WCF general fault is encrypted where protection level is sign only

If a general fault is raised on my service endpoint the fault response is undesirably and unexpectedly encrypted.

I have created an endpoint with a custom binding for interoperability reasons with a java spring framework set up with transport security with signature only over soap 1.1.

    <service behaviorConfiguration="MyProject.WebServices.MyServiceBehavior"
                name="MyProject.WebServices.Protected">
    <endpoint address="" binding="customBinding" bindingConfiguration="mySoap11"
                    contract="MyProject.WebServices.IMyService">
     <identity>
      <dns value="localhost" />
     </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
   </service>

   <behavior name="MyProject.WebServices.MyServiceBehavior">
     <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
     <serviceDebug includeExceptionDetailInFaults="true" />
     <serviceCredentials>
      <clientCertificate>
       <authentication revocationMode="NoCheck" trustedStoreLocation="LocalMachine"
                                            certificateValidationMode="PeerOrChainTrust"/>
      </clientCertificate>
      <serviceCertificate findValue="aa bb cc dd ee ..."
                                            storeLocation="LocalMachine"
                                            storeName="My"
                                            x509FindType="FindByThumbprint"/>
     </serviceCredentials>
    </behavior>

   <customBinding>
    <binding name="mySoap11">
     <textMessageEncoding messageVersion="Soap11" />
     <security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificate"
                        requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="false"
                        messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
                        requireSecurityContextCancellation="false" requireSignatureConfirmation="false">
      <localClientSettings detectReplays="false" />
      <localServiceSettings detectReplays="false" />
      <secureConversationBootstrap />
     </security>
     <httpTransport>
      <extendedProtectionPolicy policyEnforcement="Never" />
     </httpTransport>
    </binding>
   </customBinding>

There are two fault contracts decorating the operation contracts. The first for general faults and the second is using the enterprise library's validation fault contract. The service contract attribute and the operation contratcs two faults are decorated as

 [ValidationBehavior()]
    [ServiceContract(Namespace = "http://namespace", ProtectionLevel=ProtectionLevel.Sign)]
 public interface IMyService
    {

  [OperationContract]
        [FaultContract(typeof(ValidationFault), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
        [FaultContract(typeof(MyFaultContract), Namespace = "http://namespace", ProtectionLevel = ProtectionLevel.Sign)]
        MyTypeOfContractResponse Method(MyTypeOfContractRequest request);

 }

 //The message response contract

 [MessageContract(IsWrapped = false)]
    public class MyTypeOfContractResponse
    {
        [MessageBodyMember]
        public bool Success { get; set; }
    }

 //The message request contract

 [MessageContract(IsWrapped = true, ProtectionLevel=ProtectionLevel.Sign)]
    [HasSelfValidation]
    public class MyTypeOfContractRequest
    {
        [MessageBodyMember(Order = 0)]
        public bool MyValue { get; set; }

  [SelfValidation]
        public void DoValidate(ValidationResults results)
        {
   ...
  }

 }

and so forth...

If a good request is made the response body is normal readable signed and unencrypted. If a validation fault occurs or a WCF fault contract exception is thrown then the response is again valid, readable and with a signature only.

 <s:Body u:Id="_1">
 <Success xmlns="http://namespace"&gt;true&lt;/Success&gt;
</s:Body>

If however a general fault it thrown in the form of throw new Exception(); or an error is raised; by let's say the order of the message contracts message body members was changed; then the response body is encrypted such as

    <s:Body u:Id="_2">
  <e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"&gt;
   <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"&gt;&lt;/e:EncryptionMethod&gt;
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
    <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"&gt;
    <o:Reference URI="#_0"></o:Reference>
    </o:SecurityTokenReference>
   </KeyInfo>
   <e:CipherData>
    <e:CipherValue>+7Zs7rMkF...</e:CipherValue>
   </e:CipherData>
  </e:EncryptedData>
 </s:Body>

How would you go about preventing the unhandled responses from being encrypted?

ansaurus

tags:

views:

answers:

WCF general fault is encrypted where protection level is sign only

related questions