HItesh Rana
asked on
My payload is not being encrypted for a web service call.
I'm calling a web service where I'm suppose to encrypt the data being passed over. When I look at the diagnostic file I don't see my payload being encrypted. Am I missing something in the app.config file for the encryption to occur?
Here is my app.config file:
Here is my app.config file:
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="c:\logs\messages.xml" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.serviceModel>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="CoreSoapPortBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://xxxxxxxxx/ESARWS/CORETransactionService"
binding="wsHttpBinding" bindingConfiguration="CoreSoapPortBinding"
contract="ESAR.CORETransaction" name="CoreSoapPort" behaviorConfiguration="endpointCredentialBehavior" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointCredentialBehavior">
<clientCredentials>
<clientCertificate findValue="xxxxxxxx.org"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="xxxxxxx.gov"
storeLocation="CurrentUser"
storeName="AddressBook"
x509FindType="FindBySubjectName" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
ASKER
Thank you for responding and insight into how things work. I had a co-worker who generated proxy file to wse 3.0 ( I used WCF). He was able to encrypt the data after looking at the log file. The data was encrypted. I will definitely install Wireshark tomorrow to confirm. Maybe in WCF the log file does not show the encrypted state in the log file. Thanks.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
The fact that you are using the HTTPS protocol should be enough to be sure the payload is transferred encrypted. To make sure, try to use a debug proxy tool like Telerik Fiddler or a sniffing tool like Wireshark or MS net monitor and check that the connection is indeed encrypted.