Hi Forum,
My question is what WCF binding I should be using for following situation:
Client should not add any WS-Security header, no message integrity, transport is Http or optionally Https.
Server provides message integrity by signing the body. No encryption is done. The security token is X509.
The service is written in Java, using wss4j and I am trying to build a compatible .NET client for this.
I tried using the AnonymousForCertificate binding element which states the client being anonymous and the service authenticated using an X509 certificate. So I'd guess this is the correct binding to start from, yet at runtime WCF is trying to add a wrapped encrypted key in the WS-Security header of the outgoing message which is not what I want, I want no WS-Security header at all from client to service, only let the client validate the incoming WS-Security header.
Is there any binding that suits my needs? Or some configuration I am missing in the SymmetricBindingElement created by the AnonymousForCertificate call...
Best regards,
W.