Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> Visual Studio Orcas >> Windows Communication Foundation (Indigo)

Missing Signature in SOAP Messages!

Hi!

We are trying to realize message-based security with WCF June CTP. We get the messages encrypted but not signed (see SOAP-message below)! We also tried the "Message Security Sample" from the June CTP documentation and got similar results. There was never a <Signature> element in the SOAP header of a message... What are we doing wrong? We also attached our web.config (Service), app.colnfig (Client) and the client code... We appreciate your help!

Thanks,
Frederic

SOAP message example:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-e96509c1-c418-45da-8f83-b37892087c28-1">
<u:Created>2006-07-20T16:48:18.975Z</u:Created>
<u:Expires>2006-07-20T16:53:18.975Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken></o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"></DigestMethod>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=Root Agency</X509IssuerName>
<X509SerialNumber>131058356848670871637284859017179334839</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>...Data=</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"></e:DataReference>
<e:DataReference URI="#_3"></e:DataReference>
</e:ReferenceList>
</e:EncryptedKey>
<e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
<e:CipherData>
<e:CipherValue>...Data...=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
<To s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://kim-v-ag23-pf.kim.net/PersonService/PersonService.asmx</To>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://schemas.kim.uni-karlsruhe.de/2005/06/services/cruds/GetServiceCard</Action>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod>
<e:CipherData>
<e:CipherValue>....Data...==</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>

web.config

<?xml version="1.0"?>
<configuration>
<!--="http://schemas.microsoft.com/.NetConfiguration/v2.0"> -->
<system.web>
<compilation debug="true">
<buildProviders>
<remove extension=".asmx"/>
<add extension=".asmx" type="System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</buildProviders>
</compilation>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="PersonServiceBehavior" name="Repository.KIM.Basisdienste.PersonService.PersonService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="PersonWSSecurityBinding"
contract="PersonServiceSoap">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PersonServiceBehavior">
<serviceMetadata externalMetadataLocation="http://localhost/PersonService/PersonService.wsdl"
httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="WSE2QuickStartServer" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="PersonWSSecurityBinding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtTransportLevel="true" logMessagesAtServiceLevel="false"></messageLogging>
</diagnostics>
</system.serviceModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="c:\temp\messages.svclog" traceOutputOptions="Callstack" />
</listeners>
</source>
</sources>
</system.diagnostics>
</configuration>


app.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="PersonServiceSecureSoap">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/PersonService/PersonService.asmx"
behaviorConfiguration="PersonServiceSecureSoap" binding="basicHttpBinding"
bindingConfiguration="PersonServiceSecureSoap" contract="WCFPersonClient.WCFPersonService.PersonServiceSoap"
name="PersonServiceSecureSoap" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="PersonServiceSecureSoap">
<clientCredentials>
<clientCertificate findValue="WSE2QuickStartClient" storeLocation="CurrentUser"
storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="WSE2QuickStartServer" storeLocation="CurrentUser"
storeName="My" x509FindType="FindBySubjectName" />
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

Client code:

System.ServiceModel.EndpointAddress adr = new System.ServiceModel.EndpointAddress(new Uri("http://localhost/PersonService/PersonService.asmx"), System.ServiceModel.EndpointIdentity.CreateDnsIdentity("WSE2QuickStartServer"), new System.ServiceModel.Channels.AddressHeaderCollection());

WCFPersonService.PersonServiceSoapClient ws = new WCFPersonClient.WCFPersonService.PersonServiceSoapClient("PersonServiceSecureSoap", adr);

Console.WriteLine(ws.GetServiceCard().Title);

Console.ReadLine();

[14282 byte] By [FredericMajer] at [2007-12-22]
«« Maintaining Scrollback Position in Gridview
»» Setting Focus on GridView and Maintaining ScrollPosition
# 1

Our default message protection order is now SignAndEncryptAndEncryptSignature. So the xenc:EncryptedData block you see in the wsse:SecurityHeader is the encrypted signature.

Gudge

Gudge at 2007-8-30 > top of Msdn Tech,Visual Studio Orcas,Windows Communication Foundation (Indigo)...
# 2

Gudge,

Thank you very, very much for your quick reply! Your hint helped us a lot!.:-)

Due to interoperability reasons, we need not have our messages just to be "SignAndEncrypt". Could you please be so kind and let us know where this can be configured? Many thanks in advance!

Patrick

PatrickFreudenstein at 2007-8-30 > top of Msdn Tech,Visual Studio Orcas,Windows Communication Foundation (Indigo)...
Visual Studio Orcas
Windows Communication Foundation (Indigo)

Visual Studio Orcas Hot Topic

Visual Studio Orcas New Topic

Visual Studio Orcas

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified