SOAP WCF add Signature and BinarySecurityToken to header
Asked Answered
C

1

2

I need something more, Signature must be within a Security tag inside Header tag, with a BinarySecurityToken element

Just like:

<soapenv:Header> <!-- extrac of the example file -->
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-D53CCD6983E4CE0BD7142791021078262">
        MIIDbDgg4iF74cqiF6NcnzBnD9qA2MB6hSo38e0RISilEFSzWikDqBtOjgm7ux9fdeHojDm4uvhsSfbEyGmGTAQRzg9yIiD3ovjOzuZsf+I3HWS9F6xl6sb2+wvYXD4DFk/OD+N7UszGsoWFZg
    </wsse:BinarySecurityToken>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          .....
    </ds:Signature>

I can programmatically populate xml element directly from the Client cert like this:

var cert = new X509Certificate2(ClientCertificateFilePath, ClientCertificatePassword);
        var export = cert.Export(X509ContentType.Cert, ClientCertificatePassword);
        var base64 = Convert.ToBase64String(export);

The question is how to add Signature and BinarySecurityToken to the header?

Comenius answered 13/5, 2020 at 6:0 Comment(2)
See following : #46723497Homerhomere
@Comenius - were you able to generate the correct binarysecuritytoken from the pfx file? Binary security token generated by the same code in your question is not matching with the one generated by soap UI..Nation
E
0

Manually coding a SOAP envelop to call the service might be a choice.
Here are some discussions about how to add SOAP headers.
What is the Java Apache CXF equivalent of C# WCF AddressHeader?
This commonly due to that the web service on the server-side are not WCF, therefore, we may not be able to call services through WCF.
In my opinion, the above SOAP envelop format decides the channel shape of the binding used by WCF, this might be compatible with the WCF service which authenticates the client with a certificate.

BasicHttpBinding binding = new BasicHttpBinding();
            binding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
            binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;

When the server authenticates the client with a certificate, the client uses the same binding type and provides a certificate to the server, with attaching the signature of the certificate in the SOAP envelope. Below is the Http traffic during the communicating with the server-side captured by Fiddler. their soap envelop are similar.
enter image description here
More information about authenticating the client with a certificate, please refer to the below link.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/message-security-with-a-certificate-client
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
Feel free to let me know if there is anything I can help with.

Evangelineevangelism answered 14/5, 2020 at 3:18 Comment(1)
Can you look into this question? #74404160Nation

© 2022 - 2024 — McMap. All rights reserved.