When a message is encrypted by a X.509 certificate, Soapinputfilter automatically attempts to decrypt it using the private key of the user's key store, which, of course, tells WSE where to find additional configuration information for the certificate at run time. This information is specified by the security element of the application configuration file, which is an example of the application configuration file on the client app.config. For X.509 encryption, you only need to add a x509 child node, the content and the same as the following can be
<x509
storelocation= "CurrentUser"
Verifytrust= "true"
Allowtestroot= "false"/>
In my example, I set the Storelocation property of the X509 node to CurrentUser, assuming that the certificate is in the current user's certificate store, and I set the verifytrust to True after I used the trusted certificate from the CA. These properties can also be modified using the Settings tool for WSE. Using this information, WSE can get the private key of the certificate in the message, and can use this to decrypt the symmetric session key, and the decrypted content will eventually be decrypted to the message body.
Select the message element to decrypt
When the entire message body is encrypted by default, WSE can be used to encrypt specific elements within the SOAP message; the only problem is that elements of the security header element cannot be encrypted. You can also encrypt nested elements,
In this example service, I modified the X.509 version of the GetXmlDocument method to digitally encrypt encryptedsubresponse and its encryptedresponse parent node with a X.509 based security token, which returns the following XML document:
<Response>
<NotEncrypted>
There's no need to encrypt this response message.
</NotEncrypted>
<EncryptedResponse>
<EncryptedSubResponse>
Here are sensitive data.
</EncryptedSubResponse>
</EncryptedResponse>
</Response>
To encrypt an element, it requires a Wsu:id property so that the reference can be added to the node when the XML is serialized. The namespace WSU is defined as:
To do this, I add this XML to a new XML document and pass it. NET Framework supports the Microsoft XML Document Object Model (DOM) by adding an id attribute to it, as well as adding the accessory System.Xml to the project reference, plus the following:
Using System.Xml;
Using System.Xml.Serialization;
When I add more than one ID attribute to a nested element, I start by encryptedsubresponse element to iterate over its parent node EncryptedResponse, as follows:
Assuming I've got the security notation from the X.509 certificate in front of my logic, I'll add these references to the EncryptedData element as follows:
Loops through the ID value and adds it to the new EncryptedData element
for (int i=0;i<myid.length;i++)
{
Create a new header, "#" is the prefix, used to ensure that the relevant URI can reference the head
EncryptedData Myencheader = new EncryptedData (MyToken, "#" +myid[i]);
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
