Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / July 2005

Tip: Looking for answers? Try searching our database.

exclude elements of a soap message from signing

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mitja - 04 Jul 2005 23:35 GMT
hi,

in the article
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/9421f0
df-ccdd-4d67-9e85-1d102ada287e.asp
"How to: Specify the Parts of a SOAP Message That Are Signed or Encrypted"
it is said: "For digital signing, WSE signs the entire contents of the
<Body> element, the <Timestamp> element of the Security header, and all
addressing headers."

Is there a way to tell WSE not to sign these elements?

thanks in advance

mitja jentges
Reply to this Message
Softwaremaker - 05 Jul 2005 01:21 GMT
> > Is there a way to tell WSE not to sign these elements?

I dont think there is a way to tell WSE NOT to sign whichever elements.
However, it allows you to be MORE explicit about it by telling it what
elements to sign.

Look at the MessageSignature.SignatureOptions space for the guidance on how
to do this. If you want to specify your own elements for signatures, the
article link below you had flashed should tell you the tricks. The key thing
is the Reference ID.

hth
Signature

Thank you.

Regards,
William T
http://www.softwaremaker.net/blog

Independent Microsoft Regional Director | Microsoft MVP - Solutions
Architect
======================================================

> hi,
>
> in the article

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/9421f0
df-ccdd-4d67-9e85-1d102ada287e.asp
> "How to: Specify the Parts of a SOAP Message That Are Signed or Encrypted"
> it is said: "For digital signing, WSE signs the entire contents of the
[quoted text clipped - 6 lines]
>
> mitja jentges
Reply to this Message
Mitja - 05 Jul 2005 23:53 GMT
thanks for your answer.

you were right, i do not have to remove any signatureOptions, just tell wse
which options to use

requestContext.Security.Tokens.Add(signatureToken);
MessageSignature sig = new MessageSignature(signatureToken);
sig.SignatureOptions = SignatureOptions.IncludeSoapBody; //only the soapbody
will be signed
requestContext.Security.Elements.Add(sig);

>> > Is there a way to tell WSE not to sign these elements?
>
[quoted text clipped - 26 lines]
>>
>> mitja jentges
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.