.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Urgent: help needed signing a SOAP 1.1 Message's Body+Timestamp, and send over SSL

Posted By:      Posted Date: October 26, 2010    Points: 0   Category :WCF


I have a deadline that is about to whoosh by having underestimated how tricky this would turn out to be.



  • SOAP 1.1
  • WS-Security for timestamp and signing
  • signature has to be single signature made from 2 elements: body + timestamp
  • Asymmetric Algorithm: SHA1
  • Key algorithm: RSA 
  • sent over SSL
  • client has to authenticate to server via cert with well known CN=
  • Server is not .NET but Weblogic, with policies that cannot be changed.

Basically, a secure (SSL) based transport, with signing to protect against tampering as well as replay.



Seemed like a good choice at first as it has WS-Security built in.After setting up a behavior that defines client and server certs setting binding/  

Unfortunately wsHttpBinding creates a signature from too many elements in the message (Body, Action, RelatesTo, Timestamp).

There is no apparent way of controlling what gets selected as an element of the signature.  

For example: as the ws-Security headers (Timestamp, etc.) are not part of the proxy Request message class definition, and are added/injected somewhere down the line, and are no

View Complete Post

More Related Resource Links

How to manipulate both envelpe and body of soap message


Can you please help to manipulate the both envelope and body of SOAP message. I am using MessageInspector and in the BeforeSendRequest method,  i have a request like that.

<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
    <a:Action s:mustUnderstand="1">http://www.aaaa.com/IServices/Method</a:Action>
    <Method xmlns="http://www.aaaa.com">
After manipulation i want to create a Message wwhic will have following XML:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12">
		<a:Action s:mustUnderstand="1">http://www.aaaa.com/IServices/Method</a:Action>

How to properly create SOAP Request that has x509 signed message body and unsigned usernameToken




I'm trying to  create a .NET client that will consume AXIS WS.

Request should be signed (using x509 Signature) and after this usernametoken profile 1.0 should be attached.

Using SOAP-UI I can create Outgoing Security Policy with few steps described below:

1) Define keystore

2) Add WSS Signature entry and mark key identifier type as X509 Certificate or Binary Security Token

3) Add WSS Username entry

The order is important.

I cannot recreate SOAP request that would generate valid response.

I got "The signature or decryption was invalid" most of the time.

Here is valid SOAP Request from SOAP-UI:


 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:user="http://users.api.swd.zbp.pl"

MSMQ and .NET: Send MSMQ Messages Securely Across the Internet with HTTP and SOAP


When creating a distributed system you frequently need to provide for communication between two entities that are not in sync. Microsoft Message Queue Server (MSMQ) provides the kind of store-and-forward messaging in a pre-built infrastructure that can help you address these kinds of messaging needs. In the past, MSMQ was accessed using a COM wrapper. Now there's a .NET wrapper that lets you accomplish your messaging goals easily from your Framework-based code. To illustrate the use of the wrapper, the author builds a messaging application, sends MSMQ messages over the Web, and discusses messaging security.

David S. Platt

MSDN Magazine December 2003

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

DIME: Sending Files, Attachments, and SOAP Messages Via Direct Internet Message Encapsulation


Direct Internet Message Encapsulation (DIME) is a new specification for sending and receiving SOAP messages along with additional attachments, like binary files, XML fragments, and even other SOAP messages, using standard transport protocols like HTTP. In this article, the author explains what DIME is and how it differs from MIME encapsulation. A detailed description of the message format and how it is parsed, as well as working with SOAP and extending it with WSDL, is also included.

Jeannine Hall Gailey

MSDN Magazine December 2002

need regular expression to get message body

I have text like this: <tr class="NormalRow_Small"> <td colspan=2>&nbsp;</td> <td colspan=3> </td> </tr> <tr class="NormalRow_Small"> <!--description--> <td colspan="5"> <font size="2">Hi All,<div><!br /></div><div>I'm glad to introduce ...</div><div><!br /></div><div>Actually we already have ... <font size=1>(see link for full text)</font></font><br> <font size="1"> </td> </tr> <tr> <td colspan=5><hr /></td> </tr>   I want to get bold text, please help me.   Thanks, Alex.

How to Add Custom SOAP Headers Into The Server Response Message in WSE3.0?

