Web service Custom binding - sign the header and message SOAP, but not encrypt

Question

Web service Custom binding - sign the header and message SOAP, but not encrypt

I am trying to figure out how to call the Java web service (blackbox) from .NET, which expects each request to be signed with a certificate (which is not a problem).

I do not understand. No matter what I try, it fails. Having spent hours researching and testing, I believe that the right way should be to use customBinding instead of basicHttpBinding. What I want to achieve is to sign the header as well as the body of the message.

Using CertificateOverTransport authentication mode, the SOAP header is signed, not the body. Using MutualCertificate authentication mode , everything is signed and encrypted.

Do I have the option to disable encryption of the entire message?

+4

java .net web-services

asp_net Aug 25 '11 at 15:48

source share

1 answer

asp_net · Accepted Answer · 2011-08-25T16:34:39+0000

I understood.

Binding:

<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <customBinding> <binding name="FFB"> <context protectionLevel="Sign" /> <textMessageEncoding messageVersion="Soap11" /> <security authenticationMode="MutualCertificateDuplex" includeTimestamp="true" /> <httpsTransport /> </binding> </customBinding> </bindings> </system.serviceModel> </configuration>

And additionally:

 service.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;

Web service Custom binding - sign the header and message SOAP, but not encrypt

More articles: