Signing just a single field on SOAP message body...Looking for pointers RRS feed

  • Question

  • I am trying to communicate with a service that requires a single field in the body of the message to be signed - it will reject the message if the whole body is signed.  Does anyone have a suggestion about how to do this?  I've tried implemented a custom ContractBehavior to add my element to the list of IncomingSignatureParts, but its still not getting signed.  I've tried setting the messagebodymember protectionlevel.  also seems ignored.   Kinda frustrating that this mechanism exists if it doesn't get followed at the field level.  Another thread says its just not possible with WCF to do this.  I'm sure we're not the first ones trying to connect to this big service so someone out there must have figured this out...

                ChannelProtectionRequirements requirements = bindingParameters.Find<ChannelProtectionRequirements>();
                XmlQualifiedName qName = new XmlQualifiedName("RootElement/Payload", "");
                MessagePartSpecification part = new MessagePartSpecification(qName);
                requirements.IncomingSignatureParts.AddParts(part, "*");

    Friday, May 9, 2014 3:07 PM


All replies

  • Transmitting data over the wire in any standardized format makes it easy for a malicious user to access your valuable data should it be intercepted. Transmitting data using SOAP and XML could not only potentially compromise data, information about the internal workings of your Web service might be discovered based on the XML schema shown in the SOAP message itself. By using an appropriate encryption algorithm, this data and message structure can be fully protected. Encryption is simply the process of performing a reversible algorithm to transform sensitive data using a special key so that the data cannot be read without being unencrypted—using either a copy of the original key or a key derived from the original—depending on the type of encryption being used.

    To date, the most common forms of Internet encryption have involved using a transport-level encryption scheme such as IPSEC or SSL, which encrypt at the transport level. While certainly secure, transport-level encryption can impact performance, particularly when only a portion of the SOAP message needs to be encrypted. Also, transport-level encryption does not allow you to route a message securely using a Web service intermediary, since the message would need to be decrypted by the intermediary before being forwarded to the ultimate receiver using a new encrypted stream. Fortunately, WS-Security specifies a way to leverage functionalities of the XML Encryption protocol to encrypt only the sensitive parts of a SOAP message so that this data can remain secure until the message reaches the ultimate receiver.

    Monday, May 12, 2014 10:22 AM
  • Hi,

    Based on your description, I know that you want to sign a singe field in the body of the message.
    Then in my mind, it seems that it is not possible in WCF. We should sign the whole body or nothing of it. 

    For more information, please try to refer to the following similar thread:
    #WCF- Sign a specific field inside the body of a soap message: .

    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, May 13, 2014 9:02 AM