StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POMultiple Protection Levels does not work in WCF
primarykey
Id
3510228
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2010-08-18T08:28:17.863
FavoriteCount
1
LastActivityDate
2010-08-18T12:03:23.573
LastEditDate
LastEditorUserId
0
OwnerUserId
423735
ParentId
0
PostTypeId
1
Score
1
ViewCount
1121
LastEditorDisplayName
text
Body
I am facing a problem in the security part of WCF. The problem is: Partial encryption is not working for the message payload. It either encrypts the payload completely or keeps unencrypted the whole payload when I change the ProtectionLevel at the MessageContract and MessageBodyMember Attributes. Ie, the partial encryption does not work, where I want the root tag of the payload(Message Body Element) unencrypted and the rest, ie, the child elements of the root tag to be encrypted. This behaviour is required for the enpoint-mapping of the spring webservices, at the server. This is a Dot Net client program of Web Service developed in Java(Contract First WebService Developed in Spring WS). It uses mutual certificates for security. I am using a custom binding, of messageSecurityVersion, WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10. I am not sure if it is related to the WS-Addressing support for this binding. Here is my app.config <pre><code><?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > <section name="DISClientLibTest.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" /> </sectionGroup> </configSections> <system.diagnostics> <sources> <source name="System.ServiceModel.MessageLogging"> <listeners> <add name="messages" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\logs\messages.svclog" /> </listeners> </source> </sources> </system.diagnostics> <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="DISEndPointBehaviour"> <clientCredentials> <clientCertificate storeLocation="LocalMachine" storeName="Root" x509FindType="FindBySubjectName" findValue="d-i-s-partner"/> <serviceCertificate> <defaultCertificate storeLocation="LocalMachine" storeName="Root" x509FindType="FindBySubjectName" findValue="dis"/> <authentication certificateValidationMode="PeerOrChainTrust"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <customBinding> <binding name="DISMutualCertificateDuplexBinding">  <security authenticationMode="MutualCertificate" includeTimestamp="false" requireDerivedKeys="false" keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"/> <textMessageEncoding messageVersion="Soap11WSAddressing10"/> <httpTransport manualAddressing="false"/> </binding> </customBinding> </bindings> <client> <endpoint binding="customBinding" bindingConfiguration="DISMutualCertificateDuplexBinding" contract="DaDeskDataExchange" name="DaDeskDataExchangeSoap11_DaDeskDataExchange" address="http://192.168.0.27:8080/disweb/1.0/spring-ws/" behaviorConfiguration="DISEndPointBehaviour"> <identity> <dns value="dis"/> </identity> <headers> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-6" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Username>50001</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce> <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created> </wsse:UsernameToken> </headers> </endpoint> </client> <diagnostics> <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtTransportLevel="true" logMessagesAtServiceLevel="true"/> </diagnostics> </system.serviceModel> </configuration> </code></pre> Here is the proxy class(only the relevant part) generated by svcutil <pre><code>[System.CodeDom.Compiler.GeneratedCodeAttribute("svcutil", "4.0.30319.1")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(AnonymousType = true, Namespace = "http://www.dadesk.com/dis/schema")] // This is added for bypassing encryption [System.ServiceModel.MessageContract(ProtectionLevel = System.Net.Security.ProtectionLevel.None)] public partial class getActualInvoiceOutputRequest { // This is added for bypassing encryption [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] private string interfaceUniqueReferenceField; // This is added for bypassing encryption [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] private string invoiceIdField; // This is added for bypassing encryption [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] private string daEventField; /// <remarks/> [System.Xml.Serialization.XmlElementAttribute(Order = 0)] public string interfaceUniqueReference { get { return this.interfaceUniqueReferenceField; } set { this.interfaceUniqueReferenceField = value; } } /// <remarks/> [System.Xml.Serialization.XmlElementAttribute(Order = 1)] public string invoiceId { get { return this.invoiceIdField; } set { this.invoiceIdField = value; } } /// <remarks/> [System.Xml.Serialization.XmlElementAttribute(Order = 2)] public string daEvent { get { return this.daEventField; } set { this.daEventField = value; } } } </code></pre> The expected SOAP Request <pre><code><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-1BC7C7CC8C1DC237A312742702475786" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ== </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-7"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-8"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>O+wONgrnKflVXuIf/QqMIVPHICg=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> cPLtiHI8a3Ay7lCau0wosF7pakNPaOkFdmjC8osUqkUUECjQvSPCoVyWZldPxheWIEEM1qUAR7X2 1cOFNn2YUfTu9c3ElEgfRycDUTpcvF5hs37Er+ssR3QBKQ9Jmd76MHcc8LW12KNGGWZn/grUMhnR uuOzSrfAtOHYK22wPvE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1BC7C7CC8C1DC237A312742702475787"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1BC7C7CC8C1DC237A312742702475788" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#CertId-1BC7C7CC8C1DC237A312742702475786" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-6" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Username>115394</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce> <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-8">  <getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema">  <interfaceUniqueReference>aasd</interfaceUniqueReference> <invoiceId>-1</invoiceId> <daEvent>1</daEvent> </getActualInvoiceOutputRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> </code></pre> In the above SOAP message, inside the body, I need the contents of getActualInvoiceOutputRequest to be encrypted, and do not want getActualInvoiceOutputRequest to be encrypted. Right now, the whole body content is rendered encrypted. I followed the guidelines given in the following MSDN web page <a href="http://msdn.microsoft.com/en-us/library/aa347692.aspx" rel="nofollow noreferrer">http://msdn.microsoft.com/en-us/library/aa347692.aspx</a> It warns about the WS-Addressing Dependency. It has a statement, [For example, the BasicHttpBinding class does not support the specification, or if you create a custom binding that does not support WS-Addressing.]. I am suspecting that area, the WS-Addressing support for my custom binding. Can some one help on this ? Thanks, Shameer
Tags
<wcf><encryption><certificate><ws-addressing><custom-binding>
Title
Multiple Protection Levels does not work in WCF
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USShameer Kunjumohamed
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.