1

I have a soap-client application that is throwing an error possibly due to the soap-server started to use TLS 1.2.

The error:

Exception in REDACTED The message could not be processed.
This is most likely because the action 'REDACTED' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings.
The security context token would be invalid if the service aborted the channel due to inactivity.
To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.

This is my code:

public Service1Client GetSoapClient()
{
    string address = _configuration["soapurl"]; //"https://soapserver/Service.svc";

    Uri uri;
    bool isValidURI = Uri.TryCreate(address, UriKind.RelativeOrAbsolute, out uri);

    if (!isValidURI)
    {
        throw new Exception("URL is not valid");
    }

    EndpointAddressBuilder endpointAddressBuilder = new EndpointAddressBuilder();
    endpointAddressBuilder.Uri = uri;

    BasicHttpsBinding binding = new BasicHttpsBinding();
    binding.Security.Mode = BasicHttpsSecurityMode.Transport;
    binding.MaxReceivedMessageSize = 9000000;
    binding.MaxBufferPoolSize = 9000000;

    Service1Client SC = new Service1Client(binding, endpointAddressBuilder.ToEndpointAddress());

    // Suppress cert error for now
    SC.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
            new X509ServiceCertificateAuthentication()
            {
                CertificateValidationMode = X509CertificateValidationMode.None,
                RevocationMode = X509RevocationMode.NoCheck
            };
    return SC;
}

I tried explicitly setting the protocol to TLS 1.2:

public Service1Client GetSoapClient()
{
    string address = _configuration["soapurl"]; //"https://soapserver/Service.svc";
    Uri uri;
    bool isValidURI = Uri.TryCreate(address, UriKind.RelativeOrAbsolute, out uri);

    if (!isValidURI)
    {
        throw new Exception("URL is not valid");
    }

    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
    EndpointAddressBuilder endpointAddressBuilder = new EndpointAddressBuilder();
    endpointAddressBuilder.Uri = uri;

    // SC.Endpoint.Address = endpointAddressBuilder.ToEndpointAddress();
    BasicHttpsBinding binding = new BasicHttpsBinding();
    binding.Security.Mode = BasicHttpsSecurityMode.Transport;
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

    binding.MaxReceivedMessageSize = 900000;
    binding.MaxBufferPoolSize = 900000;
 
    Service1Client SC = new Service1Client(binding, endpointAddressBuilder.ToEndpointAddress()) ;
    SC.Endpoint.EndpointBehaviors.Add(new SslProtocolCertificateEndpointBehavior()
       {
           SslProtocols = SslProtocols.Tls12
       });
    SC.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
            new X509ServiceCertificateAuthentication()
            {
                CertificateValidationMode = X509CertificateValidationMode.None,
                RevocationMode = X509RevocationMode.NoCheck
            };
    return SC;
}

However, I am still getting the same error.

Any thoughts or ideas appreciated.

Improve this question

1 Answer 1

Reset to default
0

It turns out that there were issues in the Soap server itself. Once it was fixed, my original version of the code worked just fine with TLS1.2 enabled. The code I pasted in my original post about explicitly setting TLS 1.2 was not needed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.