I have an 3rd party SOAP web service. I need to make a call to one of its methods. The request needs to be signed. How can I sign the request?
How to sign a SOAP request with WCF
I assume by signing you mean that you sign the message using a certificate that is installed on the client side.
Doing this is relatively easy in WCF. Assuming you are using the wsHttpBinding in the security element you have to set the mode to SecurityMode.Message. You also have to set the clientCredentialType of the message element to MessageCredentialType.Certificate.
Then, you would have to set up a endpoint behavior and configure the clientCertificate element (which is a child of the clientCredentials element) to indicate where the client certificate is stored.
Even if you aren't using the wsHttpBinding, the configuration is pretty much the same for most of the other bindings when you want to use a client certificate to provide message-level security.
If you are making the call over HTTPS, then note that you will have to set the mode attribute on the security element to Mode.TransportWithMessageCredential.
You are correct, I am talking about signing the request with a certificate sitting on the machine making the request. –
Worlock
I was using basicHttpBinding because thats what the utility generate by default, i switched it to wsHttpBinding by just replacing it in the web.config. When I make my request I get the error: "The request was aborted: Could not create SSL/TLS secure channel." –
Worlock
@Mr Bell: You should be able to set the security mode on the basicHttpBinding as well using the same attributes. –
Heid
When I look at the raw request being made (from the trace file) it doesnt mention anything about a signature –
Worlock
The following is a question that was asked about using WCF to use the Amazon SOAP service which requires signing. I think the answer gives a great example, which might help with your situation.
How to sign an Amazon web service request in .NET with SOAP and without WSE
Edit: There was evidently some confusion about the link to this other StackOverflow question. I would like to point out the highest voted chosen answer. It is most definitely a WCF solution. You will notice the class SigningMessageInspector which inherits from IClientMessageInspector (a WCF interface). I think this section might help you.
It also doesn't do it using WCF. –
Heid
@Heid - Following Tim's link, one large answer says "I ended up updating the code to use WCF...". How is that not using WCF? –
Zelig
@Tim C: The only answer at the time you posted the link was this: #1204691 which most definitely did not have a WCF solution. –
Heid
Building on the very helpful answer from @casperOne I ended up with the following config:
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<!-- specifies the endpoint to use when calling the service -->
<endpoint address="https://SomeEndPointUrl/v1"
binding="wsHttpBinding"
behaviorConfiguration="SigningCallback"
contract="ServiceReference1.EboxMessagePortType" name="MyBindingConfig">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="SigningCallback">
<clientCredentials>
<clientCertificate findValue="*somecertsubjectname*"
storeLocation="LocalMachine"
storeName="TrustedPublisher"
x509FindType="FindBySubjectName"
/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
This for a soap client over https
© 2022 - 2024 — McMap. All rights reserved.