WSE 2.0 - Message Expired

N

nsyforce

I am using an HttpWebRequest to make a soap request to a web service.
I am buidling my own WSE header information to send over. When I do, I
get a Message Expired Error. However, the input file from the tracing
file I got from the webservice shows the following timestamp:

<wsu:Timestamp
wsu:Id="Timestamp-c8b86afa-0f68-4fae-8959-f271f0866212">
<wsu:Created>2005-10-18T17:26:50Z</wsu:Created>
<wsu:Expires>2005-10-18T17:36:50Z</wsu:Expires>
</wsu:Timestamp>
If you'd like to trust me, I will tell you that I was running this
between the created and expires time. The output file gives me this:

<faultcode
xmlns:code="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">code:MessageExpired</faultcode>
<faultstring>Microsoft.Web.Services2.Security.SecurityFault:
Message Expired ---&gt; System.Exception: At least one timestamp has
expired.
--- End of inner exception stack trace ---
at Microsoft.Web.Services2.Security.Utility.Timestamp.CheckValid()
at
Microsoft.Web.Services2.Security.Utility.Timestamp.LoadXml(XmlElement
element)
at
Microsoft.Web.Services2.Security.Utility.Timestamp..ctor(XmlElement
element)
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement
element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
message)</faultstring>

<faultactor>http://localhost/MsWsXmlEnc/HelloUsingXmlEnc.asmx</faultactor>

Can anyone think of why I would get this exception? Since I am
building my own headers, I have hard coded anywhere where I need a GUID
such as in <wsu:Timestamp
wsu:Id="Timestamp-c8b86afa-0f68-4fae-8959-f271f0866212"> as shown
above. Could it be that the GUID is more significant and I can't just
hard code it? The test was done with the client and server on the same
machine, so I know there is nothing funny going on with a bad time on
one server.

Thanks in advance for any help.
 
C

CESAR DE LA TORRE [MVP]

I Think you should not hardcode Timestamps. They are not just GUID, it deals
about expiration.
If you need so, you could generate GUIDs from your program using .NET API.
Use System.Guid.NewGuid(), or so.
In any case, Why do you need to generate your own GUID-Timestamps? Could you
send your code to take a look?
--
CESAR DE LA TORRE
Software Architect
[Microsoft MVP - XML Web Services]
[MCSE] [MCT]

Renacimiento
[Microsoft GOLD Certified Partner]
 
N

nsyforce

Cesar,
Thank you so much for your response. I have pasted the code below. I
have also changed it so that I am creating a new guid for the
messageId, timestamp, and securityToken id. However, I got the same
results.

I did notice something very interesting though. I actually saw this
happen before but when I posted yesterday, this wasn't happening so I
thought I may have fixed it. This morning when I tested, the input
file to my webservice had this for a timestamp:
<wsu:Timestamp wsu:Id="Timestamp-097cfcf9-7d52-494e-9917-a5fe157ef8a6">
<wsu:Created>2005-10-19T09:11:57Z</wsu:Created>
<wsu:Expires>2005-10-19T09:21:57Z</wsu:Expires>
</wsu:Timestamp>

However, the output file which generated the exception had this:
<wsu:Timestamp wsu:Id="Timestamp-09a51f64-67ba-4917-8729-4a4f36f8347f">
<wsu:Created>2005-10-19T13:16:57Z</wsu:Created>
<wsu:Expires>2005-10-19T13:21:57Z</wsu:Expires>
</wsu:Timestamp>

Note the time on the output has had 6 hours added to it, which
definitly would seem invalid. I reset IIS and deleted the old tracing
files so I'm positive the input and output are lining up with the same
request. Could it be that something under the covers is changing that
timestamp and causing this error?

