EnableUnsecuredResponse flag not supported #3653
Comments
|
Adding @mconnew |
StephenBonikowsky
added
feature request
|
From @mconnew …
We are doing some additional investigating and gathering of info to make sure we have correctly identified the issue. That being the case a possible workaround would be to create a custom message encoder that would either modify the security header or remove it altogether. A code fix is probably the right way to go but it may not make it into the 3.0 release time frame. |
|
After some additional investigation it looks like the issue is the difference between having no security header at all versus having a security header with no content. From @mconnew the short-term workaround is to
We will consider what the correct long-term fix is for a future release. |
|
Moving to future work. |
StephenBonikowsky
added
Backlog
|
I see that |
|
@maheshnlrb, I was just going to suggest you submit a pull request, then saw you already have! |
|
@MaxiPigna glad @mconnew was able to help. Let us know if there is anything else we can do. |
@MaxiPigna Can you provide an specific example of how you ended up implement the missing property please? |
@echavez087 my previous message contains the link with the example. For semplicity, here it is: |
Thanks for your reply @MaxiPigna I did take a look at the sample, I just was't able to figure out how to add the missing property using that sample. I would really appreciate if you could help me figure it out. Sorry I don't have much experience with WCF. Thanks. |
|
Basically the problem was that the response message didn't contain a security header.
The workaround proposed was to manually add that header (an empty value is enough) to the response when reading the message. So, if you look at the |
@MaxiPigna thank you very much for the detailed explanation it helped me to understand much better. :) |
|
@MaxiPigna I tried your suggestion but got the error,
If I use any other security mode the server tells me I have an invalid username and password. // https://github.com/dotnet/wcf/issues/2219
MethodInfo method = typeof(XmlSerializer).GetMethod("set_Mode", BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static);
method.Invoke(null, new object[] { 1 });
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
SubmitCustomerData submitCustomerData = JsonConvert.DeserializeObject<SubmitCustomerData>(requestBody);
var binding = new System.ServiceModel.BasicHttpsBinding();
binding.Security.Mode = BasicHttpsSecurityMode.TransportWithMessageCredential;
var customBinding = new CustomBinding(binding);
var elements = customBinding.Elements;
var i = -1;
for (i = 0; i < elements.Count; i++)
{
if (typeof(MessageEncodingBindingElement).IsAssignableFrom(elements[i].GetType()))
break;
}
var mebe = (MessageEncodingBindingElement)elements[i];
elements[i] = new CustomMessageEncodingBindingElement(mebe);
// https://community.workday.com/sites/default/files/file-hosting/productionapi/Revenue_Management/v35.0/Revenue_Management.wsdl
EndpointAddress address = new EndpointAddress("https://our_own_implementation_address/Revenue_Management/v35.0");
Revenue_ManagementPortClient rm = new Revenue_ManagementPortClient(customBinding, address);
rm.ClientCredentials.UserName.UserName = "username";
rm.ClientCredentials.UserName.Password = "password";where public partial class Revenue_ManagementPortClient : System.ServiceModel.ClientBase<Revenue_ManagementPort>If I set a breakpoint at |
Hello, I am migrating an application which contains some WCF services calls from .NET Full to .Net Core. Unfortunately, one of these services could not be implemented because it requires a Custom Binding with the following security element:
EnableUnsecuredResponseflag is not available in .Net Core and without setting that flag I get a well known exceptionTransportSecurityBindingElement.BuildChannelFactoryCore is not supported.I didn't find any valid workaround for that. It would be great to have this feature supported in the next release.
The text was updated successfully, but these errors were encountered: