![]() |
![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
| |
| | #1 (permalink) |
| | How to sign custom SOAP header? I would like to write an intermediary that injects and signes its custom SOAP header with its own certificate. With WSE we could do that becuase WSE provides lower level API-s to create new security headers (if we need) assign new actors to it and inject into this header whatever we want (for example signature generated for a new custom header). WCF does not seem to allow even to create custom headers programmatically on a run time not to mention to sign it (or encrypt). Interestingly enough using WSE 2.0 we could ask it to sign custom header(s) even declaratively (using policy cache file expressed in WS-Policy format). With WCF I do not even know how I can do it programmaticlly. Any comments, suggestions? Am I missing something in WCF model? Thank you, Andrew |
My System Specs![]() |
| | #2 (permalink) |
| | RE: How to sign custom SOAP header? Hi Andrew, Do you really want an intermediary to sign and/or encrypt custom headers, or have it done from the client itself? While in WSE it was possible to write an intermediary and have it create a new security header (with a new actor), this is unfortunately not possible in WCF since processing multiple security headers is not supported. However, it is possible have an intermediary act as a forwarder of soap messages (by not adding anything). If your client wanted to sign and/or encrypt custom soap headers, WCF actually offers a fairly simple way to do so, by using a MessageContract [MessageContract] public class CustomType { [MessageHeader(ProtectionLevel = ProtectionLevel.Sign)] string name; [MessageHeader(ProtectionLevel = ProtectionLevel.EncryptAndSign)] string secret; .... } and then using it in your ServiceContract by having: void HelloWorld(CustomType data); WCF will automatically sign the first header, and sign+encrypt the second header for you depending on the authentication mode that is chosen. Does the above suffice? If not, then I'd love to learn more about your scenario. Thanks, Sidd - MSFT "Andrew Slivker" wrote: > I would like to write an intermediary that injects and signes its custom > SOAP header with its own certificate. With WSE we could do that becuase WSE > provides lower level API-s to create new security headers (if we need) > assign new actors to it and inject into this header whatever we want (for > example signature generated for a new custom header). WCF does not seem to > allow even to create custom headers programmatically on a run time not to > mention to sign it (or encrypt). Interestingly enough using WSE 2.0 we could > ask it to sign custom header(s) even declaratively (using policy cache file > expressed in WS-Policy format). With WCF I do not even know how I can do it > programmaticlly. Any comments, suggestions? Am I missing something in WCF > model? > > Thank you, > Andrew > > > > |
My System Specs![]() |
| | #3 (permalink) |
| | Re: How to sign custom SOAP header? Hi Sidd, We are developing Web Services management infrastructures including "smart" intermediaries. Until WCF (using WSE 2.0 and WSE 3.0) everything was fine and clear. With WCF (even though we like a lot about it) we have more questions then answers mostly because there are no lower level APIs anymore to manipulate SOAP messages. (ex: inject new security headers with different actors, or make technology stack to do some work for you, for ex in WSE we could call ProcessMessage on a standalone Pipeline instance that is given a SoapEnvelope message). A simple example when you would want to be able to do it can be found in the article published a while ago in MSDN: http://msdn.microsoft.com/webservice...resoapnode.asp. I am sure you are familiar both with the article and his author, William Tay (aka "Softwaremaker"). This article presents just a tip of an iceberg in Web Services Management space when it comes to implementations based on .NET platform. I would love to continue our discussion and take it offline. I would appreciate if you contact me via my email directly. Thank you, Andrew Slivker "Sidd Shenoy - MSFT" <Sidd Shenoy - MSFT@discussions.microsoft.com> wrote in message news:B6C03606-B6E1-4A27-845A-9130F77430E7@microsoft.com... > Hi Andrew, > > Do you really want an intermediary to sign and/or encrypt custom headers, > or > have it done from the client itself? > > While in WSE it was possible to write an intermediary and have it create a > new security header (with a new actor), this is unfortunately not possible > in > WCF since processing multiple security headers is not supported. However, > it > is possible have an intermediary act as a forwarder of soap messages (by > not > adding anything). > > If your client wanted to sign and/or encrypt custom soap headers, WCF > actually offers a fairly simple way to do so, by using a MessageContract > > [MessageContract] > public class CustomType > { > [MessageHeader(ProtectionLevel = ProtectionLevel.Sign)] > string name; > > [MessageHeader(ProtectionLevel = ProtectionLevel.EncryptAndSign)] > string secret; > > .... > } > > and then using it in your ServiceContract by having: > > void HelloWorld(CustomType data); > > WCF will automatically sign the first header, and sign+encrypt the second > header for you depending on the authentication mode that is chosen. > > Does the above suffice? If not, then I'd love to learn more about your > scenario. > > Thanks, > Sidd - MSFT > > "Andrew Slivker" wrote: > >> I would like to write an intermediary that injects and signes its custom >> SOAP header with its own certificate. With WSE we could do that becuase >> WSE >> provides lower level API-s to create new security headers (if we need) >> assign new actors to it and inject into this header whatever we want (for >> example signature generated for a new custom header). WCF does not seem >> to >> allow even to create custom headers programmatically on a run time not to >> mention to sign it (or encrypt). Interestingly enough using WSE 2.0 we >> could >> ask it to sign custom header(s) even declaratively (using policy cache >> file >> expressed in WS-Policy format). With WCF I do not even know how I can do >> it >> programmaticlly. Any comments, suggestions? Am I missing something in WCF >> model? >> >> Thank you, >> Andrew >> >> >> >> |
My System Specs![]() |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| SOAP workaround | Vista General | |||
| SOAP webclient | PowerShell | |||