Dear Forum Bugs!!
We have a blocking issue with one of our testing; to add some background I have detailed the information :
1. we develop a Web Logic Application (Web Service)
2. For the incoming REQUEST we implement with the following Policy:
a. Must Include Timestamp
b. Must Include Binary Security Token ("InitiatorSignatureToken><wsp:policy xmlns:wsp="#unknown"><ns1:x509token ns1:includetoken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient" mode="hold" xmlns:ns1="#unknown">
c. Must Sign: the Body, Timestamp, Binary Security Token ["ProtectTokens"] & (in Whole : "OnlySignEntireHeadersAndBody")
d. Only the Layout is Laxed
3. The RESPONSE is however simple:
a. No Signing (does not include the "RecipientSignatureToken" node in the Policy)
b. No Token ("RecipientEncryptionToken><wsp:policy><ns1:x509token ns1:includetoken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never" mode="hold" xmlns:ns1="#unknown"> c. Includes the "SignatureConfirmation"
All fine and tested via SOAP-UI.
But, if the client is developed in .NET using the WCF framework we face the following issue:
1. Request is created with the right Policy (Successfully processed by our Server)
2. Response is also generated WITHOUT SIGNING
3. The Client Application FAILS to read as it expects the response to be signed.
I am sure this can be configured in the WCF Framework, any possible help is highly appreciated.
Thanks,
Beck
##############################################################
Unhandled Exception: System.ServiceModel.Security.MessageSecurityException: The
security header element 'SignatureConfirmation' with the 'sigconf_7bl2qdaf9HbZ61
oI' id must be signed.
Server stack trace:
at System.ServiceModel.Security.ReceiveSecurityHeaderElementManager.EnsureAll
RequiredSecurityHeaderTargetsWereProtected()
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeou
t, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPol
icy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader
(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredS
igningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationSta
tes)
at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMess
ageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrel
ationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage
(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlat
ionStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChann
el.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState
, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChann
el.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message messag
e, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean on
eway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan tim
eout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCall
Message methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage req
Msg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDa
ta, Int32 type)
Submit an article or tip