Geek asks and answers

How to register a WCF message with a certificate using an HTTPS transport with a client certificate

EDIT:

Finally, I determined that the IClientMessageInspector does not seem to reflect the signature of the message, so when I actually received the signature in my request, I did not know that. So now for my new, real question ...

How to configure a WCF client to present an SSL client certificate and sign a SOAP header?

var myBinding = new BasicHttpBinding();
myBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
myBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;

This will cause the header to have a signed timestamp. However, the client certificate is no longer presented, and I do not receive SSL. If I changed the second line to:

myBinding.Security.Mode = BasicHttpSecurityMode.Transport;

Then I finish SSL, but my SOAP header no longer has a signature block.

Is there a way to get the HttpWebRequest so that I can manually connect the SSL Client certificate this way?

webRequest.ClientCertificates.Add(certLoader.Load(@"c:\somecert.pfx"));

Original question

WCF, , , Forum Sentry . SSL , o: , . , . , , SSL-, , SSL, .

- , , , CustomBinding.

SSL, :

var myBinding = new BasicHttpBinding();
myBinding.Security.Mode = BasicHttpSecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var url = "https://blah.com/services/somservice";
EndpointAddress ea = new EndpointAddress(url);
var client = new SoapClient(myBinding, ea);
var certLoader = new CertificateLoader("password");
client.ClientCredentials.ClientCertificate.Certificate = certLoader.Load(@"c:\somecert.pfx");
var resp = client.somemethod(ref profile, new RequestType { version = RequestTypeVersion.Item100 });
+5
3

(, ). , , :)

: , . Google " wcf", . http- https requirevlientcertificate.

EDIT:

var c = new CustomBinding();            
MessageSecurityVersion version = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
var sec = SecurityBindingElement.CreateCertificateOverTransportBindingElement(version);
c.Elements.Add(sec);
c.Element.Add(new TextMessageEncodingBindingElement() { MessageVersion = MessageVersion.Soap11 };)
c.Elements.Add(new HttpsTransportBindingElement() { RequireClientCertificate = true });
+2

, . , , HttpsTransportBindingElement , TransportWithMessageCredential RequireClientCertificate false false. Transport true. WCF, IMO.

"" HttpsTransportBindingElement customTransportSecurityBinding "" customMessageCredentialBinding. customMessageCredentialBinding .

    var transportSecurityBinding = new BasicHttpBinding();
    transportSecurityBinding.Security.Mode = BasicHttpSecurityMode.Transport;
    transportSecurityBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
    transportSecurityBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
    var customTransportSecurityBinding = new CustomBinding(transportSecurityBinding);

    var messageCredentialBinding = new BasicHttpBinding();
    messageCredentialBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
    messageCredentialBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
    messageCredentialBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
    var customMessageCredentialBinding = new CustomBinding(messageCredentialBinding);

    // replace transport binding element from message credential binding with the transportSecurityBinding transport binding
    // which will include the cert for SSL mutual auth.
    customTransportSecurityBinding.Elements[customTransportSecurityBinding.Elements.Count - 1] = customMessageCredentialBinding.Elements[customMessageCredentialBinding.Elements.Count - 1];

var client = new SomeSoapClient(customTransportSecurityBinding, ea);
0

If someone is looking for a custom binding version of app.config for the answer above:

<bindings>
      <customBinding>
        <binding name="SignedMessageBinding">
          <security messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" /> 
          <textMessageEncoding messageVersion="Soap11" />
          <httpsTransport requireClientCertificate="true"  />
        </binding>
      </customBinding>
</bindings>
0
source

More articles:


All Articles