locked
soap using wsdl generated class RRS feed

  • Question

  • User-1906053058 posted

    This is my  web.config . I want to  add security headers for ws-security
    Not sure if I need a custombinding or wshttp

          <bindings>
          <!--<wsHttpBinding>
            <binding name="EBinding">
              <security mode="Transport" authenticationMode="SecureConversation" requireSecurityContextCancellation="true">
                <message clientCredentialType="IssuedToken"/>
                --><!--Specifies the character encoding and message versioning used for text-based XML messages.--><!--
                <textMessageEncoding messageVersion="Soap11"/>
                
                <httpTransport/>
              </security>
            </binding>
            
          </wsHttpBinding>-->
          <customBinding>
            <binding name="MHService_MHSPort">
              <!--    WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://org/emedny/mhs/':    -->
              <!--    <wsdl:binding name='MHS'>    -->
              <!--        <dpe:summary xmlns:dpe="http://www.datapower.com/extensions">..</dpe:summary>    -->
              <!--        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">..</sp:SupportingTokens>    -->
              <security mode="Transport" authenticationMode="SecureConversation" requireSecurityContextCancellation="true">
                <message clientCredentialType="IssuedToken"/>
                <!--Specifies the character encoding and message versioning used for text-based XML messages.-->
                <textMessageEncoding messageVersion="Soap11"/>
              </security>
             
              <!--Specifies the character encoding and message versioning used for text-based XML messages.-->
              <textMessageEncoding messageVersion="Soap11"/>
              <httpTransport/>
              
            </binding>
          </customBinding>
        </bindings>
        <client>
          
          <endpoint address="https://12.23.28.113:9047/MHService"
                    binding="MHService_MHSPort" bindingConfiguration="MHService_MHSPort" contract="ProxyGeneration.MHS" name="MHSPort" />
          
        </client>
        <behaviors>
          <endpointBehaviors>
            <behavior name="CustomBehaviorConfiguration">
              <clientCredentials>
                <clientCertificate findValue="LMWARD" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My"/>
                <serviceCertificate>
                  <authentication revocationMode="NoCheck" certificateValidationMode="None"/>
                </serviceCertificate>
              </clientCredentials>
            </behavior>
          </endpointBehaviors>
        </behaviors>




