wcfjax-wsws-securityjava-metro-frameworkusernametoken

Visual Studio cannot consume Web Service containing UsernameToken policy

I am getting errors when trying to add a reference to a Web Service in Visual Studio 2010. The Web Service is implemented in Java using the JAX-WS/Metro/GlassFish stack and contains a UsernameToken policy. Here's an excerpt from the WSDL:

<wsp:Policy
        xmlns:wsp="http://www.w3.org/ns/ws-policy"
        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
        wsu:Id="UsernameToken">
    <sp:SupportingTokens>
        <wsp:Policy>
            <sp:UsernameToken sp:IncludeToken=".../IncludeToken/AlwaysToRecipient" />
        </wsp:Policy>
    </sp:SupportingTokens>
</wsp:Policy>

When I try to add a service reference to this web service in Visual Studio, I get the following warnings:

Custom tool warning:
  The following Policy Assertions were not Imported:
  XPath://wsdl:definitions[@targetNamespace='http://archfirst.org/bfoms/tradingservice.wsdl']/wsdl:binding[@name='TradingWebServicePortBinding']
  Assertions:
    <sp:SupportingTokens xmlns:sp='http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702'>..</sp:SupportingTokens>

Custom tool warning:
  Endpoint 'TradingWebServicePort' at address 'http://localhost:8080/bfoms-javaee/TradingService'
  is not compatible with Silverlight 4. Skipping...

Custom tool warning:
  No endpoints compatible with Silverlight 4 were found. The generated client
  class will not be usable unless endpoint information is provided via the
  constructor.

Why is Visual Studio not able to import the assertion?

P.S. I was able to import and test the web service using the SoapUI tool.

Solution

  • WCF by default only supports username token over secured transport = HTTPS (or with message security provided by certificates but message security is not supported by Silverlight at all). There is a way to build custom binding to allow user name token over unsecured transport but allowInsecureTransport is probably not supported by Silverlight 4 (I also didn't find it when creating custom binding).

    WCF also does not support username token with digested password. If you need username token with digested password you have to implement additional part of WCF security pipeline. Again it can be problem with limited feature set of Silverlight.

    You can try to create proxy service in your hosting application. This service will be called by Silverlight application and it will call Java service.