Encrypting SOAP Messages with WSE (7)

Source: Internet
Author: User
Tags decrypt header soap object model reference

Encrypt the message that is received to decrypt

When a message is encrypted by a X.509 certificate, Soapinputfilter automatically attempts to decrypt it using the private key of the user's key store, which, of course, tells WSE where to find additional configuration information for the certificate at run time. This information is specified by the security element of the application configuration file, which is an example of the application configuration file on the client app.config. For X.509 encryption, you only need to add a x509 child node, the content and the same as the following can be


storelocation= "CurrentUser"

Verifytrust= "true"

Allowtestroot= "false"/>

In my example, I set the Storelocation property of the X509 node to CurrentUser, assuming that the certificate is in the current user's certificate store, and I set the verifytrust to True after I used the trusted certificate from the CA. These properties can also be modified using the Settings tool for WSE. Using this information, WSE can get the private key of the certificate in the message, and can use this to decrypt the symmetric session key, and the decrypted content will eventually be decrypted to the message body.

Select the message element to decrypt

When the entire message body is encrypted by default, WSE can be used to encrypt specific elements within the SOAP message; the only problem is that elements of the security header element cannot be encrypted. You can also encrypt nested elements,

In this example service, I modified the X.509 version of the GetXmlDocument method to digitally encrypt encryptedsubresponse and its encryptedresponse parent node with a X.509 based security token, which returns the following XML document:



There's no need to encrypt this response message.




Here are sensitive data.




To encrypt an element, it requires a Wsu:id property so that the reference can be added to the node when the XML is serialized. The namespace WSU is defined as:

Xmlns:wsu= "Http://schemas.xmlsoap.org/ws/2002/07/utility

To do this, I add this XML to a new XML document and pass it. NET Framework supports the Microsoft XML Document Object Model (DOM) by adding an id attribute to it, as well as adding the accessory System.Xml to the project reference, plus the following:

Using System.Xml;

Using System.Xml.Serialization;

When I add more than one ID attribute to a nested element, I start by encryptedsubresponse element to iterate over its parent node EncryptedResponse, as follows:

string [] MyId = {"id:" + guid.newguid (), "ID:" + guid.newguid ()};

Create an XML document to return XML

XmlDocument myDoc = new XmlDocument ();

Mydoc.loadxml ("<Response>" +

"There is no need to encrypt the <NotEncrypted> response message here" +

"</NotEncrypted>" +

"<EncryptedResponse>" +

"<EncryptedSubResponse>" +

"This is sensitive data." +

"</EncryptedSubResponse>" +

"</EncryptedResponse>" +


Get EncryptedSubResponse Node

XmlNode = MyDoc.FirstChild.LastChild.FirstChild;

Walk up the element and add two ID attributes

To ensure that most elements inside are prioritized to be encrypted

Or we'll get an anomaly.

for (int i=0;i<myid.length;i++)


Create a new id attribute

String wsu = "Http://schemas.xmlsoap.org/ws/2002/07/utility";

XmlNode myattr = Mydoc.createnode (Xmlnodetype.attribute, "WSU",

"Id", WSU);

Myattr.value = Myid[i];

To add a property to a document

Root. Attributes.setnameditem (myattr);

root = root. ParentNode; Move to parent node


Assuming I've got the security notation from the X.509 certificate in front of my logic, I'll add these references to the EncryptedData element as follows:

Loops through the ID value and adds it to the new EncryptedData element

for (int i=0;i<myid.length;i++)


Create a new header, "#" is the prefix, used to ensure that the relevant URI can reference the head

EncryptedData Myencheader = new EncryptedData (MyToken, "#" +myid[i]);

Add a new header to the collection



Return encrypted data

return MYDOC;

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: