To send the signed and encrypted SOAP request to
a web service from BizTalk server then follow these steps:
Step 1: Create send port (One Way/Solicit Response as per
requirement) select WCF-Custom in transport type.
Step 2: Select customBinding for Binding Type, by default customBinding
has textMessageEncoding and httpTransport, you can change it as per your
need.
Step 3: Add security binding extension element to the custom
binding. Make sure the order of element is as shown below:
Step 4: Configure the security binding element as shown
below:
Step 4.1: Set allowInsercureTransport to True if you are
using httpTransport leave it as False in case you are using the httpsTransport.
Step 4.2: Set authenticationMode to MutualCertificate.
Step 4.3: Set messageSecurityVersion to WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
Step 5: Add clinetCredentails behaviour in Behavior tab.
Step 5.1: Configure the ClientCertificate (with the information
related to your private key for signing) and
ServiceCertificate/DefaultCertificate(for the public key of service for
encryption)
BizTalk will produce the SOAP envelope With both Header and body signed and encrypted as shown below (for clarity most of encrypted content has been skipped from this output):
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3"/>
<a:MessageID u:Id="_4">urn:uuid:6ebdf6f8-b9fd-4fbd-8029-a7d2dd37c2d4</a:MessageID>
<a:ReplyTo u:Id="_5">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_6">http://localhost:6600/DummyService/DummyService.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-8bfab354-dd65-4ad2-9bc0-276979f19440-1">
<u:Created>2015-11-03T06:46:38.270Z</u:Created>
<u:Expires>2015-11-03T06:51:38.270Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-c6a8190f-5f53-40a0-980d-7b7ee55eb01a-3" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDuTCCAqGgAwIBAgIQBbX...</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fOepp/dW66vQ0heuTt2ETjlMRAM=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>oDZc/9rKTiVjeildC...J6iaPsYg==</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
<e:DataReference URI="#_7"/>
</e:ReferenceList>
</e:EncryptedKey>
<e:EncryptedData Id="_7" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue>jZnJpp1vi2Jl/gpLfLF+bIj...r0BkGUUHeVQ==</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue>y0QXU2uwNr...zOvFM=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_3"/>
<a:MessageID u:Id="_4">urn:uuid:6ebdf6f8-b9fd-4fbd-8029-a7d2dd37c2d4</a:MessageID>
<a:ReplyTo u:Id="_5">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_6">http://localhost:6600/DummyService/DummyService.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-8bfab354-dd65-4ad2-9bc0-276979f19440-1">
<u:Created>2015-11-03T06:46:38.270Z</u:Created>
<u:Expires>2015-11-03T06:51:38.270Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-c6a8190f-5f53-40a0-980d-7b7ee55eb01a-3" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDuTCCAqGgAwIBAgIQBbX...</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">fOepp/dW66vQ0heuTt2ETjlMRAM=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>oDZc/9rKTiVjeildC...J6iaPsYg==</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
<e:DataReference URI="#_7"/>
</e:ReferenceList>
</e:EncryptedKey>
<e:EncryptedData Id="_7" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue>jZnJpp1vi2Jl/gpLfLF+bIj...r0BkGUUHeVQ==</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_1">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<e:CipherData>
<e:CipherValue>y0QXU2uwNr...zOvFM=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
Cheers
Rohit C. M.
Sharma
8 comments:
Nice Article,
Rohit, Nice article, I’m doing something similar but I need to sign the first child of the SOAP body and couple of sections in SOAP header-Timestamp and Business Header (custom SOAP header).
I did everything as per this article, as your SOAP envelope example, SOAP Body and all SOAP Headers are getting signed.
Is there any way to sign the SOAP envelope selectively because my requirement is to sign the first child of the SOAP body, Time stamp and business header.
Thanks,
very useful .thank you for sharing Biztalk Online course Hyderabad
Whatever we gathered information from the blogs, we should implement that in practically then only we can understand that exact thing clearly on biztalk training courses , but it’s no need to do it, because you have explained the concepts very well. It was crystal clear, keep sharing..
Your Affiliate Money Printing Machine is ready -
Plus, getting it running is as easy as 1--2--3!
This is how it works...
STEP 1. Tell the system which affiliate products the system will push
STEP 2. Add some PUSH button traffic (it LITERALLY takes JUST 2 minutes)
STEP 3. Watch the affiliate products system grow your list and sell your affiliate products for you!
Are you ready???
Get the full details here
Nice blog keep sharing more
biztalk training for beginers
biztalk certification training
biztalk training
biztalk course
learn biztalk online
online biztalk traning
microsoft biztalk training courses
biztalk online training hyderabad
biztalk online training india
Thank you so much for sharing this fantastic blog post. Your writing style and the way you present your ideas are excellent. I believe I have a good understanding of this topic now. About Auto Clicker iPhone, you can find out more. The auto clicker is discussed in this article.
Cool and I have a keen give: How To Properly Renovate A House house repair quotation
Post a Comment