Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Digital Signature for SOAP message in WCF

I have a WCF service in 4.0.

I need to add digital signature to the SOAP response.I am not quite sure how it actually should be done. I believe the Response should look like what is shown in the link below.

https://spaces.internet2.edu/display/ISWG/Signed+SOAP+Messages

Is there any place where i can get details about this? Please advice.

like image 559
Shetty Avatar asked Feb 09 '12 14:02

Shetty


People also ask

How are SOAP messages digitally signed?

Generating a digital signature involves encrypting a message digest with a private key to create the electronic equivalent of a handwritten signature. You can use a digital signature to verify the identity of the signer and to ensure that nothing altered the SOAP message since it was signed.

What is SOAP message in WCF?

SOAP stands for simple object access protocol. In WCF the main thing is that the communication between the server and client. The communication takes place by messages with some transport layer. The main need of calling a service is to do the data transfer between the server and client.

Does WCF support SOAP?

By default, Windows Communication Foundation (WCF) makes endpoints available only to SOAP clients.


1 Answers

A message contract can indicate whether the headers and/or body of the message should be digitally signed and encrypted.

This is done by setting the System.ServiceModel.MessageContractMemberAttribute.ProtectionLevel property on the MessageHeaderAttribute and MessageBodyMemberAttribute attributes. The property is an enumeration of the System.Net.Security.ProtectionLevel type and can be set to None (no encryption or signature), Sign (digital signature only), or EncryptAndSign (both encryption and a digital signature). The default is EncryptAndSign.

For these security features to work, you must properly configure the binding and behaviors. If you use these security features without the proper configuration (for example, attempting to sign a message without supplying your credentials), an exception is thrown at validation time.

For message headers, the protection level is determined individually for each header.

For message body parts, the protection level can be thought of as the "minimum protection level." The body has only one protection level, regardless of the number of body parts. The protection level of the body is determined by the highest ProtectionLevel property setting of all the body parts. However, you should set the protection level of each body part to the actual minimum protection level required. Please see this article for more detailed examples.

like image 101
Dmitry Savy Avatar answered Sep 21 '22 14:09

Dmitry Savy