Skip to main content

WS-AT enabled WCF .NET service and Metro standalone client error

No replies
Joined: 2012-10-03

Hi everyone, I have a problem invoking WCF .NET 3.5 WSHttpBinding web service method, where the binding TransactionFlow is enabled but the transaction is not mandatory (only support), from a Metro 2.2.1u1 standalone client. If the TransactionFlow is disabled on the .NET web service, everything works just fine.

This is the error reported:

com.sun.xml.wss.impl.PolicyViolationException: com.sun.xml.wss.XWSSecurityException:

Encryption Policy verification error: Looking for an Encryption Element in Security header, but found

at com.sun.xml.wss.impl.policy.verifier.MessagePolicyVerifier.verifyPolicy(

I don't have an application server so I'm trying to disable transactional support by passing the TransactionalFeature to the client as follow:

TransactionalFeature feature = new TransactionalFeature(false);
feature .setFlowType(TransactionFlowType.NEVER);
feature .setVersion(Version.WSAT10);

IService port = (IService)service.getPort(new QName(URL, BINDING), IService.class, feature);

I think that the problem could be the protection order (EncryptBeforeSign instead of SignBeforeEncrypt) or an issue with empty SOAP header fields because the WSDL, when transaction flow is enabled, includes this elements:

that are not present when the transaction flow is disabled. In fact, there is no sp:EncryptedParts element.

Could anyone help me with this problem?
Does anybody know how to programmatically change the client protection order?