I have a WCF client calling a Java-based service. The service vendor is supporting WCF clients. The WCF client binding uses authenticationMode="MutualCertificate", messageVersion="Soap11WSAddressing10" and the message is signed and encrypted (SignBeforeEncrypt).
WCF, in this case, is automatically signing all the ws-addressing ( <Action>, <MessageID> and <To> ) headers. The message gets to the service and comes back with what appears to be valid encrypted data in the response BUT the client is throwing
a "The 'Action', 'http://www.w3.org/2005/08/addressing' required message part was not signed" exception (mscorlib).
Is there a way to NOT sign the ws-addressing headers in the request message while still using both signing and encryption (X.509 certs)?
If the client DOES sign the ws-addressing headers in the request, is there a way to configure WCF to accept UNsigned ws-addressing headers in the response?
If the answer is NO on both questions, I guess I will have to ask the service vendor to sign the ws-addressing headers in the response. Thanks.
View Complete Post