How to configure WCF client for this set of security requirements

4
votes

My client has some SAP service, which I need to call. I have pre-generated proxy classes, everything works fine (when security disabled on their side), now I need to enable their security policy. They gave me this as "specification":

  • SOAP 1.1
  • SSL
  • WS-Security signature only, encryption optional...

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf

SAP statment for their service:

Message Format for XML Signature

SOAP messages must include the following data:

a) BinarySecurityToken with ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" and EncodingType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"

b) Timestamp element

c) Signature signing Timestamp and Body, referencing the BinarySecurityToken using a direct reference.

d) Digest algorithm is http://www.w3.org/2000/09/xmldsig#sha1

e) Signature algorithm is http://www.w3.org/2000/09/xmldsig#rsa-sha1

Is this enough information for me to get this working? I am not expert in WCF security, so I would be very happy for any help and useful resources.

2
wcfweb-serviceswcf-securitysap

2 Answers

3
votes

Sounds like you need to utilise WCF Message Inspectors that can intercept messages you send and recieve and apply custom soap headers.

Check the below links for some guidance on how to implement them:

  1. MSDN - IDispatchMessageInspector - to modify messages sent
  2. MSDN - IClientMessageInspector - to intercept and read messages you receive
  3. Paolo Pialorsi Blog - Writing a WCF Message Inspector
  4. Kirk Evans Blog - Modify Message Content With WCF
  5. Steven Cheng Article - How to inspect and modify WCF message via custom MessageInspector

Hope this helps.

0
votes

I think you should ask about Soap Envelope that the other side waiting for. And then maybe using CustomBinding or Implement Message Inspector interfaces.