocol is auto generated).
Well the solution has 2 parts:
1. regarding removing the attribute types, I found the answer here:
using addMapping without the "i:type=" attribute in ksoap2 for android
I neede to set:
envelope.implicitTypes = true;
The name space has to end with a backspace, and i missed it.