tags:

views:

272

answers:

1
Q: 

WCF custom message security

Hello! I need to use polling technique to notify clients about changes in server-side. So I tried to use DuplexHttpBinding (http://code.msdn.microsoft.com/duplexhttp). I works fine with non-secured messages, but I need to use message-level security in my project (UsernameForCertificate). Ok, I decided to add SymmetricSecurityBindingElement to binding collection:

 var securityElement = SecurityBindingElement.CreateUserNameForCertificateBindingElement();
collection.Add(securityElement);

And then problem happened. If we use message-level security all messages include security-headers with message signature, like this:

<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://www.w3.org/2003/05/soap-envelope"&gt;
....
</o:Security>

And custom polling messages which are send by custom request channel has no security headers, so exception occurs while sending this message through the channel with message-level security:

System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
No signature message parts were specified for messages with the 'http://samples.microsoft.com/duplexhttp/pollingAction' action.

Please, advice workaround how to add proper security headers to my custom polling messages before sending them inside custom request channel. You can download source code by the link posted before and simply try to use it with UsernameForCertificate security to reproduce the issue. Thank you.

A: 

After couple of days & deep investigation I found the solution. It seems that we should modify ChannelProtectionRequirements when creation custom Channel Facroty & Channel Listener to add encryption & signature parts to our custom messages. Here is the sample:

 private static void ApplyChannelProtectionRequirements(BindingContext context)
    {
        var cpr = context.BindingParameters.Find<ChannelProtectionRequirements>();
        if (cpr != null)
        {
            XmlQualifiedName qName = new XmlQualifiedName("customHeader", "namespace");
            MessagePartSpecification part = new MessagePartSpecification(qName);
            cpr.IncomingEncryptionParts.AddParts(part, "inctomingAction");
            cpr.IncomingSignatureParts.AddParts(part, "inctomingAction");
            cpr.OutgoingEncryptionParts.AddParts(part, "outgoingAction");
            cpr.OutgoingSignatureParts.AddParts(part, "outgoingAction");
        }
    }
albicelestial  2010-03-30 10:37:04

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?