    This is my wsdl

           <wsdl:definitions xmlns:wsp200607="http://www.w3.org/2006/07/ws-policy" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:ns0="http://org/emedny/mhs/" xmlns:wsp200409="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap11="http://schemas.xmlsoap.org/wsdl/soap/" targetNamespace="http://org/emedny/mhs/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
          <wsp:Policy wsu:Id="policy0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsp:ExactlyOne>
              <wsp:All>
                <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                  <wsp:Policy>
                    <wsp:ExactlyOne>
                      <wsp:All>
                        <sp:InitiatorToken>
                          <wsp:Policy>
                            <wsp:ExactlyOne>
                              <wsp:All>
                                <sp:X509Token>
                                  <wsp:Policy>
                                    <wsp:ExactlyOne>
                                      <wsp:All>
                                        <sp:WssX509V3Token11 />
                                      </wsp:All>
                                    </wsp:ExactlyOne>
                                  </wsp:Policy>
                                </sp:X509Token>
                              </wsp:All>
                            </wsp:ExactlyOne>
                          </wsp:Policy>
                        </sp:InitiatorToken>
                        <sp:RecipientToken>
                          <wsp:Policy>
                            <wsp:ExactlyOne>
                              <wsp:All>
                                <sp:X509Token>
                                  <wsp:Policy>
                                    <wsp:ExactlyOne>
                                      <wsp:All>
                                        <sp:WssX509V3Token11 />
                                      </wsp:All>
                                    </wsp:ExactlyOne>
                                  </wsp:Policy>
                                </sp:X509Token>
                              </wsp:All>
                            </wsp:ExactlyOne>
                          </wsp:Policy>
                        </sp:RecipientToken>
                        <sp:AlgorithmSuite>
                          <wsp:Policy>
                            <wsp:ExactlyOne>
                              <wsp:All>
                                <sp:TripleDesRsa15 />
                              </wsp:All>
                            </wsp:ExactlyOne>
                          </wsp:Policy>
                        </sp:AlgorithmSuite>
                      </wsp:All>
                    </wsp:ExactlyOne>
                  </wsp:Policy>
                </sp:AsymmetricBinding>
                <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                  <sp:Body />
                </sp:SignedParts>
                <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                  <sp:Body />
                </sp:EncryptedParts>
              </wsp:All>
            </wsp:ExactlyOne>
          </wsp:Policy>
          <wsp:Policy wsu:Id="policy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsp:ExactlyOne>
              <wsp:All>
                <dpe:summary xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:dpe="http://www.datapower.com/extensions">
                  <dppolicy:domain xmlns:dppolicy="http://www.datapower.com/policy">
              http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
            </dppolicy:domain>
                  <description>
              Implements WS Security Policy 1.2 - UsernameToken 1.0 support
            </description>
                </dpe:summary>
                <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                  <wsp:Policy>
                    <wsp:ExactlyOne>
                      <wsp:All>
                        <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                          <wsp:Policy>
                            <wsp:ExactlyOne>
                              <wsp:All>
                                <sp:WssUsernameToken10 />
                              </wsp:All>
                            </wsp:ExactlyOne>
                          </wsp:Policy>
                        </sp:UsernameToken>
                      </wsp:All>
                    </wsp:ExactlyOne>
                  </wsp:Policy>
                </sp:SupportingTokens>
              </wsp:All>
            </wsp:ExactlyOne>
          </wsp:Policy>
          <wsdl:types xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <xsd:schema>
              <xsd:import schemaLocation="MHService.xsd1.xsd" namespace="http://org/emedny/mhs/" />
            </xsd:schema>
          </wsdl:types>
          <wsdl:message name="getCCDResponse">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:getCCDResponse" />
          </wsdl:message>
          <wsdl:message name="getEligibilityRequest">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:getEligibility" />
          </wsdl:message>
          <wsdl:message name="getEligibilityResponse">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:getEligibilityResponse" />
          </wsdl:message>
          <wsdl:message name="getNCPDPHistoryRequest">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:getNCPDPHistory" />
          </wsdl:message>
          <wsdl:message name="getNCPDPHistoryResponse">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:getNCPDPHistoryResponse" />
          </wsdl:message>
          <wsdl:message name="getPDQRequest">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:getPDQRequest" />
          </wsdl:message>
          <wsdl:message name="MHSFault">
            <wsdl:part xmlns:xsns="http://org/emedny/mhs/" name="parameters" element="xsns:Fault" />
          </wsdl:message>
          <wsdl:portType name="MHS">
            <wsdl:operation name="getCCD">
              <wsdl:input name="getPDQRequest" message="ns0:getPDQRequest" />
              <wsdl:output name="getCCDResponse" message="ns0:getCCDResponse" />
              <wsdl:fault name="MHSFault" message="ns0:MHSFault" />
            </wsdl:operation>
            <wsdl:operation name="getEligibility">
              <wsdl:input name="getEligibilityRequest" message="ns0:getEligibilityRequest" />
              <wsdl:output name="getEligibilityResponse" message="ns0:getEligibilityResponse" />
              <wsdl:fault name="MHSFault" message="ns0:MHSFault" />
            </wsdl:operation>
            <wsdl:operation name="getNCPDPHistory">
              <wsdl:input name="getNCPDPHistoryRequest" message="ns0:getNCPDPHistoryRequest" />
              <wsdl:output name="getNCPDPHistoryResponse" message="ns0:getNCPDPHistoryResponse" />
              <wsdl:fault name="MHSFault" message="ns0:MHSFault" />
            </wsdl:operation>
          </wsdl:portType>
          <wsdl:binding name="MHS" type="ns0:MHS">
            <soap11:binding transport="http://schemas.xmlsoap.org/soap/http" />
            <wsdl:operation name="getCCD">
              <soap11:operation soapAction="" style="document" />
              <wsdl:input name="getPDQRequest">
                <soap11:body use="literal" />
              </wsdl:input>
              <wsdl:output name="getCCDResponse">
                <soap11:body use="literal" />
              </wsdl:output>
              <wsdl:fault name="MHSFault">
                <soap11:fault use="literal" name="MHSFault" namespace="" />
              </wsdl:fault>
            </wsdl:operation>
            <wsdl:operation name="getEligibility">
              <soap11:operation soapAction="" style="document" />



                
                    
     
    I dont have any kind of SOAp headers to use in my proxyclass. I am  missing  security headers for ws-security for web.config.
    This is how the sample soap request header looks like

