I have an 3rd party SOAP web service. I need to make a call to one of its methods. The request needs to be signed. How can I sign the request?
A:
I assume by signing you mean that you sign the message using a certificate that is installed on the client side.
Doing this is relatively easy in WCF. Assuming you are using the wsHttpBinding in the security element you have to set the mode to SecurityMode.Message. You also have to set the clientCredentialType of the message element to MessageCredentialType.Certificate.
Then, you would have to set up a endpoint behavior and configure the clientCertificate element (which is a child of the clientCredentials element) to indicate where the client certificate is stored.
Even if you aren't using the wsHttpBinding, the configuration is pretty much the same for most of the other bindings when you want to use a client certificate to provide message-level security.
If you are making the call over HTTPS, then note that you will have to set the mode attribute on the security element to Mode.TransportWithMessageCredential.
casperOne
2010-02-18 21:35:29
You are correct, I am talking about signing the request with a certificate sitting on the machine making the request.
Mr Bell
2010-02-18 22:10:31
I was using basicHttpBinding because thats what the utility generate by default, i switched it to wsHttpBinding by just replacing it in the web.config. When I make my request I get the error: "The request was aborted: Could not create SSL/TLS secure channel."
Mr Bell
2010-02-18 22:38:18
@Mr Bell: You should be able to set the security mode on the basicHttpBinding as well using the same attributes.
casperOne
2010-02-18 23:01:22
When I look at the raw request being made (from the trace file) it doesnt mention anything about a signature
Mr Bell
2010-02-19 16:53:18
+1
A:
The following is a question that was asked about using WCF to use the Amazon SOAP service which requires signing. I think the answer gives a great example, which might help with your situation.
How to sign an Amazon web service request in .NET with SOAP and without WSE
Edit: There was evidently some confusion about the link to this other StackOverflow question. I would like to point out the highest voted chosen answer. It is most definitely a WCF solution. You will notice the class SigningMessageInspector which inherits from IClientMessageInspector (a WCF interface). I think this section might help you.
Tim C
2010-02-18 21:40:25
@casperOne - Following Tim's link, one large answer says "I ended up updating the code to use WCF...". How is that not using WCF?
Ecyrb
2010-02-19 00:31:47
@Tim C: The only answer at the time you posted the link was this: http://stackoverflow.com/questions/1204191/how-to-sign-an-amazon-web-service-request-in-net-with-soap-and-without-wse/1204671#1204671 which most definitely did not have a WCF solution.
casperOne
2010-02-19 14:24:12