How do I use WS-Security with WCF?

Posted by Jonathan Allen on Stack Overflow See other posts from Stack Overflow or by Jonathan Allen
Published on 2010-03-16T19:19:01Z Indexed on 2010/03/16 19:21 UTC
Read the original article Hit count: 522

Filed under:

wcf

|

ws-security

|

soap

Below is the style of header I need to create. I am expected to use either a public/private key or a SSL style certificate.

I don't know for certain, but I think my counter-party is using some form of Java.

 <soap-env:Header>
   <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext">
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
       <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
         <ds:Reference URI="#secinfo">
           <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
           <ds:DigestValue>xxxxxxxxxxxxx</ds:DigestValue>
           <ds:Transforms>
             <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
               <ds:XPath>//*[@id='secinfo']/child::*/text()</ds:XPath>
             </ds:Transform>
           </ds:Transforms>
         </ds:Reference>
       </ds:SignedInfo>
       <ds:SignatureValue>xxxxxxxxxxds:SignatureValue>
       <ds:KeyInfo>
         <ds:KeyName>xxxxxxx</ds:KeyName>
       </ds:KeyInfo>
     </ds:Signature>
     <t:UsernameToken xmlns:t="http://schemas.xmlsoap.org/ws/2002/04/secext" id="secinfo">
       <t:UserInfo>USER=xxxx;CORR=xxxx;TIMESTAMP=201003161916</t:UserInfo>
     </t:UsernameToken>
   </wsse:Security>
 </soap-env:Header>

© Stack Overflow or respective owner

Related posts about wcf

Calling a WCF service from another WCF service

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi ! I have a WCF service hosted on a windows service on my Server1. It also has IIS on this machine. I call the service from a web app and it works fine. But within this service, I have to call another WCF sevice (also hosted on a windows service) located on Server2. The security credentials are… >>> More
wcf + Byte array through wcf service using MTOM

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, How to pass Byte array through wcf service using MTOM..please give me any sample >>> More
WCF 4.0 new enhancements over WCF 3.5

as seen on Stack Overflow - Search for 'Stack Overflow'
What are the new enhancements in WCF 4.0 and how easy would it be to upgrade existing WCF services to 4.0? >>> More
Reuse classes and objects for both WCF and non-WCF

as seen on Stack Overflow - Search for 'Stack Overflow'
I have several classes such as Order, Customer, etc. These classes serve for holding data and nothing more. I want to be able to reuse these classes in other projects in the future, but for some reason I don't quite understand, WCF forces me to decorate the data members with the [DataMember] attribute… >>> More
Summarizing client side asynchronous invocations in WCF/WCF Silverlight

as seen on Code Project - Search for 'Code Project'
Summarizing client side asynchronous invocations in WCF/WCF Silverlight. Introducing ServiceClient class. >>> More

Related posts about ws-security

Websphere federated repository for Active Directory

as seen on Server Fault - Search for 'Server Fault'
Hi, What I am trying to achieve is to have Websphere 6.1 use Active Directory users authentication. Websphere is running on Windows 2008 R2. What I've done already: Succesfully setup a federated repository for Windows Active Directory (LDAP); Create a realm definition for the federated repository… >>> More
WS-Security on iphone, is it possible?

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I'm new here and I'm facing a problem. I need to know if it is possible to implement the WS-Security protocol with X.509 certificates on a native iPhone application. I haven't found much information on the web, except this information from Apple about security services. I just want to ask… >>> More
How do I use WS-Security with WCF?

as seen on Stack Overflow - Search for 'Stack Overflow'
Below is the style of header I need to create. I am expected to use either a public/private key or a SSL style certificate. I don't know for certain, but I think my counter-party is using some form of Java. <soap-env:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"> … >>> More
WCF WS-Security and WSE Nonce Authentication

as seen on West-Wind - Search for 'West-Wind'
WCF makes it fairly easy to access WS-* Web Services, except when you run into a service format that it doesn't support. Even then WCF provides a huge amount of flexibility to make the service clients work, however finding the proper interfaces to make that happen is not easy to discover and for the… >>> More
wss4j: - Cannot find key for alias: monit

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I'm using axis1.4 and wss4j. When I define in client-config.wsdd for WSDoAllSender and WSDoAllReceiver different signaturePropFiles where I have different key stores defined with different certificates, I'm able to have different certificates for sending and receiving. But when I use the same signaturePropFiles'… >>> More