StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWCF Service with WS-Security requires Signed Timestamp only
primarykey
Id
3785536
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
4
CommunityOwnedDate
CreationDate
2010-09-24T08:54:04.637
FavoriteCount
4
LastActivityDate
2014-08-10T13:59:08.880
LastEditDate
2014-08-10T13:59:08.880
LastEditorUserId
759866
OwnerUserId
76066
ParentId
0
PostTypeId
1
Score
8
ViewCount
4166
LastEditorDisplayName
text
Body
I need to provide a service to a third-party that will be sending soap messages with a signed Timestamp. How can I configure my service to support this? UPDATE I've managed to get close to the format of the Soap message that we're after but WCF insists on signing both the username and the timestamp tokens, Is there a way to modify the binding to only sign the timestamp? <hr> Further Update Here are our requirements: <ul> <li>The Timestamp element MUST be signed.</li> <li>The CN name on the certificate used for signing MUST match the Username give in the UsernameToken element.</li> <li>The certificate used for signing MUST be sent in the BinarySecurityToken element.</li> <li>The KeyInfo element MUST only contain a SecurityTokenReference element, which must be used to reference the BinarySecurityToken.</li> <li>A canonicalization algorithm MUST be specified.</li> <li>The SignatureMethod MUST be specified and MUST be the SHA-1 or SHA-2 alghorithm.</li> <li>Detached Signatures SHOULD be used.</li> </ul> <hr> Any suggestions? CURRENT CONFIG Client Binding <pre><code><bindings> <wsHttpBinding> <binding name="WSBC"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="Certificate" proxyCredentialType="None"></transport> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" /> </security> </binding> </wsHttpBinding> </bindings> </code></pre> Client Endpoint <pre><code><client> <endpoint address="https://localhost/WcfTestService/Service2.svc" behaviorConfiguration="CCB" binding="wsHttpBinding" bindingConfiguration="WSBC" contract="ServiceReference2.IService2" name="wsHttpBinding_IService2" /> </client> </code></pre> Client Behavior <pre><code><behaviors> <endpointBehaviors> <behavior name="MBB"> <clientCredentials> <clientCertificate findValue="03 58 d3 bf 4b e7 67 2e 57 05 47 dc e6 3b 52 7f f8 66 d5 2a" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" /> <serviceCertificate> <defaultCertificate findValue="03 58 d3 bf 4b e7 67 2e 57 05 47 dc e6 3b 52 7f f8 66 d5 2a" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" /> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </code></pre> Service Binding <pre><code><bindings> <wsHttpBinding> <binding name="ICB"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="Certificate" proxyCredentialType="None"></transport> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" /> </security> </binding> </wsHttpBinding> </bindings> </code></pre> Serice Endpoint <pre><code><service name="WcfTestService.Service2" behaviorConfiguration="SCB"> <endpoint address="" binding="wsHttpBinding" contract="WcfTestService.IService2" bindingConfiguration="ICB" name="MS" /> </service> </code></pre> Service Behavior <pre><code><behaviors> <serviceBehaviors> <behavior name="SCB"> <serviceCredentials> <serviceCertificate findValue="4d a9 d8 f2 fb 4e 74 bd a7 36 d7 20 a8 51 e2 e6 ea 7d 30 08" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindByThumbprint" /> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfTestService.UsernameValidator, WcfTestService" /> <clientCertificate> <authentication certificateValidationMode="None" revocationMode="NoCheck" /> </clientCertificate> </serviceCredentials> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="false" /> </behavior> </serviceBehaviors> </behaviors> </code></pre>
Tags
<wcf><ws-security>
Title
WCF Service with WS-Security requires Signed Timestamp only
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USBenjamin
UserOwnerUserId
1. USDog Ears
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POWCF Service with WS-Security requires Signed Timestamp only
 UserUserId
 USDog Ears
 VoteTypeVoteTypeId
 VTBountyStart
2. VO
 singulars
 PostPostId
 POWCF Service with WS-Security requires Signed Timestamp only
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POWCF Service with WS-Security requires Signed Timestamp only
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTBountyClose
CommentsPostId
1. CODid you manage to get the configuration working so that only Timestamp element was signed? I am currently trying to achieve the same thing.
 singulars
 PostPostId
 POWCF Service with WS-Security requires Signed Timestamp only
 UserUserId
 USEdward

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.