SySc0d3r
Reputation: 662
Secure SOAP request (with WSE 3.0?) C#
I need to sign and encrypt a SOAP request with a certificate to access a WS method, but i'm getting the same response all the time: "A security error was encountered when verifying the message".
I guess there's something wrong with my code rather than any other issue. Here it is:
cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(sCertificatePath, sCertificatePassword);
userToken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(sUser, sPass, Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
secureToken = new Microsoft.Web.Services3.Security.Tokens.X509SecurityToken(cert);
encDataToken = new Microsoft.Web.Services3.Security.EncryptedData(secureToken);
mSignUsernameToken = new Microsoft.Web.Services3.Security.MessageSignature(userToken);
mSignSecurityToken = new Microsoft.Web.Services3.Security.MessageSignature(secureToken);
wsVehicleInfo = new wsBusiness.VehicleInfoWSImplService();
vehData = new wsBusiness.getVehicleInfoRequest();
vehData.vehicleRegistration = "XXXXYYY";
vehData.language = "es";
requestContext = wsVehicleInfo.RequestSoapContext;
requestContext.Security.Elements.Add(encDataToken);
requestContext.Security.Tokens.Add(secureToken);
requestContext.Security.Elements.Add(mSignSecurityToken);
requestContext.Security.Timestamp.TtlInSeconds = 300;
requestContext.Security.Tokens.Add(userToken);
Is it correct? Actually I got some questions:
- I'm signing and encrypting with the same certificate issued by a CA. Don't I need to encrypt with the server's one? How can I get it?
- Does order of XML elements generated matter in the request? Which should be the code order?
- The algorithm used in the documentation to encrypt the soap body is "aes128-gcm" but I wasn't able to find it and instead using "aes128-cbc". May it cause any trouble?
- Is it recommended the usage of WSE in this case? I read this: "Instead of asymmetrically encrypting the message, WSE use an asymmetric algorithm with a public copy of the recipient's X.509 certificate to encrypt the symmetric key that was actually used to encrypt the message data.". No way to just encrypt the SOAP body from the request with the server's certificate with WSE instead of encrypting the symmetric key?
Upvotes: 1
Views: 483
Answers (0)
Related Questions
- How to secure datatransfer via soap in the request?
- Implementing WCF Service using HTTP protocol with encryption
- WCF Client for web service with WS-Security, signed headers, authentication tokens and encryption of body
- Sign SOAP using certificate (WSE)
- How can I make my WCF Client encrypt the SOAP Body of my request?
- With C#, WCF SOAP consumer that uses WSSE plain text authentication?
- How to consume a SOAP 1.1 web service with WCF and WSE Security?
- WCF - Implementing client which requires encryption of one soap:body element, how?
- WSE 3.0 + C# - Visual studio 2005
- Consuming a secure WSE2.0 / .Net 1.1 WebService using .Net 3.5 and VS 2008