Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Digital Signature for SOAP message in WCF

Tags:

c#

.net

ssl-certificate

wcf

digital-signature

I have a WCF service in 4.0.

I need to add digital signature to the SOAP response.I am not quite sure how it actually should be done. I believe the Response should look like what is shown in the link below.

https://spaces.internet2.edu/display/ISWG/Signed+SOAP+Messages

Is there any place where i can get details about this? Please advice.

like image 559
Shetty Avatar asked Feb 09 '12 14:02

Shetty

People also ask

How are SOAP messages digitally signed?

Generating a digital signature involves encrypting a message digest with a private key to create the electronic equivalent of a handwritten signature. You can use a digital signature to verify the identity of the signer and to ensure that nothing altered the SOAP message since it was signed.

What is SOAP message in WCF?

SOAP stands for simple object access protocol. In WCF the main thing is that the communication between the server and client. The communication takes place by messages with some transport layer. The main need of calling a service is to do the data transfer between the server and client.

Does WCF support SOAP?

By default, Windows Communication Foundation (WCF) makes endpoints available only to SOAP clients.

1 Answers

A message contract can indicate whether the headers and/or body of the message should be digitally signed and encrypted.

This is done by setting the System.ServiceModel.MessageContractMemberAttribute.ProtectionLevel property on the MessageHeaderAttribute and MessageBodyMemberAttribute attributes. The property is an enumeration of the System.Net.Security.ProtectionLevel type and can be set to None (no encryption or signature), Sign (digital signature only), or EncryptAndSign (both encryption and a digital signature). The default is EncryptAndSign.

For these security features to work, you must properly configure the binding and behaviors. If you use these security features without the proper configuration (for example, attempting to sign a message without supplying your credentials), an exception is thrown at validation time.

For message headers, the protection level is determined individually for each header.

For message body parts, the protection level can be thought of as the "minimum protection level." The body has only one protection level, regardless of the number of body parts. The protection level of the body is determined by the highest ProtectionLevel property setting of all the body parts. However, you should set the protection level of each body part to the actual minimum protection level required. Please see this article for more detailed examples.

like image 101
Dmitry Savy Avatar answered Sep 21 '22 14:09

Dmitry Savy
Sign in to Comment

Related questions

C# Track copied files [duplicate]
How to get information on a Buffer Overflow Exception in a mixed application?
C# Directory.Exists ipv6 version
How to ensure a method logic is executed only once per arguments combination?
Suppress about:blank in Print Output of WinForms WebBrowser
Pass string from C# to C DLL
Databinding RichTextBox.Text to a String
Debugging file handle issues in c#/.NET
DbContext throws exception on query when accessed through interface
IIS Hosted WCF Service & SQL Queries Using Windows Authentication
Array assignment Snake
How to integrate OpenStreet Map in c# winforms [closed]
Does RavenDB internally optimise "get document by id" type of queries?
ASP.NET MVC sending JSON data to a Controller Action
Checking XML for expected structure
Incorrect serialization in C# using JSON.NET
Windows Task Scheduler Installer
Outputting Class Of Stored Values To List
when is reading and writing to memory legal?
Encrypting data using RSACryptoServiceProvider has what seems to me as a bizarre feature

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!