WS-Security only with message signing with 2-ways SSL

Hello.

I’m trying to consume from a BizTalk Server a Web service. The Web service implements WS-Security, but only signs the message body. The communication with the Web service is over 2-ways SSL, this is the reason they didn’t implement any other characteristic of the WS-Security.

Searching the Web i found the adapter to be used in the send port should be WCF-WSHttp, but i found that this adapter sign and encrypts the message. I only want message signing, then this is not the solution.

The proper adapter to make a more customized send port is WCF-Cutom. I tried to customize de EndPointBehavior but it don’t work. I’m going to expose the configuration and i’ll apreciate any help to locate the mistake in the configuration:

General:

Address: https://…/axis2/services/…

EndPoint Identity: Not configured.

SOAP Action header: Configured whit the action

Binding:

BindingType: wsHTTPBinding

WSHttpBindingElement:

Security: mode = Transport

Transport:

clientCredentialType: Certifcate

proxyCredentialType: None

Message:

algorithmSuite: Default

clientCredentialType: None

negotiateServiceCredential: True

establishSecurityContext: False

Behavior:

CustomBehavior:

ProtectionLevel: Sign

clientCredentials:

supportInteractive: True

type: blank

ClientCertificate:

findValue: dd e6 …

storeLocation: LocalMachine

storeName: My

x509FintType: FindByThumbprint

ServiceCertificate:

DefaultCertificate:

findValue: 4f 0b …

storeLoation: CurrenUser

storeName: TrustedPeople

x509FindType: FindByThumbprint

ScopedCertificates:

Count: 0

Authentication:

crtificateValidationMode: ChainTrust

customCertificateValidatorType: blank

revocationMode: Online

trustedStoreLocation: CurrentUser

The rest of the configuration is the default.

 

The custom behavior it’s a class than inherits from BehaviorExtensionElement and IEndpointBehavior and implements the following code (Level is a configuration exposed attribute of the class):

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

void IEndpointBehavior.AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection

bindingParameters)

{

endpoint.Contract.ProtectionLevel = Level;

bindingParameters.Remove<

 

ChannelProtectionRequirements

>();

 

 

ChannelProtectionRequirements requirements = new ChannelProtectionRequirements

();

bindingParameters.Add(requirements);

 

 

MessagePartSpecification unprotectedBody = new MessagePartSpecification

();

 

 

MessagePartSpecification protectedBody = new MessagePartSpecification(true

);

 

 

switch

(endpoint.Contract.ProtectionLevel)

{

 

 

case ProtectionLevel

.None:

requirements.OutgoingSignatureParts.AddParts(unprotectedBody,

 

“*”

);

requirements.IncomingSignatureParts.AddParts(unprotectedBody,

 

“*”

);

requirements.OutgoingEncryptionParts.AddParts(unprotectedBody,

 

“*”

);

requirements.IncomingEncryptionParts.AddParts(unprotectedBody,

 

“*”

);

 

 

break

;

 

 

case ProtectionLevel

.Sign:

requirements.OutgoingSignatureParts.AddParts(protectedBody,

 

“*”

);

requirements.IncomingSignatureParts.AddParts(protectedBody,

 

“*”

);

requirements.OutgoingEncryptionParts.AddParts(unprotectedBody,

 

“*”

);

requirements.IncomingEncryptionParts.AddParts(unprotectedBody,

 

“*”

);

 

 

break

;

 

 

case ProtectionLevel

.EncryptAndSign:

requirements.OutgoingSignatureParts.AddParts(protectedBody,

 

“*”

);

requirements.IncomingSignatureParts.AddParts(protectedBody,

 

“*”

);

requirements.OutgoingEncryptionParts.AddParts(protectedBody,

 

“*”

);

requirements.IncomingEncryptionParts.AddParts(protectedBody,

 

“*”

);

 

 

break

;

I’ll apreciate any help you can provide, thanks.