Tuesday, November 3, 2015

Send signed SOAP request without encrypting the header and body in BizTalk Server using WS-Security


Simply follow all the required steps mentioned in my previous post and then create a custom behaviour extension to disable the encryption by using the following code in the AddBindingParameters function.

 
You can get the complete code for the behvior from this link.

Build the downloaded solution and GAC the DLL.

Update the machine.config for both 64 and 32 bit with the following entry.

<behaviorExtensions>
<add name="SignSoapRequestBehavior" type="WCF.Behavior.SignSoapRequest.SignSoapRequestBehaviorExtensionElement, WCF.Behavior.SignSoapRequest, Version=1.0.0.0, Culture=neutral, PublicKeyToken=ba7175b2b6205a29" />
...

Add this bahvior to the send port.

BizTalk will produce the SOAP request with both the header and body signed as shown below (for clarity most of encrypted content has been skipped from this output):
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
 <s:Header>
  <a:Action s:mustUnderstand="1" u:Id="_2">http://example.com</a:Action>
  <a:MessageID u:Id="_3">urn:uuid:78e28d0b-4944-48f7-86e1-16deef77cfdd</a:MessageID>
  <a:ReplyTo u:Id="_4">
   <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
  </a:ReplyTo>
  <a:To s:mustUnderstand="1" u:Id="_5">http://localhost:6600/BradyContractService/ReceiveContract.svc</a:To>
  <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   <u:Timestamp u:Id="uuid-9a964984-1374-485c-97bc-bdb76408d981-1">
    <u:Created>2015-11-03T07:28:27.508Z</u:Created>
    <u:Expires>2015-11-03T07:33:27.508Z</u:Expires>
   </u:Timestamp>
   <o:BinarySecurityToken u:Id="uuid-c2fe0a8f-ca9f-41c7-8f4b-6357ebdc5a09-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDuTCCAqG...mNi0</o:BinarySecurityToken>
   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
     <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
     <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
     <Reference URI="#_1">
      <Transforms>
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>ee6Ma40RghCCEzDnDA4VZNJynBM=</DigestValue>
     </Reference>
     <Reference URI="#_2">
      <Transforms>
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>0TSzFgakSshEA4QJJOFiDguAmaA=</DigestValue>
     </Reference>
     <Reference URI="#_3">
      <Transforms>
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>iDbgU1OHYaUGdFWCXjmuzgSAqlE=</DigestValue>
     </Reference>
     <Reference URI="#_4">
      <Transforms>
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>l6mMmQ2LE9VFtjaA6Qc4GKBXURw=</DigestValue>
     </Reference>
     <Reference URI="#_5">
      <Transforms>
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>QhNTDZm5G+hGSpv/fkTQ0sHlFSE=</DigestValue>
     </Reference>
     <Reference URI="#uuid-9a964984-1374-485c-97bc-bdb76408d981-1">
      <Transforms>
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>WzEWN6/iE6FnafJg4G9se5dB7yE=</DigestValue>
     </Reference>
    </SignedInfo>
    <SignatureValue>jRu...kWSjsJWA70vc/lRw==</SignatureValue>
    <KeyInfo>
     <o:SecurityTokenReference>
      <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-c2fe0a8f-ca9f-41c7-8f4b-6357ebdc5a09-2"/>
     </o:SecurityTokenReference>
    </KeyInfo>
   </Signature>
  </o:Security>
 </s:Header>
 <s:Body u:Id="_1">
  <Dummy>Sample Request</Dummy>
 </s:Body>
</s:Envelope>

Cheers
Rohit C. M. Sharma
Posted by at 7:04 PM

5 comments:

Anonymous said...

i'm doing the similar task recently.. the different is it not signing all header part, it only sign "to" and "timestamp" nodes; i think it can be done by add
var soapRequestIncluded = new MessagePartSpecification(false,new XmlQualifiedName[]{new XmlQualifiedName("",""),new XmlQualifiedName("","")});
Am'i right ??
another one is add key info by add "SubjectKryIdentifierReference" as below :


GgRDzyeIenAuXgE90yHwWjpjKII=


how can i do that in BizTalk?

November 30, 2015 at 10:17 AM
Anonymous said...

keyinfo XML is like :
{KeyInfo}
{wsse:SecurityTokenReference}
{wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"}GgRDzyeIenAuXgE90yHwWjpjKII={/wsse:KeyIdentifier}
{/wsse:SecurityTokenReference}
{/KeyInfo}

November 30, 2015 at 10:19 AM
Anonymous said...

https://quasartechsciencie.blogspot.com/2016/06/ide-visual-studio-code.html

June 19, 2019 at 8:55 AM
banditculun39 said...

Agen Slot Online Terpercaya
Panduan Slot
Movie

August 23, 2019 at 12:27 AM
Mobilpasand said...

Nice post thanks for sharing useful information that is helpful to everyone
intermediate notes
matric notes

February 10, 2022 at 2:38 PM

Post a Comment