I need to consume a SOAP web service created in Java from a WCF client. The service I have to consume has the following constraints:
- needs transport level security by communicating over HTTPS
- needs signatures on the body (soap:body element) and a custom header of each request. The signature is done using a client certificate and complies with http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf. The signature
is required only on requests. Service responses are not signed.
It does not seem very complicated, but it proved rather difficult to achieve. My first attempt was to create a custom binding in the configuration file with CertificateOverTransport authentication. This had two major problems: it generated a timestamp header
and included it in the signature (removing it would would throw an exception), it never included my required items (body and custom header) in the signature.
So I came to a second approach which consisted in creating a custom binding in code:
class MyBinding : Binding
public override BindingElementCollection CreateBindingElements()
var elements =
View Complete Post