none
Manually Sign SOAP Message RRS feed

  • Question

  •  

    I'm trying to find away to sign a SOAP 1.1 message with a X.509 certificate. I have the Message and the certificate but can't find any classes or methods that will create the security header. I want to do this so I can serialise the signed message to a file or database.

    I have created a WCF client which does this over Http which does what I need correctly. But this is not what I need.

     

    Could anyone help ?

     

     

     

     

    Wednesday, February 27, 2008 10:31 PM

All replies

  • Hi,

     

    Do you need to sign a complete SOAP message  with all the WS-* headers, or a xml message is just ok ?. If you need to sign a xml message, .NET 2.0 comes with a XML signature implementation under the namespace System.Security.Cryptography.Xml.

     

    If what you need is a complete SOAP message with the WS-Security headers, that's more complicated since WCF was designed as messaging plataform (Securing an endpoint is only a part of the whole system). WCF requires at least two endpoints (the client, and the service), so a workaround could be to use the NullTransport created by Roman Kiss, http://www.codeproject.com/KB/WCF/NullTransportForWCF.aspx

    You can run everything on the same machine with that transport, and configure a message inspector on the destination endpoint to get the whole secured message.

     

    Regards,

    Pablo.

    Thursday, February 28, 2008 12:29 PM