Windows Vista Forums
Vista Forums Home Join Vista Forums Donate Vista Tutorials Tags

Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
Register at Vista forums...the world biggest Windows Vista resource Join Vista Forums Now

Go Back   Vista Forums > Microsoft Technical Newsgroups > Indigo

How to sign custom SOAP header?

 
 
Thread Tools Display Modes
Old 12-07-2006   #1 (permalink)
Andrew Slivker
Guest


 

How to sign custom SOAP header?

I would like to write an intermediary that injects and signes its custom
SOAP header with its own certificate. With WSE we could do that becuase WSE
provides lower level API-s to create new security headers (if we need)
assign new actors to it and inject into this header whatever we want (for
example signature generated for a new custom header). WCF does not seem to
allow even to create custom headers programmatically on a run time not to
mention to sign it (or encrypt). Interestingly enough using WSE 2.0 we could
ask it to sign custom header(s) even declaratively (using policy cache file
expressed in WS-Policy format). With WCF I do not even know how I can do it
programmaticlly. Any comments, suggestions? Am I missing something in WCF
model?

Thank you,
Andrew



Old 12-12-2006   #2 (permalink)
Sidd Shenoy - MSFT
Guest


 

RE: How to sign custom SOAP header?

Hi Andrew,

Do you really want an intermediary to sign and/or encrypt custom headers, or
have it done from the client itself?

While in WSE it was possible to write an intermediary and have it create a
new security header (with a new actor), this is unfortunately not possible in
WCF since processing multiple security headers is not supported. However, it
is possible have an intermediary act as a forwarder of soap messages (by not
adding anything).

If your client wanted to sign and/or encrypt custom soap headers, WCF
actually offers a fairly simple way to do so, by using a MessageContract

[MessageContract]
public class CustomType
{
[MessageHeader(ProtectionLevel = ProtectionLevel.Sign)]
string name;

[MessageHeader(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
string secret;

....
}

and then using it in your ServiceContract by having:

void HelloWorld(CustomType data);

WCF will automatically sign the first header, and sign+encrypt the second
header for you depending on the authentication mode that is chosen.

Does the above suffice? If not, then I'd love to learn more about your
scenario.

Thanks,
Sidd - MSFT

"Andrew Slivker" wrote:

> I would like to write an intermediary that injects and signes its custom
> SOAP header with its own certificate. With WSE we could do that becuase WSE
> provides lower level API-s to create new security headers (if we need)
> assign new actors to it and inject into this header whatever we want (for
> example signature generated for a new custom header). WCF does not seem to
> allow even to create custom headers programmatically on a run time not to
> mention to sign it (or encrypt). Interestingly enough using WSE 2.0 we could
> ask it to sign custom header(s) even declaratively (using policy cache file
> expressed in WS-Policy format). With WCF I do not even know how I can do it
> programmaticlly. Any comments, suggestions? Am I missing something in WCF
> model?
>
> Thank you,
> Andrew
>
>
>
>

Old 12-13-2006   #3 (permalink)
Andrew Slivker
Guest


 

Re: How to sign custom SOAP header?

Hi Sidd,



We are developing Web Services management infrastructures including "smart"
intermediaries. Until WCF (using WSE 2.0 and WSE 3.0) everything was fine
and clear. With WCF (even though we like a lot about it) we have more
questions then answers mostly because there are no lower level APIs anymore
to manipulate SOAP messages. (ex: inject new security headers with different
actors, or make technology stack to do some work for you, for ex in WSE we
could call ProcessMessage on a standalone Pipeline instance that is given a
SoapEnvelope message). A simple example when you would want to be able to do
it can be found in the article published a while ago in MSDN:

http://msdn.microsoft.com/webservice...resoapnode.asp.

I am sure you are familiar both with the article and his author, William Tay
(aka "Softwaremaker"). This article presents just a tip of an iceberg in Web
Services Management space when it comes to implementations based on .NET
platform. I would love to continue our discussion and take it offline. I
would appreciate if you contact me via my email directly.





Thank you,

Andrew Slivker



"Sidd Shenoy - MSFT" <Sidd Shenoy - MSFT@discussions.microsoft.com> wrote in
message news:B6C03606-B6E1-4A27-845A-9130F77430E7@microsoft.com...
> Hi Andrew,
>
> Do you really want an intermediary to sign and/or encrypt custom headers,
> or
> have it done from the client itself?
>
> While in WSE it was possible to write an intermediary and have it create a
> new security header (with a new actor), this is unfortunately not possible
> in
> WCF since processing multiple security headers is not supported. However,
> it
> is possible have an intermediary act as a forwarder of soap messages (by
> not
> adding anything).
>
> If your client wanted to sign and/or encrypt custom soap headers, WCF
> actually offers a fairly simple way to do so, by using a MessageContract
>
> [MessageContract]
> public class CustomType
> {
> [MessageHeader(ProtectionLevel = ProtectionLevel.Sign)]
> string name;
>
> [MessageHeader(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
> string secret;
>
> ....
> }
>
> and then using it in your ServiceContract by having:
>
> void HelloWorld(CustomType data);
>
> WCF will automatically sign the first header, and sign+encrypt the second
> header for you depending on the authentication mode that is chosen.
>
> Does the above suffice? If not, then I'd love to learn more about your
> scenario.
>
> Thanks,
> Sidd - MSFT
>
> "Andrew Slivker" wrote:
>
>> I would like to write an intermediary that injects and signes its custom
>> SOAP header with its own certificate. With WSE we could do that becuase
>> WSE
>> provides lower level API-s to create new security headers (if we need)
>> assign new actors to it and inject into this header whatever we want (for
>> example signature generated for a new custom header). WCF does not seem
>> to
>> allow even to create custom headers programmatically on a run time not to
>> mention to sign it (or encrypt). Interestingly enough using WSE 2.0 we
>> could
>> ask it to sign custom header(s) even declaratively (using policy cache
>> file
>> expressed in WS-Policy format). With WCF I do not even know how I can do
>> it
>> programmaticlly. Any comments, suggestions? Am I missing something in WCF
>> model?
>>
>> Thank you,
>> Andrew
>>
>>
>>
>>



 

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
types.custom.ps1xml for custom members hasten PowerShell 0 02-25-2008 08:30 PM
SOAP webclient Neil Chambers PowerShell 5 10-11-2007 04:40 AM
Custom Dependency Property in custom class hierarchy not workingcorrectly?! MueMeister Avalon 0 03-02-2006 06:19 PM








Vistax64.com is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media 2005-2008

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50