Hi Dear All, Assuming I am the service provider, may i know how many ways are there to insert a custom header into the server response message? So far I tried several ways, and it can be done in custom SoapFilters (by playing with SOAPEnvelope object), and SoapExtension (SOAPMessage object). Just wondering if this could be done at web service class by specifying a SOAPHeader attribute, just like adding a SOAPHeader into the SOAP request message at consumer side? If can, it might be much smarter than SoapFilter and SoapExtension.   Thanks in advance!   Best Regards, Charles

urgent help needed regarding transactional replication2005

urgent help needed regarding transactional replication2005   I did set up transactional replication on sql 2005 and also in article properties have selected to replicate foreign keys,default constraints and indexes. I checked the schema properties at publisher and subscriber and found that on one table a foreign key is not replicated which has an on delete cascade. I am not sure why is not replicating that constraint.The other table has a foreign key which is also not replicated.   I would appreciate all your help. thanks, Satya

does SPD support filtering of the mail title/body we send to a list/library?

for example, if we send a mail with the title of "%hostname% %ipaddress%" to a list. can SPD WF filter the title and get %hostname% to a new variable? the reason to ask this is i want to send a well-formated mail to sharepoint and the automatical WF can recognize the change of the list items and update the relevant columns by the filtered content from mail title or body. thanks!

Signing The Body of a Web Service Request (From Client)

Hello, I attempting to consume a webservice, which has numerous security factors, one of which is SSL. I am using WS-Security and attempting to sign the body of my request.  Right now it is only currently signing the timestamp and to: (endpoint).  I've been scouring the forums, but seem to come to a dead end with threads dying off... http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/034f71cd-408e-447c-a95c-e0cf4baa5742 I'm assuming I will have to modify the reference.cs file or maybe even the WSDL, but here's some of the code I've done for the binding..is this on the right track? WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.TransportWithMessageCredential; myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; myBinding.Security.Message.NegotiateServiceCredential = false; myBinding.Security.Message.EstablishSecurityContext = false;

How to change the ReplyTo and FaultTo of SOAP Message Headers in WCF ?

Hi All, How to change the ReplyTo and FaultTo of SOAP Message Headers in WCF ? I will test routing SOAP MEssage using WCF, Thanks.  Frank Xu Lei--????,???? ???.NET????????????????????? Focus on Distributed Applications Development and EAI based on .NET   ???????:http://www.frankxulei.com/ ???????:http://www.cnblogs.com/frank_xl/ ??WCF?????? ??WCF??????

How to pass response or fault soap message to other end point using WCF?


I have changed the ReplyTo and FaultTo of SOAP Message Headers in WCF ,

and I d like  the response message can be sent to other service endpoint,

I tested it,But Response Message could not be sent to other service.

How can I make it?

Thanks in advance.


Frank Xu Lei--????,????
Focus on Distributed Applications Development and EAI based on .NET




Sign outgoing client request SOAP body with WSE 3.0



We currently have the code in WCF to sign the outgoing client requests' SOAP Body, however we need the same code for use with WSE 3.0.  I can't find any examples of this.  

Is it possible?  If so, does anyone have an example?

Thank you,

view soap request message


I am consuming a .net 2.0 webservice from a class library and calling this class from a web page form . When a user inputs and saves the data in the form it will call the class and inturn send the user inputted data over webservice. I want to view the Soap messages like request and response going from my dll to the webservice. I tried fiddler but with no luck. So I created a class mentioned here: http://msdn.microsoft.com/en-us/library/system.web.services.protocols.soapextension(v=VS.90).aspx

and added the in the dll.config file like this and it was also of no help. By the way the end webservice is https not http.




        <add type="SoapTrace.TraceExtension" priority="2" group="High" />





Any pointers are greatly appreciated, thanks in advance

Create Email Message and Send to Client For Review before Sending


Please read this post carefully. I am not looking to actually send an email using ASP.NET. 

I am looking for a means by which ASP.NET can create an Outlook MailItem and stream it to the client machine for the user to review prior to sending. I know that its possible to create files such as Word docs and Excel spreadsheets an then stream them, but I don't know how to do it with ASP.NET.

How to programmatically generate soap section for certificate signing




Hope somebody can help me…


During the last week, I’ve been trying to work on the following problem but despite trying many things and a lot of internet searches, have not been able to get to the bottom of it.


In our company, we have a test tool that a number of external quality engineers insist on using to hit our WCF web services.  Their test tool can only natively hit our unsecured services.  However, we also have some SAML secured services and some certificate secured services.  


Sign Body, Timestamp, and endorsing supporting tokens elements WSE 3.0


I'm trying to sign an outbound client request.  I'm trying to sign the body, timestamp, and endorsing support tokens. I think I have all the requirements except the Endorsing Support Tokens.  Does anyone know how to do this in WSE 3.0, in code?

Here is my SecureMessage function, and below is example output.

Public Overrides Sub SecureMessage(ByVal envelope As Microsoft.Web.Services3.SoapEnvelope, ByVal security As Microsoft.Web.Services3.Security.Security)
            Dim sc As SoapContext = envelope.Context
            Dim certobj As Object = sc("Certificate")
            Dim CertSubjectToUse As String 'the cert subject to find with
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend