sign message using wse and .net

mkarthik415
mkarthik415 used Ask the Experts™
on
Hi

I am creating a client application(in .net) to invoke a service. how to sign a message without encrypting using wse(web service enhancements) during request from client side. Could any one please post the related articles or policy files for the above?

Thank You



Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
kaufmedGlanced up at my screen and thought I had coded the Matrix...  Turns out, I just fell asleep on the keyboard.
Most Valuable Expert 2011
Top Expert 2015

Commented:
Which version of WSE are you using?

Author

Commented:
wse 3.0
Glanced up at my screen and thought I had coded the Matrix...  Turns out, I just fell asleep on the keyboard.
Most Valuable Expert 2011
Top Expert 2015
Commented:
I can't guarantee this will work since we are using 2.0, but you might try this code that we found from MS. You'll have to adapt it because the classes WebServicesClientProtocol and X509* are a part of the 2.0 library. Perhaps they carried it over, though.

The method GetSecurityToken is one that I made that iterates over the cert store looking for the cert. There's probably a cleaner way to do it, but I haven't had the time to go back and examine it.

The id parameter is the element in your header that will be signed.

I wish I could give you a sure-fire solution, but WSE has been dropped like a hot rock in favor of WCF. We had a ***** of a time trying to find information on WSE 2.0 two years ago. WSE 3.0 didn't seem to be very plentiful in the information department either.

private void Sign(WebServicesClientProtocol proxyObject, String id)
{
    //Calls the function GetSigningToken to retrieve the X509SecurityToken from the store
    MessageSignature sig;
    X509SecurityToken token = GetSecurityToken();
    SignatureReference soapRef = new SignatureReference("#" + id);

    soapRef.AddTransform(new Microsoft.Web.Services2.Security.Xml.XmlDsigExcC14NTransform());

    //Adds the X509SecurityToken to the soap header
    proxyObject.RequestSoapContext.Security.Tokens.Add(token);

    //Creates a MessageSignature object from the X509SecurityToken
    sig = new MessageSignature(token);

    //Clears the elements to be signed
    sig.SignatureOptions = SignatureOptions.IncludeNone;

    //Adds the soap body to the list of elements to be signed
    sig.SignatureOptions = SignatureOptions.IncludeSoapBody;

    //Adds the header to the list of elements to be signed
    sig.AddReference(soapRef);

    //Adds the MessageSignature to the soap header
    proxyObject.RequestSoapContext.Security.Elements.Add(sig);

}

private X509SecurityToken GetSecurityToken()
{
    X509CertificateStore certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);

    if (!certStore.OpenRead())
    {
        return null;
    }

    foreach (X509Certificate cert in certStore.Certificates)
    {
        if (cert.FriendlyDisplayName.ToLower() == "friendly_name_of_cert_as_seen_in_cert_store")
        {
            return new X509SecurityToken(cert);
        }
    }

    return null;
}

Open in new window

Author

Commented:
is it possible to sign request message without encrypting using config or policy ?

Thank You
kaufmedGlanced up at my screen and thought I had coded the Matrix...  Turns out, I just fell asleep on the keyboard.
Most Valuable Expert 2011
Top Expert 2015

Commented:
I never did figure out how to do it with the config file. The above is the only experience I have with it. And it is with regard to WSE 2.0.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial