Specify parts of the header that have to be signed and/or encrypted in WCF with binding that support standards
https://stackoverflow.com/questions/190440
-
07-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Using Ws2007HttpBinding and securing the service, the WSDL file generated shows in the policy section that all the ws-addressing headers and the body will be signed, and that the body will be encrypted.
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
We would like to specify which headers have to be signed and/or encrypted, like it is possible in Apache rampart. For custom header or body elements, it is possible using annotations in the code, but for these elements that are added by the binding itself, is is possible?
Solution
Nevermind, after a few days I found an answer over here: http://blogs.msdn.com/drnick/archive/2007/01/19/securing-custom-headers-version-2.aspx
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