Here is the code:

public class tester
{
public string CallWebMethodWithParams(string id, string password,
string webServiceURI, string webMethodName, params object[] parameters)
{
//Note: For the next 3 lines of code, the inputParams will be
//an array of parameters for the web service method being invoked.
string wsdl = WSDLReader.getWSDL(webServiceURI,webMethodName);
char[] delims = {'|'};
string[] inputParams = wsdl.Split(delims);

StringBuilder soapStarter = new StringBuilder();
soapStarter.Append("<?xml version='1.0' encoding='utf-8'?>");


//Beginning of envelope node
soapStarter.Append("<soap:Envelope
xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'");
soapStarter.Append("
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'");
soapStarter.Append(" xmlns:xsd='http://www.w3.org/2001/XMLSchema'");
soapStarter.Append("
xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/03/addressing'");
soapStarter.Append("
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'");
soapStarter.Append("
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>");
//End of envelope node

UserNameTokenMaker tm = new UserNameTokenMaker(id,password);
soapStarter.Append(tm.getSoapHeader(webServiceURI,webMethodName));

soapStarter.Append("<soap:Body>");
soapStarter.Append("<");
soapStarter.Append(webMethodName);
soapStarter.Append(" xmlns='http://tempuri.org/'>");

for(int i=0;i<inputParams.Length;i++)
{
string paramId = inputParams;
soapStarter.Append("<").Append(paramId).Append(">");
soapStarter.Append(Convert.ToString(parameters));
soapStarter.Append("</").Append(paramId).Append(">");
}

soapStarter.Append("</").Append(webMethodName).Append(">");
soapStarter.Append("</soap:Body>");
soapStarter.Append("</soap:Envelope> ");

XmlDocument doc = new XmlDocument();
doc.LoadXml(soapStarter.ToString());

string myResponse = string.Empty;
try
{
HttpWebRequest req =
(HttpWebRequest)WebRequest.Create(webServiceURI);
StringBuilder soapAction = new StringBuilder();
soapAction.Append("http://tempuri.org/").Append(webMethodName);
req.Headers.Add("SOAPAction",soapAction.ToString());

req.ContentType = "text/xml;charset='utf-8'";
req.Accept = "text/xml";
req.Method = "POST";
Stream stm = req.GetRequestStream();
doc.Save(stm);
stm.Close();
WebResponse resp = req.GetResponse();
stm = resp.GetResponseStream();
StreamReader r = new StreamReader(stm);
myResponse = r.ReadToEnd();
}
catch(SecurityFault eSec)
{
myResponse = string.Format(CONST_ERROR_FORMAT, "", eSec.ToString(),
(eSec.InnerException != null ? eSec.InnerException.ToString() :
string.Empty));
}
catch(Exception e)
{
myResponse = string.Format(CONST_ERROR_FORMAT, "", e.ToString(),
(e.InnerException != null ? e.InnerException.ToString() :
string.Empty));
}

return myResponse;
}
}


public class UserNameTokenMaker
{
private string _id;
private string _password;
public UserNameTokenMaker(string id,string password)
{
_id = id;
_password = password;
}
public string getSoapHeader(string URI,string methodName)
{
StringBuilder soapHeader = new StringBuilder();
soapHeader.Append("<soap:Header>");
soapHeader.Append("<wsa:Action>http://tempuri.org/").Append(methodName).Append("</wsa:Action>");
string myGuid = Guid.NewGuid().ToString();
soapHeader.Append("<wsa:MessageID>uuid:").Append(myGuid).Append("</wsa:MessageID>");
soapHeader.Append("<wsa:ReplyTo>");
soapHeader.Append("<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>");
soapHeader.Append("</wsa:ReplyTo>");
soapHeader.Append("<wsa:To>").Append(URI).Append("</wsa:To>");
soapHeader.Append(getUserNameTokenHeader());
soapHeader.Append("</soap:Header>");
return soapHeader.ToString();
}
private string getUserNameTokenHeader()
{
StringBuilder userNameHeader = new StringBuilder();

userNameHeader.Append("<wsse:Security soap:mustUnderstand='1'>");
userNameHeader.Append("<wsu:Timestamp
wsu:Id='Timestamp-").Append(Guid.NewGuid().ToString()).Append("'>");

DateTime rightNow = DateTime.Now.AddMinutes(-5);
string fromDay = rightNow.ToString("yyyy-MM-dd");
string fromTime = rightNow.ToString("HH:mm:ss");

DateTime notNow = rightNow.AddMinutes(10);
string toDay = notNow.ToString("yyyy-MM-dd");
string toTime = notNow.ToString("HH:mm:ss");

userNameHeader.Append("<wsu:Created>").Append(fromDay).Append("T").Append(fromTime).Append("Z").Append("</wsu:Created>");
userNameHeader.Append("<wsu:Expires>").Append(toDay).Append("T").Append(toTime).Append("Z").Append("</wsu:Expires>");
userNameHeader.Append("</wsu:Timestamp>");
userNameHeader.Append("<wsse:UsernameToken
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='SecurityToken-").Append(Guid.NewGuid().ToString()).Append("'>");
userNameHeader.Append("<wsse:Username>").Append(_id).Append("</wsse:Username>");
userNameHeader.Append("<wsse:password
Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>").Append(_password).Append("</wsse:password>");
userNameHeader.Append("<wsse:Nonce>KBlpA4ql1SWPoH8qT/hHbg==</wsse:Nonce>");
userNameHeader.Append("<wsu:Created>").Append(fromDay).Append("T").Append(fromTime).Append("Z").Append("</wsu:Created>");
userNameHeader.Append("</wsse:UsernameToken>");
userNameHeader.Append("</wsse:Security>");
return userNameHeader.ToString();
}




}





public class tester
{
public string CallWebMethodWithParams(string id, string password,
string webServiceURI, string webMethodName, params object[] parameters)
{
//Note: For the next 3 lines of code, the inputParams will be
//an array of parameters for the web service method being invoked.
string wsdl = WSDLReader.getWSDL(webServiceURI,webMethodName);
char[] delims = {'|'};
string[] inputParams = wsdl.Split(delims);

StringBuilder soapStarter = new StringBuilder();
soapStarter.Append("<?xml version='1.0' encoding='utf-8'?>");


//Beginning of envelope node
soapStarter.Append("<soap:Envelope
xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'");
soapStarter.Append("
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'");
soapStarter.Append(" xmlns:xsd='http://www.w3.org/2001/XMLSchema'");
soapStarter.Append("
xmlns:wsa='http://schemas.xmlsoap.org/ws/2004/03/addressing'");
soapStarter.Append("
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'");
soapStarter.Append("
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>");
//End of envelope node

UserNameTokenMaker tm = new UserNameTokenMaker(id,password);
soapStarter.Append(tm.getSoapHeader(webServiceURI,webMethodName));

soapStarter.Append("<soap:Body>");
soapStarter.Append("<");
soapStarter.Append(webMethodName);
soapStarter.Append(" xmlns='http://tempuri.org/'>");

for(int i=0;i<inputParams.Length;i++)
{
string paramId = inputParams;
soapStarter.Append("<").Append(paramId).Append(">");
soapStarter.Append(Convert.ToString(parameters));
soapStarter.Append("</").Append(paramId).Append(">");
}

soapStarter.Append("</").Append(webMethodName).Append(">");
soapStarter.Append("</soap:Body>");
soapStarter.Append("</soap:Envelope> ");

XmlDocument doc = new XmlDocument();
doc.LoadXml(soapStarter.ToString());

string myResponse = string.Empty;
try
{
HttpWebRequest req =
(HttpWebRequest)WebRequest.Create(webServiceURI);
StringBuilder soapAction = new StringBuilder();
soapAction.Append("http://tempuri.org/").Append(webMethodName);
req.Headers.Add("SOAPAction",soapAction.ToString());

