I'm trying to make a soap client in VisualStudio. First thing I've done was generating proxy class with delivered WSDL file (using Add Service Reference option in VisualStudio).
It was generated with wrong binding configuration - message security should be:
DefaultAsymmetricSignatureAlgorithm - "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
DefaultCanonicalizationAlgorithm - "http://www.w3.org/2001/10/xml-exc-c14n#" and
DefaultDigestAlgorithm - "http://www.w3.org/2001/04/xmlenc#sha256",
while it is:
DefaultAsymmetricSignatureAlgorithm "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
DefaultCanonicalizationAlgorithm "http://www.w3.org/2001/10/xml-exc-c14n#" and
DefaultDigestAlgorithm "http://www.w3.org/2000/09/xmldsig#sha1".
I changed basicHttpBinding settings in App.conf by adding:
<security mode="Message">
<message algorithmSuite="Basic256Sha256" clientCredentialType="Certificate"/>
</security>
and binding settings changed properly, I also set certificates:
var cert = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "//cert.p12", "Pass");
client.ChannelFactory.Credentials.ClientCertificate.Certificate = cert;
client.ClientCredentials.ClientCertificate.Certificate = cert;
Unfortunately I got exception: The service certificate is not provided for target 'http://.../service'. Specify a service certificate in ClientCredentials.
But I don't think I have a service certificate at all (service belongs to another company). I tried using the same certificate for ClientCertificate and ServiceCertificate.
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert;
But I got error: The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode.
Changing mode to None gives excepion Security not found.
I added <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/> in serviceBehaviors/behavior/serviceCredentials/clientCertificate, and it doesn't work.
I also tried adding <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/> in endpointBehaviors/behavior/clientCredentials/serviceCertificate,
but I got another error: "Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'nameA' but the remote endpoint provided DNS claim 'nameB'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'nameB' as the Identity property of EndpointAddress when creating channel proxy. ”
And I'm not sure if I go right way anymore. I don't know what to do :(
In general, sending request using SoupUI works fine, but I can't make right configuration in my client service to send any request.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 89%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 12%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)