0
I am trying to consume a SOAP 1.2 web service using a WCF client. The problem is, whenever I make a request an exception MessageSecurityException occurs with the following internal message:
SOAP header Security was not understood
From what I understand, WS does not understand the header of "Security", which is currently marked as Mustunderstand = "true" in the SOAP envelope.
How can I change Mustunderstand to false / remove the header "Security"?
Below is the Binding I’m using now:
<customBinding>
<binding name="CteRecepcaoSoap12">
<textMessageEncoding messageVersion="Soap12" />
<security authenticationMode="CertificateOverTransport"/>
<httpsTransport requireClientCertificate="true"/>
</binding>
</customBinding>
You have created a Web Reference or Service Reference?
– Jéf Bueno
@jbueno I created a Service Reference.
– Genos
OK. And what is the extent of the service?
– Jéf Bueno
@jbueno WS uses ASMX, if that’s what you mean.
– Genos
Remove the security header never is a good idea because it will allow Mitm attacks. That being said, there are ways to validate if the header is valid (which I do not have easy, sorry :( ).
– Eric Wu
@Ericwu agree, I suppose taking this header is a bad idea, but I don’t control that WS. I can only consume. Thanks for the input :)
– Genos