none
WCF client configuration - SSL + signing of body RRS feed

All replies

  • Hi,

    To protect a message body, you need apply the MessageBodyMemberAttribute to any field that will be expressed as part of the message body, and set the ProtectionLevelproperty to EncryptAndSign.

    Check " To protect a message body" part of #How to: Set the ProtectionLevel Property

    http://msdn.microsoft.com/en-gb/library/aa347791.aspx

    If it does not work, please try with a customBinding instead of wsHttpBinding or basicHttpBinding.

    A thread on similar issue #Get WCF to Sign Message Body (Soap 1.1)        

    http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b50c4b25-5bd4-403a-b344-730f53fed046/

    Hope this helps.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, April 15, 2013 9:38 AM
    Moderator
  • Hi,

    First of all, thank you for a quick response. 

    Unfortunately I need to sign the first attribute inside the body, and the signature should be contained (enveloped) inside that XML tag.

    As far as I can see, this is not possible using configuration… Or am I wrong?

    I can always use transport security, and implement message encoder to sign the XML and “insert” the signature in the correct place, but I was trying to avoid this, so that I can finally use WCF without additional coding…

    I tried with custom binding, setting ProtectionLevel, setting MutualCertificate authenticationMode etc.

    This was the last configuration, but it created the signature inside HEADER of the soap message…

    <binding name="XXX">

              <textMessageEncoding messageVersion="Soap11" />

              <security enableUnsecuredResponse="true" authenticationMode="MutualCertificate"

                requireDerivedKeys="false" securityHeaderLayout="Lax"

                keyEntropyMode="ClientEntropy" messageProtectionOrder="SignBeforeEncrypt"

                messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"

                requireSecurityContextCancellation="false" includeTimestamp="false">

                <secureConversationBootstrap securityHeaderLayout="Lax" includeTimestamp="false" />

              </security>

              <httpsTransport keepAliveEnabled="true" requireClientCertificate="false" />

            </binding>

    Any hints?

    Tnx,

    L.

    Monday, April 15, 2013 7:13 PM
  • Hi, try the solution provide by Pedro in this case.

    http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/034f71cd-408e-447c-a95c-e0cf4baa5742/

    Tuesday, April 16, 2013 5:41 AM