If a general error occurs at my service endpoint, the failure response is undesirable and unexpectedly encrypted.
I created a custom binding endpoint for compatibility reasons with the java spring framework, configured with transport security with a signature only over soap 1.1.
<service behaviorConfiguration="MyProject.WebServices.MyServiceBehavior"
name="MyProject.WebServices.Protected">
<endpoint address="" binding="customBinding" bindingConfiguration="mySoap11"
contract="MyProject.WebServices.IMyService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
<behavior name="MyProject.WebServices.MyServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication revocationMode="NoCheck" trustedStoreLocation="LocalMachine"
certificateValidationMode="PeerOrChainTrust"/>
</clientCertificate>
<serviceCertificate findValue="aa bb cc dd ee ..."
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindByThumbprint"/>
</serviceCredentials>
</behavior>
<customBinding>
<binding name="mySoap11">
<textMessageEncoding messageVersion="Soap11" />
<security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificate"
requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="false"
messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="false" requireSignatureConfirmation="false">
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
<secureConversationBootstrap />
</security>
<httpTransport>
<extendedProtectionPolicy policyEnforcement="Never" />
</httpTransport>
</binding>
</customBinding>
There are two waiver contracts that enter into operation contracts. The first is for general failures, and the second is using the corporate library authentication failure agreement. The service contract attribute and the operation opposite to the two errors are issued as
[ValidationBehavior()]
[ServiceContract(Namespace = "http://namespace", ProtectionLevel=ProtectionLevel.Sign)]
public interface IMyService
{
[OperationContract]
[FaultContract(typeof(ValidationFault), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
[FaultContract(typeof(MyFaultContract), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
MyTypeOfContractResponse Method(MyTypeOfContractRequest request);
}
[MessageContract(IsWrapped = false)]
public class MyTypeOfContractResponse
{
[MessageBodyMember]
public bool Success { get; set; }
}
[MessageContract(IsWrapped = true, ProtectionLevel=ProtectionLevel.Sign)]
[HasSelfValidation]
public class MyTypeOfContractRequest
{
[MessageBodyMember(Order = 0)]
public bool MyValue { get; set; }
[SelfValidation]
public void DoValidate(ValidationResults results)
{
...
}
}
etc.
, , . WCF, , .
<s:Body u:Id="_1">
<Success xmlns="http://namespace">true</Success>
</s:Body>
, , , throw new Exception(); ; , ; , ,
<s:Body u:Id="_2">
<e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference URI="#_0"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>+7Zs7rMkF...</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
?