We have a WCF service, wsHttpBinding and CustomBasicAuthentication. The Client is a Windows Forms application and it works with specified username/password.
Now we need to make another client, which will be calling the service from an html page. I am trying to call the service using xmlHttpRequest but getting following error:
"http://www.w3.org/2005/08/addressing/soap/faults:Sendera:BadContextTokenThe message could not be processed. This is most likely because the action 'http://tempuri.org/IService/SayHello' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding"
HTML page:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<script src="Scripts/jquery-1.7.2.min.js" type="text/javascript"></script>
<script type="text/javascript">
function CallServer() {
var xmlhttp = new XMLHttpRequest();
xmlhttp.open('POST', 'http://localhost:56779/BeSTService.svc', true,"umais","asghar");
xmlhttp.setRequestHeader("Content-type", "application/soap+xml");
var sr ='<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">'+
'<s:Header>'+
'<a:Action s:mustUnderstand="1">http://tempuri.org/IService/SayHello</a:Action>'+
'<a:ReplyTo>'+
'<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>'+
'</a:ReplyTo>' +
'</s:Header>'+
'<s:Body>'+
'<SayHello xmlns="http://tempuri.org/">'+
'<name>Umais</name>'+
'</SayHello>'+
'</s:Body>'+
'</s:Envelope>';
xmlhttp.send(sr);
}
</script>
</head>
<body>
<div style="margin:50px">
<input type="button" value="Call Service" önclick="CallServer();" />
</div>
</body>
</html>
I have also tried adding Security Header in the Soap Message:
'<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">' +
'<o:UsernameToken>' +
'<o:Username>umais</o:Username>' +
'<o:Password>asghar</o:Password>' +
'</o:UsernameToken>' +
'</o:Security>' +
But same error, When using IClientMessageInspector in Windows Forms Application, the SOAP Message sent is exactly same as i am using in HTML, without Security Header
Please help