I’m consuming a third-party web service in an ASP.NET webforms application. I simply added a web reference to the provided WSDL and coded up a basic call to the service from my code-behind. The provider of the web service requires that we send the XML for the request and response for approval. However, I don’t know how to accomplish that. My first instinct was to use Fiddler. But Fiddler can’t see the actual XML going over the wire due to the security features of the web service. Several blog posts suggest modifying the WSDL, but this doesn’t seem like a good thing to do since the provider of the web service would surely prefer that it be left intact. So my question is, what is the simplest and most direct way to capture the XML request and response for a secure web service? If the answer is Fiddler, please tell me how to do this since all I’m seeing are the encrypted calls.
EDIT — here’s the specific implementation of the security policy
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
namespace ShipWSSample
{
public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
public TrustAllCertificatePolicy()
{ }
public bool CheckValidationResult(ServicePoint sp,
System.Security.Cryptography.X509Certificates.X509Certificate cert, WebRequest req, int problem)
{
return true;
}
}
}
There are two levels of data encryption while consuming the service:
In the first case you can use Fiddler2 to decrypt the HTTPS traffic using a sort of “man-in-the-middle” attack on its proxy. Here are more details on it.