Ted S.
Reputation: 77
WCF: Matching a specific WS-Security scheme (Signature, Encrypt, UserPass)
I'm trying to match a specific WS-Security specification from a vendor. The following works in SOAP UI, which I am now trying to recreate in C# WCF (targeting .NET 4.7.2 or 4.8):
- Username/Password element
- Timestamp: 9000ms
- Signature (cert A):
- Sign with certificate
- Prepend signature element
- Sign timestamp and username token
- Encryption (cert B):
- Create encrypted key
- Encrypt body, timestamp, and username token
Everything I've tried so far seems to encrypt everything in the WS-Security header except for the timestamp.
References followed:
SOAP UI Setup - Signature:
SOAP UI Setup - Encryption:
Upvotes: 0
Views: 492
Answers (1)
Ding Peng
Reputation: 3974
You can try to use IClientMessageInspectortor add a header to the message. In the BeforeSendRequest method, you can add a custom header to the outgoing message.Here is a demo:
public class CustomMessageInspector : IClientMessageInspector
{
public void AfterReceiveReply(ref Message reply, object correlationState)
{
return;
}
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
MessageHeader header = MessageHeader.CreateHeader("Testreply", "http://Test", "Test");
request.Headers.Add(header);
return null;
}
}
[AttributeUsage(AttributeTargets.Interface)]
public class CustContractBehaviorAttribute : Attribute, IContractBehavior
{
public void AddBindingParameters(ContractDescription contractDescription, ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
return;
}
public void ApplyClientBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, ClientRuntime clientRuntime)
{
clientRuntime.ClientMessageInspectors.Add(new CustomMessageInspector());
}
public void ApplyDispatchBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint, DispatchRuntime dispatchRuntime)
{
return;
}
public void Validate(ContractDescription contractDescription, ServiceEndpoint endpoint)
{
return;
}
}
Add CustContractBehaviorAttribute to apply it:
Upvotes: 0
Related Questions
- How to configure WCF client for WS-Security (UsernameToken + Encrypted body SOAP (no signature))
- How to make WCF Client conform to specific WS-Security - sign UsernameToken and SecurityTokenReference
- WCF WebService Security: How do I use security on a WebService?
- WCF Security Authentication with https and validation
- WCF Client for web service with WS-Security, signed headers, authentication tokens and encryption of body
- How can I control which elements are signed in a WCF SOAP request?
- How to make WCF Client conform to specific WS-Security
- Custom authentication in wcf without certificate, https, ssl and iis
- WCF configuration for SOAP plain text password authentication over SSL
- WCF Authentication