req.ContentType = "text/xml;charset='utf-8'";
req.Accept = "text/xml";
req.Method = "POST";
Stream stm = req.GetRequestStream();
doc.Save(stm);
stm.Close();
WebResponse resp = req.GetResponse();
stm = resp.GetResponseStream();
StreamReader r = new StreamReader(stm);
myResponse = r.ReadToEnd();
}
catch(SecurityFault eSec)
{
myResponse = string.Format(CONST_ERROR_FORMAT, "", eSec.ToString(),
(eSec.InnerException != null ? eSec.InnerException.ToString() :
string.Empty));
}
catch(Exception e)
{
myResponse = string.Format(CONST_ERROR_FORMAT, "", e.ToString(),
(e.InnerException != null ? e.InnerException.ToString() :
string.Empty));
}

return myResponse;
}
}


public class UserNameTokenMaker
{
private string _id;
private string _password;
public UserNameTokenMaker(string id,string password)
{
_id = id;
_password = password;
}
public string getSoapHeader(string URI,string methodName)
{
StringBuilder soapHeader = new StringBuilder();
soapHeader.Append("<soap:Header>");
soapHeader.Append("<wsa:Action>http://tempuri.org/").Append(methodName).Append("</wsa:Action>");
string myGuid = Guid.NewGuid().ToString();
soapHeader.Append("<wsa:MessageID>uuid:").Append(myGuid).Append("</wsa:MessageID>");
soapHeader.Append("<wsa:ReplyTo>");
soapHeader.Append("<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>");
soapHeader.Append("</wsa:ReplyTo>");
soapHeader.Append("<wsa:To>").Append(URI).Append("</wsa:To>");
soapHeader.Append(getUserNameTokenHeader());
soapHeader.Append("</soap:Header>");
return soapHeader.ToString();
}
private string getUserNameTokenHeader()
{
StringBuilder userNameHeader = new StringBuilder();

userNameHeader.Append("<wsse:Security soap:mustUnderstand='1'>");
userNameHeader.Append("<wsu:Timestamp
wsu:Id='Timestamp-").Append(Guid.NewGuid().ToString()).Append("'>");

DateTime rightNow = DateTime.Now.AddMinutes(-5);
string fromDay = rightNow.ToString("yyyy-MM-dd");
string fromTime = rightNow.ToString("HH:mm:ss");

DateTime notNow = rightNow.AddMinutes(10);
string toDay = notNow.ToString("yyyy-MM-dd");
string toTime = notNow.ToString("HH:mm:ss");

userNameHeader.Append("<wsu:Created>").Append(fromDay).Append("T").Append(fromTime).Append("Z").Append("</wsu:Created>");
userNameHeader.Append("<wsu:Expires>").Append(toDay).Append("T").Append(toTime).Append("Z").Append("</wsu:Expires>");
userNameHeader.Append("</wsu:Timestamp>");
userNameHeader.Append("<wsse:UsernameToken
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='SecurityToken-").Append(Guid.NewGuid().ToString()).Append("'>");
userNameHeader.Append("<wsse:Username>").Append(_id).Append("</wsse:Username>");
userNameHeader.Append("<wsse:password
Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>").Append(_password).Append("</wsse:password>");
userNameHeader.Append("<wsse:Nonce>KBlpA4ql1SWPoH8qT/hHbg==</wsse:Nonce>");
userNameHeader.Append("<wsu:Created>").Append(fromDay).Append("T").Append(fromTime).Append("Z").Append("</wsu:Created>");
userNameHeader.Append("</wsse:UsernameToken>");
userNameHeader.Append("</wsse:Security>");
return userNameHeader.ToString();
}




}
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WSE 2.0 SP2 - TimeZone, "Message Expired" 7
Web Services exception 0
WSE 2.0 - The security token could not be authenticated or authori 2
WSE 2.0 SP3 DIME client error: Response is not well-formed XML. ---> System.Xml.XmlException: Root e 2
SOAP Message from WSE 12
WSE 2.0 and Global.asax Application_OnError 0
WSE 2 Authentication against a database 0
Sending DIME Attachments to Axis 0

Members online

Total: 27 (members: 1, guests: 26)
Robots: 227

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,024
Latest member
ARDU_PROgrammER

Latest Threads

Top