none
WCF Signing Certificate is different than Client Certificate RRS feed

  • Question

  • Hi All ,

    I am stuck into following scenario.

    1. I want to send message to webservice using SSL with client certificate (Suppose Client certificate is X).

    2. I also want to sign the message (Suppose Signing certificate is Y).

    Also

    1. I want to create WCF service which can receive message over SSL with client certificate (Suppose Client certificate is A).

    2. I also need to verify the Message signing certificate (Suppose Signing certificate is B).

    I tried WCF TransportWithMessageCredentials but no separate place to specify Client certificate and Signing Certificate.

    Please anybody can guide me how can i achieve this in WCF (preferably with BizTalk WCF adapter).

    Regards

    Kundan

    Wednesday, August 20, 2014 1:19 PM

Answers

  • Thanks , I got the way to do.

    We have to create Custom End point behaviour. I followed following link.

    http://blogesh.wordpress.com/2009/10/08/separate-certificates-for-transport-and-message-security-in-wcf/

    Regards

    Kundan

    Friday, August 22, 2014 12:56 PM

All replies

  • Hi,

    If I do not misunderstand you, then maybe you can try to use the WCF TransportWithMessageCredential mode with the wsHttpBinding, by default, all secure WCF bindings (like wsHttpBinding) will encrypt and sign messages as following:

     <wsHttpBinding>
                <binding name="wsHttpEndpointBinding">
                    <security mode="TransportWithMessageCredential">
                        <transport clientCredentialType="Certificate"/>
                        <message clientCredentialType="Certificate"/>
                    </security>
                </binding>
    </wsHttpBinding>
    Then one certificate will be used to sign the message, the other certificate will be used for the client authentication.
    Besides, please also try to check this thread:
    http://stackoverflow.com/questions/7620810/wcf-4-transportwithmessagecredential-using-x-509-certificates-for-transport-an .


    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    Thursday, August 21, 2014 7:17 AM
    Moderator
  • Yes, but I want to specify separate Client and Message certificate. But in ClientCredentials End point Behavior i can get option to specify only 1 certificate.

    And also the target webservice is third party service with SOAP 1.1 version.

    Regards

    Kundan

    Thursday, August 21, 2014 10:27 AM
  • Thanks , I got the way to do.

    We have to create Custom End point behaviour. I followed following link.

    http://blogesh.wordpress.com/2009/10/08/separate-certificates-for-transport-and-message-security-in-wcf/

    Regards

    Kundan

    Friday, August 22, 2014 12:56 PM