none
Need help on how to programmatically pass the Binary Security Token from C# code in visual studio 2012 RRS feed

  • Question

  • Hi All,

    Below is my signed SOAP request. I don't have any web.config configuration for this also no idea on how to implement message level security. Could you please suggest on implementation.

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:v1="http://www.notification/V1.0"
    xmlns:v11="http://www./effectivity/V1.0">
       <soapenv:Header>
          <wsse:Security
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
             <wsse:BinarySecurityToken
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
    
    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
    
    wsu:Id="X509-9B329C3CD7BD01ABE81422559607628108">MIIKZTCCCE2gAwIBAgIKXdo6EQACAAXqazANBgkqhkiG9w0BAQUFADB3MRMwEQYKCZImiZPyLGQBGRYDbmV0MRowGAYKCZImiZPyLGQBGRYKYm9tYmFyZGllcjEUMBIGCgmSJomT8ixkARkWBGFlcm8xFDASBgoJkiaJk/IsZAEZFgRhZXJvMRgwFgYDVQQDEw9BZXJvLUlzc3VpbmctQ0EwHhcNMTUwMTIzMTkzMzIyWhcNMTcwMTIyMTkzMzIyWjCBvzELMAkGA1UEBhMCQ0ExDzANBgNVBAgTBlF1ZWJlYzERMA8GA1UEBxMITW9udHJlYWwxGDAWBgNVBAoTD0JvbWJhcmRpZXIgSW5jLjESMBAGA1UECxMJQWVyb3NwYWNlMScwJQYDVQQDEx5jb2xsYWItZGV2LmFlcm8uYm9tYmFyZGllci5uZXQxNTAzBgkqhkiG9w0BCQEWJm10bF9pdF9vcHNfd2luZG93c0BhZXJvLmJvbWJhcmRpZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlzvsKg9LVifnEtxq947BXIcMV14ivIOvBgcoTdH6cw44ZUErp8MCSVBZnzJCmaRl4Qb1zUBrIjJk0h5omQPbFTUcpE84oHfvlJzNLknCVirks94RAvqtQFl0RgCl6EKiT3yNNncSI1OjPlL1wmebtghTyyRH3mqixWn2L43AF114nH/uIm5zozxCCIqW4biwx7PaHbuT6Kj3UzmarTXoGCDE8mbwUfCaQowaNWSCphU9BIqXUE2sW0FzNQnyjg0Z64FvSI07fJXCxb9URw61uQ3M5HCj8OqR5yQsiDuAnmw1AIccaoEBZu5yIhcY0xMVoNOKo3901xVEExBjbFJSwIDAQABo4IFqDCCBaQwCwYDVR0PBAQDAgWgMIIC!
     CwYDVR0RBIICAjCCAf6CHmNvbGxhYi1kZXYuYWVyby5ib21iYXJkaWVyLm5ldIIkY3Jhd2wtY29sbGFiLWRldi5hZXJvLmJvbWJhcmRpZXIubmV0giJhZG0tY29sbGFiLWRldi5hZXJvLmJvbWJhcmRpZXIubmV0gh5teXNpdGUtZGV2LmFlcm8uYm9tYmFyZGllci5uZXSCImFkbS1teXNpdGUtZGV2LmFlcm8uYm9tYmFyZGllci5uZXSCJGNyYXdsLW15c2l0ZS1kZXYuYWVyby5ib21iYXJkaWVyLm5ldIIiYWRtLWVudHNydi1kZXYuYWVyby5ib21iYXJkaWVyLm5ldIIiTVRMV1dNU1M2MDEuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIiTVRMV1dNU1M2MDIuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIiTVRMV1dNU1M2MDMuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIlc2VhcmNoZmFzdC1kZXYuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIpc2VhcmNoZmFzdC1hZG0tZGV2LmNhLmFlcm8uYm9tYmFyZGllci5uZXSCI210bHdhc21zcDYwMS5jYS5hZXJvLmJvbWJhcmRpZXIubmV0giFjbWlzc3AtZGV2LmNhLmFlcm8uYm9tYmFyZGllci5uZXQwHQYDVR0OBBYEFDa9eetNyQfJSvGWMqLM6PUY5Pe/MB8GA1UdIwQYMBaAFPcL/75Iad8EnXpbXm/8o/81NQHJMIIBYgYDVR0fBIIBWTCCAVUwggFRoIIBTaCCAUmGgc1sZGFwOi8vL0NOPUFlcm8tSXNzdWluZy1DQSxDTj1NVExXSVBLSTAwMixDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZXJvLERDPWFlcm8s!
     REM9Ym9tYmFyZGllcixEQz1uZXQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hkNodHRwOi8vbXRsd2lwa2kwMDMuYWVyby5hZXJvLmJvbWJhcmRpZXIubmV0L3BraS9BZXJvLUlzc3VpbmctQ0EuY3JshjJodHRwOi8vY2RwLmFlcm8uYm9tYmFyZGllci5jb20vQWVyby1Jc3N1aW5nLUNBLmNybDCCAW0GCCsGAQUFBwEBBIIBXzCCAVswgcEGCCsGAQUFBzAChoG0bGRhcDovLy9DTj1BZXJvLUlzc3VpbmctQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YWVybyxEQz1hZXJvLERDPWJvbWJhcmRpZXIsREM9bmV0P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MFIGCCsGAQUFBzAChkZodHRwOi8vbXRsd2lwa2kwMDMuYWVyby5hZXJvLmJvbWJhcmRpZXIubmV0L3BraS9BZXJvLUlzc3VpbmctQ0EoMikuY3J0MEEGCCsGAQUFBzAChjVodHRwOi8vY2RwLmFlcm8uYm9tYmFyZGllci5jb20vQWVyby1Jc3N1aW5nLUNBKDIpLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiFoPNlhYL3Xob1lTKCsPMIguTeGxOD/oINhsufMAIBZAIBDTATBgNVHSUEDDAKBggrBgEFBQcDATAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4ICAQCtFw4FKpzNr8gpnpHHJvgjUfe7FbXvzuf8qENJQA
    +5KJjD6rqeSGpDJcvSwiFblZobFswFb7OABrxfpvDnmDbBfvozHPhAWBnmISz0t2ydb7R/SY1cl8NihamCPrtVN/azVDVqvj1kHkrVRM18BGSFowqGixMFQr4rDgB75214FN69a85AnxV5O5ip
    +U9g/JdW2qRSGcfUd1np2QActllDimc+33rp/nXIaoXjRlXhkm+WxCt3Ca5OgwnVm3a4Ceiljj
    +1i5
    +8XV2zngv6eq4HlrBg0sFPaHWdjrIGcNyaWW0h0dPQUuv4Gm3zKDkQ3AQSC3cV5qCqmh6fCaCsI3us2kSJjHMZa
