Encryption and Signature in message mode.

Encryption and Signature in message mode.

• crowesql

  manukahn:> We are speaking about WCF Not WSE3.0 !!!

  Yes, I know and I am speaking of WCF as well. I am just saying that we used to be able to Encrypt and Sign MessageParts in WSE2.0, not anymore, not even in WCF ... And I am speaking of WCF out-of-the-box.

  That said, I believe you may be able to do so if you implement it yourself via the various ways you can grok into the message.

  
  
  

• Jacksparrow1985

  We are speaking about WCF Not WSE3.0 !!!
  

• Pooja Katiyar

  > How do I set Encryption and Signature when using message mode

  Something like this

  <security authenticationMode="UserNameForCertificate" requireSecurityContextCancellation="false" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" requireDerivedKeys="true" requireSignatureConfirmation="false">

  The messageProtectionOrder can be set to SignBeforeEncrypt or EncryptBeforeSign as well (if memory serves me well). Obviously EbS is subject to SignatureReplacement attacks.

  > Can I encrypt / Sign only part on the message

  I have been asking for this for some time. Signing Encrypting messageParts have not been available since WSE2.0 I know there is a reason for it but I cannot, for my life, remember it now. However, to answer your question - No, I dont think you can.

  
  
  

• Vaish

  in the trace viewer,we log messages at service level and transport level

  if you trace message at Transport level,Message will be signed and encrypted(Service level,i think it is not signed yet)

  except basichttpbinding,all WCF bindings are secured by default (confidentiality,Integrity)

  WCF supports 3 types Message protection

  EncryptBeforeSign The message is encrypted and then signed. 
  SignBeforeEncrypt The message is signed and then encrypted. 
  SignBeforeEncryptAndEncryptSignature The message is signed and encrypted, and the signature is encrypted. 

  if you want to know what kind of Messageprotection each binding using ,you can use following sample(you can do same for other bindings)

  WSHttpBinding b = new WSHttpBinding();

  BindingElementCollection bec = b.CreateBindingElements();

  SymmetricSecurityBindingElement sbe = bec.Find<SymmetricSecurityBindingElement>();

  Console.WriteLine(sbe.MessageProtectionOrder.ToString());

  you can use custom binding also the way explained in above log

  i don't know we can sign only part of message or not (I think we can choose to sign headers or not,but nor sure about part of message)

  following articles may help to know more about WCF security

  http://msdn.microsoft.com/msdnmag/issues/06/08/SecurityBriefs/default.aspx
  http://windowssdk.msdn.microsoft.com/en-us/library/ms735093.aspx
  http://windowssdk.msdn.microsoft.com/en-us/library/ms731086.aspx
  http://wcf.netfx3.com/content/WindowsCommunicationFoundationWCFInteroperabilityandMigrationwithWSE20.aspx

   

  -Thank you

  Madhu

   

   

  
  
  

• TheVisual

  One way of setting the encryption and signature it is by defining a custom binding:

  1) Create a SymmetricSecurityBindingElement or a AsymmetricSecurityBindingElement instance, depending on the type of security token used.

  2) Set the MessageProtectionOrder property of the security binding element instance with the desired protection order.

  3) Create a custom binding using the security binding element and a HttpTransportBindingElement instance

  
  The same thing can be done in the configuration file

  I hope it helps
  Best regards
  Pedro Felix
  

  
  
• Encryption and Signature in message mode.