Android client for WCF wshttpbinding with username token

Question

I'm trying to deploy an Android 3.0 client for a WCF WS-Security. The WCF WS implements username token as security access. I use KSOAP2 and I have no problem to access to a asmx service but when I try to make a call to a WCF WS the application throws this exception:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

It looks like this is a certificate credentials, but I have added server credential into keystore that my project uses.

This is the code off my client:

public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    System.setProperty("http.keepAlive", "false");
    try {
    /**String NAMESPACE = "http://tempuri.org/";
    String URL = "http://**host**/ObtenerDatos/ServicioDatos.asmx";
    String METHOD_NAME = "SumadorDatos";
    String SOAP_ACTION = "http://tempuri.org/SumadorDatos";*/
    String NAMESPACE = "https://tempuri.org/";
    String URL = "http://**host**//WCFServicio/SWObtenerDatos.svc";
    URL url = new URL(URL);
    String METHOD_NAME = "MetodoEnWS";
    String SOAP_ACTION = "http://tempuri.org/IObtenerDatos/MetodoEnWS";
    SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);      
    request.addProperty("xmlPeticion","dato");
    SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
    envelope.dotNet = true;
    envelope.setOutputSoapObject(request);
    StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();     
    StrictMode.setThreadPolicy(policy); 

    KeepAliveHttpsTransportSE transporte = new KeepAliveHttpsTransportSE(url.getHost(),url.getPort(),"",6000);
    try{

        transporte.call(SOAP_ACTION, envelope);

    try {
        SoapPrimitive resultado = (SoapPrimitive)envelope.getResponse();
        String res = resultado.toString();
        TextView tv = new TextView(this);
        tv.setText("El Resultado es: " + res);       
        setContentView(tv);
    } catch (SoapFault e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } 
    } catch (MalformedURLException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    } 
    }catch(Exception ex){
        ex.printStackTrace();
        this.closeContextMenu();
    }


}

Second question.

I don't know how to send to the server the username token and password into head. Must I create a soap envelope for myself adding headers, or does there exist a method like .net where I give the value of user name and pass to specific objects?

Answer 1

For adding property into header, you have to do something like this:

     Element[] header = new Element[2];  
     header[0] = new Element().createElement(NAMESPACE, "username");                 
     header[0].addChild(Node.TEXT, "Your username");

     header[1] = new Element().createElement(NAMESPACE, "password");                
     header[1].addChild(Node.TEXT, "Your Password");

     envelope.headerOut = header;                                 

For certificate, you can add this line:

HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    conn.setHostnameVerifier(new HostnameVerifier() {
        @Override
        public boolean verify(String arg0, SSLSession arg1) {
            return true;
        }
    });

So you accept all certificate