tags:

views:

798

answers:

2
Q: 

How to sign custom Soap Header?

Hello

I've added a custom soap header <MyApp:FOO> element to the <soap:Header> element and the requirments states that i must sign this element , how would one do that? <MyApp:FOO> contains a number of things (username, preferences, etc) that identifies a user on higher level. I've succesfully used a policy file and now a policyClass with CertificateAssertions and SoapFilters to sign wsu:Timestamp, wsu:action, wsu:MessageId etc. But now the <MyApp:FOO> element needs to signed aswell.

What i've understood this far is that the element that needs to be signed must be indentified with a wsu:Id attribute and then transformed using xml-exc-c14n.

So, how do I specify that the soap header should be signed aswell? This is the current class that i use for signing my message.

internal class FOOClientOutFilter: SendSecurityFilter
{
X509SecurityToken clientToken;

public FOOClientOutFilter(SSEKCertificateAssertion parentAssertion)
: base(parentAssertion.ServiceActor, true)
{
// Get the client security token.
clientToken = X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=TestClientCert");

// Get the server security token.
serverToken = X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My, "CN=TestServerCert");
}

public override void SecureMessage(SoapEnvelope envelope, Security security)
{
// Sign the SOAP message with the client's security token.
security.Tokens.Add(clientToken);

security.Elements.Add(new MessageSignature(clientToken));
}
}
+2  A: 

My current version of SecureMessage seems to do the trick..

 public override void SecureMessage(SoapEnvelope envelope, Security security)
 {
  //EncryptedData data = new EncryptedData(userToken);
  SignatureReference ssekSignature = new SignatureReference();
  MessageSignature signature = new MessageSignature(clientToken);
  // encrypt custom headers

  for (int index = 0; index < envelope.Header.ChildNodes.Count; index++)
  {
   XmlElement child =
     envelope.Header.ChildNodes[index] as XmlElement;

   // find all FOO headers
   if (child != null && child.Name == "FOO")
   {
    string id = Guid.NewGuid().ToString();
    child.SetAttribute("Id", "http://docs.oasis-" +
       "open.org/wss/2004/01/oasis-200401-" +
       "wss-wssecurity-utility-1.0.xsd", id);
    signature.AddReference(new SignatureReference("#" + id));
   }
  }

  // Sign the SOAP message with the client's security token.
  security.Tokens.Add(clientToken);

  security.Elements.Add(signature);
 }
Carl-Johan  2008-09-30 10:29:55
A: 

Including supplementary articles from MSDN

How to: Add an Id Attribute to a SOAP Header

How to: Digitally Sign a Custom SOAP Header

icelava  2009-01-12 13:11:22

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?