    +OSDLI7K01pDP85TieHeoONBo8mRKsOQ0e1FGXH2BkbXSN1DgfJ1IzddaBbSsnjR5gNrRMmZJnCXnluT8Gmwyv9EKjMit6yt0sWwrADd5ZIjYUnxnrkgfXpPY2kqK2gOl12IHjFK6d5vUsGTlIv9H3OmtCWVBHpR125C0CZvU987z3u9Gv4Jiuv/LpDuv1bNuqNHsQfSqSYsjEreGIP
    +DapzhMOefiv+kN4nLj3Owk4VdQm9
    +dxekwaS7HFwAQGOVik877mXxmjRhwxtZPW0ZrWs3fZ2z90Ppki4cGN/rtaLGz
    +WwicrPt1B34296kQkkIolWtiGjkpnQ==</wsse:BinarySecurityToken>
             <ds:Signature Id="SIG-9B329C3CD7BD01ABE81422559607628111"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                   <ds:CanonicalizationMethod
    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                      <ec:InclusiveNamespaces PrefixList="soapenv v1 v11"
    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   </ds:CanonicalizationMethod>
                   <ds:SignatureMethod
    Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                   <ds:Reference URI="#id-CF533499567BE717AA1422396248543100">
                      <ds:Transforms>
                         <ds:Transform
    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="v1 v11"
    xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod
    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    
    <ds:DigestValue>AYy1/Ni9XTOZy4F3AFagcxkLnws=</ds:DigestValue>
                   </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>B/psgt7s4dcnlAFK9HWPYSPRQi
    +B75tj7zv6KCG2IFd3y3kE0k4DjNyK17ZcqhXkUdxcmDoydbnH
    4WUq7XmeG05w/VTbwn8g8RIoY48NaCOCQsXl6RztxhzRxbeocwngebUclJPnEPw3Nr0zguvNFuPa
    wBkqcYFAgwG2dlwl/B8QVjvu1xjeXlVP5uHfubdpP
    +tG0OnCWztG16108ORqtA2Df3Aj/JnXk2jt
    RcIx6fPNna
    +mv/MtCGOpSO4vDOf66He/UunkKjo/O5OvO9wuRhZOMJcSEkwVHCBAr9qbRGR72snq
    C15GRcCpFyZIP7tElyY1WhBppKNi9j+YA0w9cQ==</ds:SignatureValue>
                <ds:KeyInfo Id="KI-9B329C3CD7BD01ABE81422559607628109">
                   <wsse:SecurityTokenReference
    wsu:Id="STR-9B329C3CD7BD01ABE81422559607628110">
                      <wsse:Reference
    URI="#X509-9B329C3CD7BD01ABE81422559607628108"
    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                   </wsse:SecurityTokenReference>
                </ds:KeyInfo>
             </ds:Signature>
          </wsse:Security>
       </soapenv:Header>
       <soapenv:Body wsu:Id="id-CF533499567BE717AA1422396248543100"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <v1:sendNotificationRequest>
             <v1:notificationHeader>
                <sourceAppID>PORTAL</sourceAppID>
                <creationTimestamp>2015-01-27T23:27:16.932Z</creationTimestamp>
             </v1:notificationHeader>
             <v1:notificationTarget>
                <!--Optional:-->
                <userID>?</userID>
                <!--Optional:-->
                <v1:emailChannel>
                   <!--Optional:-->
                   <v1:fromAddress>
                      <v1:emailAddress>?</v1:emailAddress>
                      <!--Optional:-->
                      <v1:name>?</v1:name>
                   </v1:fromAddress>
                   <!--Zero or more repetitions:-->
                   <v1:toAddress>
                      <v1:emailAddress>?</v1:emailAddress>
                      <!--Optional:-->
                      <v1:name>?</v1:name>
                   </v1:toAddress>
                   <!--Zero or more repetitions:-->
                   <v1:CCAddress>
                      <v1:emailAddress>?</v1:emailAddress>
                      <!--Optional:-->
                      <v1:name>?</v1:name>
                   </v1:CCAddress>
                   <!--Zero or more repetitions:-->
                   <v1:BCCAddress>
                      <v1:emailAddress>?</v1:emailAddress>
                      <!--Optional:-->
                      <v1:name>?</v1:name>
                   </v1:BCCAddress>
                </v1:emailChannel>
                <!--Optional:-->
                <v1:SMSChannel>
                   <message>?</message>
                   <phoneNumber>?</phoneNumber>
                </v1:SMSChannel>
                <!--Optional:-->
                <v1:portalNotifChannel>
                   <creationDate>?</creationDate>
                   <expiryDate>?</expiryDate>
                </v1:portalNotifChannel>
             </v1:notificationTarget>
             <!--Zero or more repetitions:-->
             <v1:company>
                <companyId>?</companyId>
                <!--Optional:-->
                <sourceSystemId>?</sourceSystemId>
             </v1:company>
             <!--Optional:-->
             <v11:aircraftEffectivity>
                <!--Zero or more repetitions:-->
                <v11:aircraftFamily>
                   <aircraftFamilyName>?</aircraftFamilyName>
                   <!--Zero or more repetitions:-->
                   <v11:aircraftModel>
                      <aircraftModelName>?</aircraftModelName>
                      <!--Zero or more repetitions:-->
                      <v11:aircraft>
                         <aircraftSerialNumber>?</aircraftSerialNumber>
                      </v11:aircraft>
                   </v11:aircraftModel>
                </v11:aircraftFamily>
             </v11:aircraftEffectivity>
             <!--Optional:-->
             <v11:userEffectivity>
                <!--You have a CHOICE of the next 2 items at this level-->
                <!--Zero or more repetitions:-->
                <role_DN>?</role_DN>
                <!--Zero or more repetitions:-->
                <role_CN>?</role_CN>
             </v11:userEffectivity>
             <!--You have a CHOICE of the next 2 items at this level-->
             <!--Optional:-->
             <v1:forcedNotify>
                <!--You have a CHOICE of the next 2 items at this level-->
                <!--Zero or more repetitions:-->
                <v1:notificationTarget>
                   <!--Optional:-->
                   <userID>?</userID>
                   <!--Optional:-->
                   <v1:emailChannel>
                      <!--Optional:-->
                      <v1:fromAddress>
                         <v1:emailAddress>?</v1:emailAddress>
                         <!--Optional:-->
                         <v1:name>?</v1:name>
                      </v1:fromAddress>
                      <!--Zero or more repetitions:-->
                      <v1:toAddress>
                         <v1:emailAddress>?</v1:emailAddress>
                         <!--Optional:-->
                         <v1:name>?</v1:name>
                      </v1:toAddress>
                      <!--Zero or more repetitions:-->
                      <v1:CCAddress>
                         <v1:emailAddress>?</v1:emailAddress>
                         <!--Optional:-->
                         <v1:name>?</v1:name>
                      </v1:CCAddress>
                      <!--Zero or more repetitions:-->
                      <v1:BCCAddress>
                         <v1:emailAddress>?</v1:emailAddress>
                         <!--Optional:-->
                         <v1:name>?</v1:name>
                      </v1:BCCAddress>
                   </v1:emailChannel>
                   <!--Optional:-->
                   <v1:SMSChannel>
                      <message>?</message>
                      <phoneNumber>?</phoneNumber>
                   </v1:SMSChannel>
                   <!--Optional:-->
                   <v1:portalNotifChannel>
                      <creationDate>?</creationDate>
                      <expiryDate>?</expiryDate>
                   </v1:portalNotifChannel>
                </v1:notificationTarget>
                <!--Optional:-->
                <notificationChannel>
                   <!--Zero or more repetitions:-->
                   <userID>?</userID>
                   <forcedNotifyChannel>?</forcedNotifyChannel>
                   <!--Optional:-->
                   <v1:fromAddress>
                      <v1:emailAddress>?</v1:emailAddress>
                      <!--Optional:-->
                      <v1:name>?</v1:name>
                   </v1:fromAddress>
                </notificationChannel>
                <!--Optional:-->
                <v11:userEffectivity>
    
    <role_DN>cn=owner_purchasing,cn=owner,cn=eservices_basic_access,ou=eservices,ou=groups,dc=bombardier,dc=com</role_DN>
    
    <role_DN>cn=owner_broker,cn=owner,cn=eservices_basic_access,ou=eservices,ou=groups,dc=bombardier,dc=com</role_DN>
                </v11:userEffectivity>
             </v1:forcedNotify>
             <subject>AHMS Notification</subject>
             <payload>You are receiving an AHMS notification</payload>
             <v1:isGroupingAllowed>false</v1:isGroupingAllowed>
             <v1:emailAttachment>
                <v1:fileName>?</v1:fileName>
                <!--Optional:-->
                <v1:fileSize>?</v1:fileSize>
                <!--Zero or more repetitions:-->
                <Content>cid:354298590057</Content>
                <!--Zero or more repetitions:-->
                <ContentEncoding>?</ContentEncoding>
                <!--Zero or more repetitions:-->
                <ContentEncodingType>?</ContentEncodingType>
             </v1:emailAttachment>
             <!--Optional:-->
             <priority>?</priority>
          </v1:sendNotificationRequest>
       </soapenv:Body>
    </soapenv:Envelope>

    Any help would be great.

    I need to programmatically send the token to the webservice and initiate request and response accordingly

    Thanks in advance.

    Friday, January 30, 2015 12:15 PM

All replies

  • Hi,

    There could a service method which is passing sensitive information over the wire and you want to take some exclusive security measure for the service method in question. You can pack a security token in the relevant message header for the service method and validate the same in the service end before returning response. Also, since the information in the message is highly sensitive, you can sign and encrypt the message.

    For more information, you could refer to:

    http://www.codeproject.com/Articles/318810/WCF-Service-Method-Level-Security-using-Message-Co

    http://dotnetmentors.com/wcf/wcf-message-level-security-by-example.aspx

    Regards

    Monday, February 2, 2015 5:50 AM
    Moderator
  • Hi Shawn,

    Thanks for your help. I am still struggling. There is a Binary security token element which will contain the public version of the certificate, with the certificate itself sent along as base64 encoded data.

    Below is my code, if you can suggest:

    ClientSection clientSection = ClientSection)WebConfigurationManager.GetSection("system.serviceModel/client");
    ChannelEndpointElement endpoint = clientSection.Endpoints[0];
    string endpointStr = string.Format("Address: {0}; BindingConfiguration: {1}; Contract: {2}", endpoint.Address.ToString(), endpoint.BindingConfiguration, endpoint.Contract);
    EndpointAddress remoteAddress = new EndpointAddress(endpoint.Address.ToString());
    NotificationServiceClient client = new NotificationServiceClient(endpoint.BindingConfiguration, remoteAddress);
    
    X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
                                store.Open(OpenFlags.ReadOnly);
    X509Certificate2 cert = new X509Certificate2();
    for (int i = 0; i < store.Certificates.Count; i++)
     {
       if (store.Certificates[i].Subject == "E=mtl_it_ops_windows@aero.bombardier.com, CN=collab-dev.aero.bombardier.net, OU=Aerospace, O=Bombardier Inc., L=Montreal, S=Quebec, C=CA")
     {
         cert = store.Certificates[i];
                                                                            
      }
                                    
    }
    //byte[] rawdata = cert.GetRawCertData();
    //BinarySecretSecurityToken token = new BinarySecretSecurityToken(rawdata);
    
    X509SecurityToken token = new X509SecurityToken(cert);
    
    client.ClientCredentials.ClientCertificate.Certificate = cert;
    
    // instead of certificate the enoced token needs to be sent.
    
    Any help would be great. I am totally new to wcf.
    
    
    Thanks.

    Monday, February 2, 2015 7:12 AM