How to sign BinarySecurityToken in WSE 3.0
-
Tuesday, March 18, 2008 7:30 PMMy client application signs the body of the soap envelope as can be seen below. But the binarysecuritytoken needs to be signed as well.
How can I do that in WSE?
<wsse
ecurity soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-23b3b588-1d7e-4d2d-a99c-fdb160cd925f">
<wsu:Created>2008-03-12T09:47:42Z</wsu:Created>
<wsu:Expires>2008-03-12T09:52:42Z</wsu:Expires>
</wsu:Timestamp>
this----> <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-dfb912bc-1af3-4205-9a5f-87d036806779">xxxxxxx</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
....
<Reference URI="#Id-c9da23f8-4b72-4e09-80e3-295c8e94a303">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>rHCdlMgaO9pnQvxFp59sSNdiMqA=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>ZotsBPyV8P7EMU09M7PaQjFeByoFeNRgn6exRNm...
<soap:Body wsu:Id="Id-c9da23f8-4b72-4e09-80e3-295c8e94a303">
<downloadFileListin xmlns="http://xyz.fi/Service">
<RequestHeader xmlns="java:fi.bxd.model">
....
Thanks in advance.
All Replies
-
Monday, February 27, 2012 1:57 PM
Hi!
Did you find out how to sign the BinarySecurityToken? I am in the same situation now...
Thanks!
-
Tuesday, February 28, 2012 5:40 AMModeratorYou should try it with WCF.
John Saunders
WCF is Web Services. They are not two separate things.
Use WCF for All New Web Service Development, instead of legacy ASMX or obsolete WSE
Use File->New Project to create Web Service Projects
