WCF API testing in Postman

Ask the Experts and Postman Tips
,
1

@danny-dainton

Hi again Danny. Forgive the crude copy/paste job

I was wondering if anyone has had experience testing a WCF API with a SOAP Action, using Postman ?
This is also using OAuth2

I am trying to test using Postman but keep running up against a 401.
This is the same when I try SOAPUI.
I wrote a quick test in .Net using HttpClient and get the expected Response.

I am trying to create a collection to give to Client’s, rather than writing an app that has to be maintained etc…

any hints or help would be greatly appreciated.

2 Likes
2

Hey @ConnAtBrady :wave:

Are you able to share a redacted copy of the HttpClient code that you created?

There might be some clues in there about any differences between those requests.

1 Like
3

hi Danny, sure

Token Request:

            using var client = new HttpClient();
            // Request token
            var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenEndpoint);
            tokenRequest.Content = new FormUrlEncodedContent(new[]
            {
                new KeyValuePair<string, string>("grant_type", "client_credentials"),
                new KeyValuePair<string, string>("client_id", clientId),
                new KeyValuePair<string, string>("client_secret", clientSecret)
            });

            var tokenResponse = await client.SendAsync(tokenRequest);
            tokenResponse.EnsureSuccessStatusCode();

            string tokenContent = await tokenResponse.Content.ReadAsStringAsync();
            return Newtonsoft.Json.Linq.JObject.Parse(tokenContent)["access_token"]!.ToString();

API Request:

            using var client = new HttpClient();
            var apiRequest = new HttpRequestMessage(HttpMethod.Get, apiEndpoint);
            apiRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
            apiRequest.Headers.Add("SOAPAction", soapAction);
            apiRequest.Headers.Add("ContentType", "application/xml");
            apiRequest.Headers.Add("Accept", "text/xml");
            apiRequest.Content = new StringContent(soapEnvelope, Encoding.UTF8, "text/xml");

            var apiResponse = await client.SendAsync(apiRequest);
            apiResponse.EnsureSuccessStatusCode();

            return await apiResponse.Content.ReadAsStringAsync();
1 Like
4

Is the Token Request successful?

Are you using the OAuth helper in the request to get the token or is that a standalone request?

Are you storing that token value in your Postman response as a variable, to reuse in the other request?

5

for basics to get a working solution i am generating the token in postman, then putting that into the request

with the HTTPClient code, yes I generate a valid token

6

So for the first part in Postman, that successfully generates the token from the request.

Then you’re seeing a 401 from the second request, with that newly created token?

Are you using the Bearer Token helper in the second request or manually added an Authorization:Bearer XXXX request header?

Apologies for all the questions, I can’t see what you have in front of you so I’m trying to build up a picture in my mind.

7

no apologies necessary

for now i am doing the second part, and add the generated token, of course passing a parameter. but get it working first

image
image914×464 77.6 KB

8

image
image833×433 41.3 KB

9

Could you try setting storing/copying the valid token, set the Auth Type to “No Auth” and then manually adding an Authorization Request Header instead?

image
image886×300 13.1 KB

I just wanted to check it not something weird happening with that Auth Helper.

10

hi Danny, still the same.

image
image292×168 9.08 KB

image
image797×401 35.5 KB

I think i need to go back to scratch and start again, and drag a developer in to explain this in depth. i have a set of thumb screws somewhere :smiley:

But thats a problem for Monday :smiley:

1 Like
11

Hi Danny, why are weekends never long enough :smiley:

Our developers have advised attaching a server Certificate for this issue, but still getting issues.

So I am using a .pfx certificate and now being advised to try a PEM file.

Beginning to think this is following the old Confucius analogy of throw enough at the wall, and some might stick :stuck_out_tongue:

Would you have a recommended approach to attaching certificates ?

1 Like
12

You can find more information about how this can be done via our Docs site - Hopefully that give you enough to have a crack at it on your side :pray:

13

Hi again Danny, I won’t say happy Monday, the only Monday that make us happy is a Bank Holiday Monday :smiley:

So I created a small .Net app to interact with our API and then ran it with Fiddler polling for network traffic.
From this, I think it looks like the problem lies with how WCF authenticates, as well as OAUTH2, i.e.

  1. The first request sends the SOAP envelope but gets 401 Unauthorized because the server requires authentication.
  2. The second request is a simple POST that also gets 401, but this triggers the authentication mechanism.
  3. The third request includes the correct Negotiate token and JWT—this is why it succeeds with 200 OK.

So I need to find out how I can get Postman to handle this sequence, hopefully without writing a script to do so.

Is this possible ? Even with a script, if not possible through the UI ?