Geek asks and answers

How to configure WCF to only sign a TimeStamp header

I am trying to configure my WCF client to create a SOAP 1.1 request that includes WS-Addressing, WS-Security, and TLS.

Security requirements are that the message includes a username token, TimeStamp, and that TimeStamp is signed using the included BinarySecurityToken.

I used the example from the following to create a WCF client binding. I changed the example a bit (see below), so that HTTPS is used as a transport mechanism, and MessageSecurity is based on UserOverTransport.

            HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();            
        // the message security binding element will be configured to require 2 tokens:
        // 1) A username-password encrypted with the service token
        // 2) A client certificate used to sign the message

        // Instantiate a binding element that will require the username/password token in the message (encrypted with the server cert)
        TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();

        // Create supporting token parameters for the client X509 certificate.
        X509SecurityTokenParameters clientX509SupportingTokenParameters = new X509SecurityTokenParameters();
        // Specify that the supporting token is passed in message send by the client to the service
        clientX509SupportingTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
        // Turn off derived keys
        clientX509SupportingTokenParameters.RequireDerivedKeys = false;
        // Augment the binding element to require the client X509 certificate as an endorsing token in the message
        messageSecurity.EndpointSupportingTokenParameters.Endorsing.Add(clientX509SupportingTokenParameters);

        // Create a CustomBinding based on the constructed security binding element.
        return new CustomBinding(messageSecurity, httpsTransport);

The SOAP messages generated by this client are very close to the requirements of the service I call, the only problem is that wsa: To signs as well as the TimeStamp address.

, WCF ? TimeStamp.

+3
1

:

//... rest of MessageContract

[MessageHeader(ProtectionLevel = ProtectionLevel.Sign)]
string MyCustomHeader;

//... rest of MessageContract

, , , . , , , IClientMessageInspector , TimeStamp. , , .

0

More articles:


All Articles