Reputation: 3597
Web Service Custom Binding - sign SOAP header and message, but don't encrypt
I am trying to figure out how to call a Java Web Service (blackbox) from .NET which expects each request to be signed with a certificate (which is no problem).
I don't get it. Whatever I try, it fails. After spending hours with researching and testing I think the right way should be to use a customBinding instead of a basicHttpBinding. What I want to achieve is to sign the header as well as the message body.
By using authentication mode CertificateOverTransport only the SOAP header is signed, not the body. By using authentication mode MutualCertificate everything is signed and encrypted.
Do I have any chance to disable the encryption of the whole message?
Upvotes: 4
Views: 1504
Answers (1)
Reputation: 3597
I got it.
Binding:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="FFB">
<context protectionLevel="Sign" />
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificateDuplex" includeTimestamp="true" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
And additionally:
service.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
Upvotes: 3
Related Questions
- Manually sign SOAP message Java
- How to encrypt SOAP messages manually?
- Creating Signed SOAP Message as a String with C#
- How to use keystore.jks to sign and encrypt a SOAP message
- Sign and Encrypt SOAP Messages with Apache CXF
- How can i sign soap headers in WCF client
- Signing SOAP messages using WSS4J
- How to sign custom Soap Header?
- encrypting soap in .net
- Specify parts of the header that have to be signed and/or encrypted in WCF with binding that support standards