Hi,
I'm trying to create a client for a Web Services which requires standard, WS-I SOAP 1.1 messages, through single sided
https. SOAP must be
signed with a user certificate, which is by the way not used for https, but is for end-to-end security. In SOAP there is a header and a body, and body
only must be signed. I have the required certificates for the service.
When I try to set up my c# code, it either signs the message and uses http, or then if made for using https, then it signs and encrypts the message. Encryption is not allowed.
What would be the the right configuration to sign the body and use https?
Can I use basicHttpBinding at all, or how can it be configured for https? Or is wsHtppBinding the right one?
Where do I order the signature to be done for body only? Now the result is that each element in header is also signed.
BTW, SoapUI did the request from WSDL, and when adding the certificate, it did a valid message in no time. A copy of it is below. I should be able to create similar with WCF.
Thanks
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:cor="http://bxd.fi/CorporateFileService" xmlns:mod="http://model.bxd.fi" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-5C4E1E28B558D669F112578567926244" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIID+jCCAuK...LX7JohsbIGyK1qAh9fi8l6X1Rcu80v5inpu71E/DnjbkAZBo7vsj78zzdk7KNliBIqBcIszdJ3dEHRWSI7FspRxyiR0NDm4lpyLwFtfw=</wsse:BinarySecurityToken>
<ds:Signature Id="Signature-2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-4453191">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>bRPl0QUtVkWa9MJjidbBxVArmBA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Yk56ElRNuUbkDc3N4ahWalxKf2NiQ3aTrcLGwD2U3ycN2WRrNhPj/SBX1FAKG/PuXQAwBS5UhO4e
G6p78DaB8huhz1fE4Pw7ds2ZfBSOFsY0T9Ux6weg600S9ZGDN9RQ273xOCY6PD5cd37ZlDAjc5Tq
WP3B2eiXavtonfl5DgU=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-5C4E1E28B558D669F112578567926245">
<wsse:SecurityTokenReference wsu:Id="STRId-5C4E1E28B558D669F112578567926246" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Reference URI="#CertId-5C4E1E28B558D669F112578567926244" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-4453191" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<cor:getUserInfoin>
<mod:RequestHeader>
<mod:SenderId>1111111</mod:SenderId>
<mod:RequestId>1</mod:RequestId>
<mod:Timestamp>2009-11-03T13:18:33.000+03:00</mod:Timestamp>
<mod:Language>FI</mod:Language>
<mod:UserAgent>Petri</mod:UserAgent>
<mod:ReceiverId>2</mod:ReceiverId>
</mod:RequestHeader>
<mod:ApplicationRequest>PEFwcGxpY2F0aW9...5SW5mbz48L1NpZ25hdHVyZT48L0FwcGxpY2F0aW9uUmVxdWVzdD4=</mod:ApplicationRequest>
</cor:getUserInfoin>
</soapenv:Body>
</soapenv:Envelope>