I need to write a client for a Web Service running in IBM Websphere. They are using WS-Security 1.0, and I have to:
– send a UsernameToken unencrypted;
– sign ONLY the body of the message using a X509 certificate;
– send the X509 Certificate used for signing unencrypted using BinarySecurityToken;
I have been able to do that in WSE 2.0 by using the following code:
QuotesService webQuotesServiceClient = new QuotesService(); SoapContext requestContext = webQuotesServiceClient.RequestSoapContext; requestContext.Security.Timestamp.TtlInSeconds = config.Timeout; // Retrieve certificate X509CertificateStore store = X509CertificateStore.LocalMachineStore(config.StoreLocation); bool open = store.OpenRead(); X509CertificateCollection certs = store.FindCertificateBySubjectString(config.CertificateName); X509Certificate cert = certs; // Add Signature Token X509SecurityToken signatureToken = new X509SecurityToken(cert); requestContext.Security.Tokens.Add(signatureToken); // Sign the message MessageSignature messageSignature = new MessageSignature(signatureToken); requestContext.Security.Elements.Add(messageSignature); // Add User Token UsernameToken userToken = new UsernameToken(config.Username, config.Password, PasswordOption.SendPlainText); requestContext.Security.Tokens.Add(userToken);
How can I do the exact same thing using WCF? I have been able to do almost exactly the same thing, but I haven’t been able to send the certificate unencrypted and sign only the message body, and haven’t found any configuration for that.
I can provide you with more information, if you need to.
Thank you very much.
Have you taken a look at this:
Yes, I did, but the example provided did not demonstrate how to achieve the same scenario that I have, just part of it. My main problem is that WCF always encrypt the certificate (thus, not send the BinarySecurityToken), or signs only the body.I have used part of this code as well:http://msdn.microsoft.com/en-us/library/ms751480.aspx Any help anyone? This is pretty advanced stuf
WCF does not allow the same customizations as WSE does. Please publish the soap envelope that WSE generates.