none
WCF - Error in response during a signed communication RRS feed

  • Question

  • Hi everybody

    I have a client that sign the body of a message.

    The class structure is:

    [System.ServiceModel.MessageContractAttribute(WrapperName = "simpleEncryptInput", WrapperNamespace = "http://xxx/2013/06/schemas/simple", IsWrapped = true,  ProtectionLevel = System.Net.Security.ProtectionLevel.Sign)]
        public partial class SimpleEncryptOperationRequest {
            
    [System.ServiceModel.MessageHeaderAttribute(Namespace = "http://xxx/eip/2013/07/schemas/business",  ProtectionLevel = System.Net.Security.ProtectionLevel.None)]
            public TestFirmando2.ServiceReference1.BusinessHeader businessHeader;
            
    [System.ServiceModel.MessageHeaderAttribute(Namespace = "http://xxx/eip/2013/08/schemas/technical",  ProtectionLevel = System.Net.Security.ProtectionLevel.None)]
            public TestFirmando2.ServiceReference1.TechnicalHeader technicalHeader;
            
    [System.ServiceModel.MessageBodyMemberAttribute(Namespace = "http://xxx/2013/06/schemas/simple", Order = 0,  ProtectionLevel = System.Net.Security.ProtectionLevel.Sign)]
            public string @in;
            
            public SimpleEncryptOperationRequest() {
            }
            
            public SimpleEncryptOperationRequest(TestFirmando2.ServiceReference1.BusinessHeader businessHeader, TestFirmando2.ServiceReference1.TechnicalHeader technicalHeader, string @in) {
                this.businessHeader = businessHeader;
                this.technicalHeader = technicalHeader;
                this.@in = @in;
            }
        }

    In the app.config file I use a customBinding element as follows:

      <system.serviceModel>
        <bindings>
          <customBinding>
            <binding name="customSecurity">
              <textMessageEncoding messageVersion="Soap11" />
              <security authenticationMode="MutualCertificate" requireDerivedKeys="false" includeTimestamp="true" keyEntropyMode="ClientEntropy" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireSecurityContextCancellation="false" requireSignatureConfirmation="false">     
                <secureConversationBootstrap />
              </security>
              <httpTransport />
            </binding>
          </customBinding>
        </bindings>
        <client>
            <endpoint address="http://localhost:5521/ws/SPAIF_Test1_POC_SOA_vs1" binding="customBinding" bindingConfiguration="customSecurity" contract="ServiceReference1.SimpleService" name="SPAIF_Test1_POC_SOA_vs1soaphttp" behaviorConfiguration="AxaWCFBehaviourX509">
            <identity>
              <dns value="partner1" />
            </identity>
          </endpoint>
        </client>
        <behaviors>
          <endpointBehaviors>
            <behavior name="AxaWCFBehaviourX509">
              <clientCredentials>
                <clientCertificate findValue="partner1" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPublisher" />
                <serviceCertificate>
                  <defaultCertificate findValue="partner1" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPublisher" />
                  <authentication certificateValidationMode="None" revocationMode="NoCheck" trustedStoreLocation="LocalMachine" />
                </serviceCertificate>
              </clientCredentials>
            </behavior>
          </endpointBehaviors>
        </behaviors>
      </system.serviceModel>

    With this configuration, the body message is signed and the server process successfully. When the server respond and the WCF client proxy process the response a exception :

    The 'businessHeader', 'http://xxx/eip/2013/07/schemas/business', required message part was not signed.

    I see the response message and the body is signed but not that header, I’m not configured the application to sign this header and I cannot see anywhere where this header would be required.

    Why the proxy throws the exception? Why does it say that the header has to be signed?

    Thanks a lot



    Wednesday, January 8, 2014 2:17 PM

Answers