Hello,
We are trying to authenticate the WCF request using Digital Certificate. This WCF service is actually a built through Biztalk WCF Adapter and hosted in IIS with wsHttpBinding. We are trying to implement message security and one of the feature requirement is to use certificates to authenticate.
We are using SignedXml to check the header of the message and then validate the signature but it throws an exception - SignatureDescription could not be created for the signature algorithm supplied.
Below is the code to validate the certificate -
public static Boolean ValidateSOAPSignature(XmlDocument securitySOAPHeader, X509Certificate2 certificate, Boolean verifySignatureOnly)
{
bool res=false;
SignedXml signedXml = new SignedXml(securitySOAPHeader);
XmlNodeList nodeList = securitySOAPHeader.GetElementsByTagName("Signature");
if ((nodeList != null) && (nodeList.Count > 0))
{
XmlElement signature = (XmlElement)nodeList[0];
signedXml.LoadXml((XmlElement)nodeList[0]);
try
{
res = signedXml.CheckSignature(certificate, verifySignatureOnly);
}
catch (Exception ex)
{
string str = ex.Message;
}
return res;
}
return false;
}
We get exception at "signedXml.CheckSignature(..)" method.
This is the XML header we get when digging into the WCF message -
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<u:Timestamp u:Id="_0" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<u:Created>2010-08-25T10:28:55.333Z</u:Created>
<u:Expires>2010-08-25T10:33:55.333Z</u:Expires>
</u:Timestamp>
<c:SecurityContextToken u:Id="uuid-a51e050a-6a95-4d63-9bb5-4b2371aed913-3" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<c:Identifier>urn:uuid:9e681b89-e727-4ffb-9c5f-3c2f9288e739</c:Identifier>
</c:SecurityContextToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>tuIW5sOj8j7Rq9jj8NBv9bygzgc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>wy7hMZ/CuD0ETfpDtT5ZB68QQtw=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-a51e050a-6a95-4d63-9bb5-4b2371aed913-3" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
The code above works perfectly fine with basicHttpBinding but with wsHttpBinding, we get the above exception.
Any pointers/ideas/link would really be appreciated. We have been trying to fix this for 3 days but still not able to.
Thanks in advance, -Rupreet