How to sign a SOAP request with WCF

I have a third party SOAP web service. I need to call one of his methods. The request must be signed. How can I sign a request?

+4
source share
3 answers

I assume that by signature you mean that you sign the message using a certificate that is installed on the client side.

In WCF, this is relatively easy. Assuming you are using wsHttpBinding in the element that you have to set the SecurityMode.Message mode . You must also set the clientCredentialType of the message element to MessageCredentialType.Certificate .

Then you will need to configure the behavior of the endpoint and configure the clientCertificate element (which is a child of the clientCredentials element ) to indicate where the client certificate is stored.

Even if you do not use wsHttpBinding, the configuration is almost the same for most other bindings if you want to use a client certificate for message-level security.

If you are making a call through HTTPS, note that you will need to set the mode attribute in the security element to Mode.TransportWithMessageCredential.

+6
source

The following is a question on how to use WCF to use Amazon SOAP service, which requires signing. I think the answer provides a great example that can help in your situation.

How to sign an Amazon web service request in .NET with SOAP and without WSE

Edit: There was some bewilderment regarding the link to this other StackOverflow question. I would like to note the highest voice that has been selected. This is definitely a WCF solution. You will notice the SigningMessageInspector class, which inherits from IClientMessageInspector (WCF interface). I think this section may help you.

+1
source

Based on a very useful answer from @casperOne, I ended up with the following configuration:

<configuration> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" /> </startup> <system.serviceModel> <bindings> <wsHttpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="Certificate" /> </security> </binding> </wsHttpBinding> </bindings> <client> <!-- specifies the endpoint to use when calling the service --> <endpoint address="https://SomeEndPointUrl/v1" binding="wsHttpBinding" behaviorConfiguration="SigningCallback" contract="ServiceReference1.EboxMessagePortType" name="MyBindingConfig"> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="SigningCallback"> <clientCredentials> <clientCertificate findValue="*somecertsubjectname*" storeLocation="LocalMachine" storeName="TrustedPublisher" x509FindType="FindBySubjectName" /> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel> </configuration> 

This is for soap client over https

0
source

Source: https://habr.com/ru/post/912154/


All Articles