TechQA.

WSE2 to WCF: Signing a SOAP message

257 views Asked by At

I need to covert code from WSE2 to WCF and need a few tips on how to implement signing a SOAP message with a X509Certificate2 object.

WSE2 code:

X509SecurityToken tok = new X509SecurityToken(cert);
SoapContext cont = cfs.RequestSoapContext;
cont.Security.Tokens.Add(tok);
cont.Security.Elements.Add(new MessageSignature(tok));

"cert" is my X509Certificate2 object and "cfs" is my Web Services client object.

How can I make this work without WSE2, how to do the same in WCF?

wcf wse
Original Q&A
1

There are 1 answers

0
ankolbi On

You can use a custom binding for that, but first you must figure out which kind of binding you need. Look here and here. On custom binding you can add security token for signing. My asymmetric binding looks like this: (but you can also use symmetric binding)

AsymmetricSecurityBindingElement asymmetricBinding = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(
                MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
        asymmetricBinding.InitiatorTokenParameters = new X509SecurityTokenParameters
        {
            InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient
        };
        asymmetricBinding.RecipientTokenParameters = new X509SecurityTokenParameters
        {
            InclusionMode = SecurityTokenInclusionMode.Never
        };
        asymmetricBinding.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters
        {
            InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient
        });
        asymmetricBinding.IncludeTimestamp = true;
        asymmetricBinding.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
        asymmetricBinding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

        var textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
        var httpsTransport = new HttpsTransportBindingElement();

        CustomBinding b = new CustomBinding(asymmetricBinding, textMessageEncoding, httpsTransport);

Then you can set certificates on ClientCredentials of the EndpointClient

var wsClient = new YourEndpointClient(b, new EndpointAddress(yourWsEndPointAddress));
wsClient.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(cert);
wsClient.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(cert);

Related Questions in WCF

Related Questions in WSE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions