 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / February 2006Changing CanonicalizationMethod Algorithm
I'm trying to interop with a service provider's web service. They are currently requesting that messages be signed with an X509 certificate. The reference request notes the following Canonicalization algorithm: <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> However, the WSEv3 output produces the following algorithm: <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" /> Is there any way to modify the canonicalization algorithm? I can see that the XmlSignature class has reference to this namespace using the InclusiveC14NTransform AlgorithmURI const. I'm just not sure how to force the policy to use this algorithm over the other one without writing a custom policy and filter set. Passing the WSEv3 generated one returns a not supported error for that particular algorithm. Thanks, Colin Hi Colin, You will have to implement a custom assertion to do something like that. In the sample below I created a custom assertion using the turn-key assertion UsernameForCertificate. (You have to configure this class as an extension in the policy file) public class MyCustomAssertion : UsernameForCertificateAssertion { public override SoapFilter CreateClientOutputFilter(FilterCreationContext context) { return new MyClientOutputFilter(this); } protected class MyClientOutputFilter : ClientOutputFilter { public MyClientOutputFilter(UsernameForCertificateAssertion assertion) : base(assertion) { } public override void SecureMessage(SoapEnvelope envelope, Security security, MessageProtectionRequirements request) { base.SecureMessage(envelope, security, request); foreach (ISecurityElement element in security.Elements) { if (element is MessageSignature) { MessageSignature signature = (MessageSignature)element; //XmlSignature.AlgorithmURI.InclusiveC14NTransform = http://www.w3.org/TR/2001/REC-xml-c14n-20010315 signature.Signature.SignedInfo.CanonicalizationMethod = XmlSignature.AlgorithmURI.InclusiveC14NTransform; } } } } } Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > I'm trying to interop with a service provider's web service. They are > currently requesting that messages be signed with an X509 certificate. [quoted text clipped - 20 lines] > Thanks, > Colin Hey Pablo, Thanks for the sample code. I was hoping that it would be a simple attribute somewhere given the number of algorithms supported, but I guess not. I'll give this a shot. Cheers! Colin > Hi Colin, > [quoted text clipped - 69 lines] >> Thanks, >> Colin So that solved my last problem. Now I'm onto a new one: <soap:Fault xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:c="urn:schemas-cybersource-com:transaction-data-1.18"> <faultcode>wsse:InvalidSecurity</faultcode> <faultstring> Security Data : Invalid WS Security Header: Not supported transform: http://www.w3.org/2001/10/xml-exc-c14n# </faultstring> </soap:Fault> If I parse the transform blocks out of the document it works. That being said removing data from the document doesn't feel right. The final hurdle seems to be the security token reference value type. It points to "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" and as a result the service returns: Security Data : Invalid WS Security Header: Not supported keyInfo type: wsse:SecurityTokenReference I need to to look something more like this: <SecurityTokenReference xmlns="http://schemas.xmlsoap.org/ws/2002/04/secext"> <Reference URI="X509Token" /> </SecurityTokenReference> It does seem like the web service is running on older standards. I've been going through the docs but it seems like WSE has grown to be quite complicated, so I'm shooting in the dark here as to how to get this last bit of interop going without using the proprietary signature functions. Thanks, Colin > Hey Pablo, > [quoted text clipped - 74 lines] >>> Thanks, >>> Colin That solved my last problem. Now I'm onto a new one: <soap:Fault xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext" xmlns:c="urn:schemas-cybersource-com:transaction-data-1.18"> <faultcode>wsse:InvalidSecurity</faultcode> <faultstring> Security Data : Invalid WS Security Header: Not supported transform: http://www.w3.org/2001/10/xml-exc-c14n# </faultstring> </soap:Fault> If I parse the transform blocks out of the document it works. That being said removing data from the document doesn't feel right. The final hurdle seems to be the security token reference value type. It points to "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" and as a result the service returns: Security Data : Invalid WS Security Header: Not supported keyInfo type: wsse:SecurityTokenReference I need to to look something more like this: <SecurityTokenReference xmlns="http://schemas.xmlsoap.org/ws/2002/04/secext"> <Reference URI="X509Token" /> </SecurityTokenReference> It does seem like the web service is running on older standards. I've been going through the docs but it seems like WSE has grown to be quite complicated, so I'm shooting in the dark here as to how to get this last bit of interop going without using the proprietary signature functions. Thanks, Colin > Hey Pablo, > [quoted text clipped - 74 lines] >>> Thanks, >>> Colin
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.