Folks, I am building a RESTful service that is secured by providing an XMLDSIG XML signature at the bottom of the XML document. When I send this document to the server, the WCF service is doing the XML de-serialization method on the HTTP payload to give
me a C# class. Unfortunately for this de-serialization to occur properly, the C# class definition needs to have all the properties required to define the XML signature, even though I only need that for security.
So, what I would like to do is this:
- build a WCF service behavior that, pre-call, examines the XML signature, validates it and then strips it off the XML before the de-serialization for the regular method call.
Is this possible? If so, where can I start looking for how to do this? I feel like I'm close I just haven't found the right WCF injection point.
p.s. Everything is .NET 4.0, Visual Studio 2010, IIS 7+.
The .NET Addict - http://dotnetaddict.dotnetdevelopersjournal.com
View Complete Post