views:

271

answers:

1

Using Ws2007HttpBinding and securing the service, the WSDL file generated shows in the policy section that all the ws-addressing headers and the body will be signed, and that the body will be encrypted.

<sp:SignedParts>
  <sp:Body /> 
  <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" /> 
</sp:SignedParts>
<sp:EncryptedParts>
  <sp:Body /> 
</sp:EncryptedParts>

We would like to specify which headers have to be signed and/or encrypted, like it is possible in Apache rampart. For custom header or body elements, it is possible using annotations in the code, but for these elements that are added by the binding itself, is is possible?

+1  A: 

Nevermind, after a few days I found an answer over here: http://blogs.msdn.com/drnick/archive/2007/01/19/securing-custom-headers-version-2.aspx

Philippe
Did this ever actually work? The WSA headers do not seem to be a part of the message Headers collection.
jrista