       

     <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
            <soapenv:Header>
            <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
            <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
            <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
            <wsse:Username>....your_username.....</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
            <wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
            <wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
            </wsse:UsernameToken>
            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <wsse:SecurityTokenReference>
            <wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
            </KeyInfo>
            <xenc:CipherData>
            <xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:ReferenceList>
            <xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
            </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
    



     I am using wcf to do this.How do I actually generate the soap xml. I don't want to be hard coding all this.. Although I started to do this.
    `   soapXML = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:mhs=\"http://org/emedny/mhs/\" xmlns:urn=\"urn:hl7-org:v3\" >";
                            soapXML += "<soapenv:Header>\n";
                
                            // Add security block for X.509 certificate
                            soapXML = "<wsse:Security soap:mustUnderstand=\"1\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">";
                            soapXML += "<wsse:BinarySecurityToken ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
                            soapXML += "EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        `
    Even if I do how would I generate these security and binary tokens. This request uses ws-security..I am doing my research and reading about it to the best of my understanding.

    Please help with this web.config to add security headers for ws-security
    Thank you
    user


    Thursday, May 2, 2013 9:12 PM

All replies

  • User-1000095884 posted

    Hi,

    If the service obeys WS-* protocols and you can generate a proxy, then if you specify the credentials and header at client side, it will generate header for you which includes those information. Check also:

    http://forums.asp.net/p/1858995/5215126.aspx/1?Re+What+is+the+Request+in+this+soap+message+

    Best Regards.

    Tuesday, May 7, 2013 3:30 AM
  • User-1906053058 posted

    Hi Haixia, My request doesn't have a usernametoken

    This is mycode

        protected void Button2_Click(object sender, EventArgs e)
            {
                var b = new CustomBinding();
                var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
              
                    UserNameSecurityTokenParameters tokenParameters = new
                      UserNameSecurityTokenParameters();
                    tokenParameters.InclusionMode =
                      SecurityTokenInclusionMode.AlwaysToRecipient;
                    tokenParameters.RequireDerivedKeys = false;
                    sec.EndpointSupportingTokenParameters.SignedEncrypted.Add(
                      tokenParameters);
                //b.Elements.Add(security);
           //     sec.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
                sec.MessageSecurityVersion =
                    MessageSecurityVersion.
                        WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
                sec.IncludeTimestamp = true;
                sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
    
                b.Elements.Add(sec);
                b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
                b.Elements.Add(new HttpTransportBindingElement());
               
    
                //AddressHeader addressHeader1 = AddressHeader.CreateAddressHeader("wsse", "http://12.23.28.113:9047/MHService", 1);
                AddressHeader[] addressHeaders = null;
                EndpointAddress endptAddress = new EndpointAddress(new Uri("http://12.23.28.113:9047/MHService"), EndpointIdentity.CreateDnsIdentity("DPMedsHistory"), addressHeaders);
                
                MHSClient serviceProxy = new MHSClient(b, endptAddress);
                serviceProxy.ClientCredentials.UserName.UserName = "sss";
                serviceProxy.ClientCredentials.UserName.Password = "ccc";
                serviceProxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "sss");
                serviceProxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "rrr");
               
    
                
                byte[] array = Encoding.ASCII.GetBytes(s);
                Transaction t = new Transaction();
                t.transData = array;
                serviceProxy.getEligibility(t);
    
            }
    

    s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo+4RV4gAgpRJlYK0heeu6qEAAAAA4nFRB2UZwEG8nMtAVeuFcc+pBDq9x/FJv1Dr5YFGXUwACQAA</VsDebuggerCausalityData><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="uuid-c243958e-b070-4ac7-b497-9f668427eeb9-2"><u:Created>2013-05-08T17:03:14.129Z</u:Created><u:Expires>2013-05-08T17:08:14.129Z</u:Expires></u:Timestamp><o:BinarySecurityToken u:Id="uuid-2e5edef4-96b6-4747-83ad-f8b5a34d1ada-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIICdDCCAd2gAwIBAgICAKAwDQYJKoZIhvcNAQEFBQAwNjEPMA0GA1UEChMGZU1lZE5ZMSMwIQYDVQQLExpyUHJkIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMzA0MjUwNDAwMDBaFw0xMzEwMjcwMzU5NTlaMGAxDzANBgNVBAoTBmVNZWROWTEUMBIGA1UECxMLZU1lZE5ZLVBST0QxDzANBgNVBAsTBmVQYWNlczEVMBMGA1UECxMMZVBhY2VzIENlcnRzMQ8wDQYDVQQDEwZMTVdBUkQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMpROhDrjVWpMP7ndrN0cfwx+ybZcxzivQRKSkb83qKygBd0JGNnJNqDXuvpa7vNeblow2r63fcb13d6/2G/O0kpCqWF5nWgcz0WZq/7g6/FJDPQtw5DxOOxDak4w0LLC5aaNz2Vg3b6rFDm3lEWylPgPIYaYjzoc2uw88rU7GlAgMBAAGjZzBlMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUBKcUY1dWVpVjxJgjPaBKju8ECygwHwYDVR0jBBgwFoAUwbo3tXRFck0wN5g2DPS+/+xVHnQwDQYJKoZIhvcNAQEFBQADgYEAVM2h6nrG126nJcB6vXEWT3P+xSaebna80Op0IG12gXLgSlKpf7+wtf2cJFf0cYvQahkzAQ6CgWlKb8kN9Ha6QjjfZ0Bn60ITLIaVMcekv5n7iw2swo74bXQsSRPbhE+BcItW4Yn4xyjTtTZwfCTJ5uGrzDEZ24vCq+fnqEQ/Zsw=</o:BinarySecurityToken><e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/></e:EncryptionMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">s60iHpMc/Jz2F4lt/lHnLVtZco0=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>D0/XsfSrILBA+a9jtVL37KeUXsmwcvRergv4i3NLH/qDscT5dXwYChH7AIDknDdelX2TCNIUs/7o5ocxeFGxC7rJjnp2GtLOO0tlxTGEWag4o9r2FN70c+an/IE6iUoflbh6x9zSqDb96umdlA+Gm4dmPXfgnvAgIa0zYWUzbGc=</e:CipherValue></e:CipherData></e:EncryptedKey><e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference URI="#_0"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>umLj87/klTbODCR8FoVQPTQyLX9qaxjntdS/X1hnStPS+6tfEVszcq4R7nbrVK2s6BMAJbLnkwoEq4HnzGZnX6O5gZx+qbNHrC7mWlUwDBNKzyhvPWNMuZvabmwL78J1WGUQnJiqZkH+2+xZBrQJb+Zxrvqb7Wuh4HM2qtkrsDw6IeESJeUDI65GsKoOZ7xo2ZTMuZiZguzwnf2FQD+Cl9QC5Yo+65b1lRLk9c3aO8NF/0Wz2PlMoAsSR7ZLeJ8Xih6EgBEReBNy3+5qZVQ04nwj7wz1FZCS07DhtzBm12/j7j7rcRjHSqr0jsrHXmylOQckVscmERIzZb55Fm8LjwrNwep9AfypRH0PoNcaD/5p6xvQJ47vrmv0rI3EhSSgjOqIW+zVyhLCmQol7TIWWyNDq+NgpncVfRiB1DZwVL3K0B5yu6tUW8TClKqmyixhGv2wlrMTHqzUCqLC/yRzEDiVv2vo9OAHH8JN73XUBNcLOtHA7QnmbLjWossAneWPz87Gc6A4wgRladYmStF5m1Xkvf9i74cnVxt5rkS/j60le0gzTG2peaHHM1tER7CPOJ2g0J2SD3IEVodSIlIVJUrvrUFlK9ecnkuzBAkibLE=</e:CipherValue></e:CipherData></e:EncryptedData><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#_2"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>K1qv844EwEblAlCWhHawmb6e+bs=</DigestValue></Reference><Reference URI="#uuid-c243958e-b070-4ac7-b497-9f668427eeb9-2"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>r2UzWw+3KEDWAsVXLHLmf2YA5ko=</DigestValue></Reference><Reference URI="#_3"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Ms0q9H5QH1nivP6dQxnK2UlGRKA=</DigestValue></Reference></SignedInfo><SignatureValue>RpDTrOnKDGgQq7YkgHezbUs/wCn4VcNI9HgxA2UloVGOXVayeTK1dDSd4gSV1HzNX6489GSeoklbzYpk9LaK3iOqmsYk0KlZYyqeouJQsgbpcRGlTM7DoZBzcaW8jHDJc1SrQ3hRkDPmlpC43n1g7u1A/SqrmZl4eZ9pS33J9Dg=</SignatureValue><KeyInfo><o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-2e5edef4-96b6-4747-83ad-f8b5a34d1ada-6"/></o:SecurityTokenReference></KeyInfo></Signature><e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:DataReference URI="#_1"/><e:DataReference URI="#_3"/></e:ReferenceList></o:Security></s:Header><s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:Reference URI="#_0"></o:Reference></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>cfq/LuMxQ61OkYiniV7HSHqz+mpejSSU2qnfLw7Gv1AyOVzlgGbgotp+BSPKNeFEwlS65bOuedaGvx3bq0pZE0XgTnC/YpbM/zNAK/2lnmICxnD4MtVglDd4MiutIsQvdNxp2gPxBaOulL5c2eI59B5FGac8M/oP/LJq9ugIyGrAI+vxhjR4X4kHBePgAkkq3l8f4OIcxwrEwGKmOFHrjyBQP8AvSsBaTjMRKuKHNkZ8ssy/ZdwBVpQcQxVNKw+YWfhHEZ9+5Dt4P1KdqrPdXTvxVYJJHNxtLYzIcXRhPx7gwyxBUywEAjK0ZRrlFkTwml1iuv5gYstVbY6NvSO6AclEEfm6htOy0qyONg9YsYv6lq2W6eBwrd577Lv7HH82oVX4cfes0eIYF0FEDJuw3RGOEfRsnlidrm8jSMHX143uCeldwBBMATJ6Aa5IrOVjr/L5VZJf3Ox/ccBxSPTLY2EwSvdxoKjTixjYmF6U550neofs89fqW/L82/Tm8hnagFBlAzAVGPho5G/mROcyTe5hdqjVnnNOLzlq4p6hTRRvuZ2cYQ8mcEJLU9ebSeNV+HFmcbM1Hf05o0nypKjcYmtvKYp45BswxG1JlCfT9ryO1i93l+NakWGNOwKngixKb/aCSGjfB1TpUGl74iQcWs9IXg8QCc6xEQEwuQkK8YxT76S5PpOu83G4/jpC0AnUkQqHzAE7GjGHFTedIpuX0s/92qS9wfkaFh1oEdIMh+iYKHoL8tBTPjtYoJp9cutA7pmVNG+o4NuQV6SaKtwoy1VdOjHK3BolfaUoFHvO9X0e9KKSgJuWU2VhUr7zZlTX5MLPk09+1eOSpfV3CW1NMfknRIL2BLY6gC9XQJNBPR5HfHsdZ2NnT2in0oeez4Azy6ftIo5RHgv9KniA9KVohdeMG7IHQAiQ8OfKrGMLzc0SHN8+a1am+w4Va4fv6BUu3bpozy1vqpUpktPoDAyZP99PfoLV2r9F2KWS+UW+pNEPYL4+HGNXBusqcG5yxqKEBk5/fmv/2/Kdqab5GYs9RYABXAafcZuUfvqob3NR4QxEmeeI3OmNOQgMJdx2M/zerLpjrkPwaJWlnEjdBUBQXN57EzRocUoYE7WEpoda0IQpugqYbr7czeaYEw4FhPjbL0EtNPO0d6qjl81/yYT1mAlkzr3QzbOGElbPheq/Td/dA+4w8o+Qe10q50dWn4opXDDXeaCIMyB8D9OHRlFvfnLa7sxOimn7lkxHSwOkvGFqI6ajhqBg9k9WkkPy0a2h</e:CipherValue></e:CipherData></e:EncryptedData></s:Body></s:Envelope>

    Thank you

    I thought the binding would be good to generate a usernametoken

     UserNameSecurityTokenParameters tokenParameters = new
                      UserNameSecurityTokenParameters();
                    tokenParameters.InclusionMode =
                      SecurityTokenInclusionMode.AlwaysToRecipient;
                    tokenParameters.RequireDerivedKeys = false;
                    sec.EndpointSupportingTokenParameters.SignedEncrypted.Add(
                      tokenParameters);
     sec.MessageSecurityVersion =
                    MessageSecurityVersion.
                        WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
                sec.IncludeTimestamp = true;
                sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
    
                b.Elements.Add(sec);



    Wednesday, May 8, 2013 1:11 PM