c# - WCF Client for web service with WS-Security, signed headers, authentication tokens and encryption of body -

-

i assigned create client web service. have no previous experience web services , have been trying no success. web service hosted @ https://ws.conf.ebs.health.gov.on.ca:1441/edtservice/edtservice able create proxy classes visual studio 2012 , create basic client rejected service since did not include of security specifications services require. following extract documentation, available @ http://www.health.gov.on.ca/en/pro/publications/ohip/default.aspx

the ws-security section includes: technical specifications of wss 1.1 • identity requirements; • signing requirements ; • encryption requirements; , • time stamps

idp ensure confidentiality , integrity of sensitive information within message, sender software must use public key technology sign soap headers , body. signing certificate can available certificate , can self signed. if response data specified encrypted, specific web service technical specification, data encrypted using, @ least, aes128-cbc symmetric encryption algorithm public key belonging signer of initial soap request. encryption algorithm may increased based on specific web service technical specification.

my goal create wcf client can access service. far have done , not work: example tries upload file server:

        endpointaddress address = new endpointaddress("https://ws.conf.ebs.health.gov.on.ca:1441/edtservice/edtservice");         //mcedt userid , password         string userid = "abcdefg";         string password = "password";         //moh id         string mohid = "123456";         //vendor conformance key         string key = "1234abcd-eeee-aaaa-ffff-abcdef123456";  public void upload()         {             console.writeline("uploading....");             //specify binding used client.             wshttpbinding binding = new wshttpbinding(securitymode.transportwithmessagecredential);                        binding.sendtimeout = new timespan(0, 10, 0);             usernametoken ut = new usernametoken(userid, password, passwordoption.sendhashed);              edtdelegateclient client = new edtdelegateclient(binding,address);                          //capture before send , after receive events             client.endpoint.behaviors.add(new inspectorbehavior());                          ebs_header ebs = new ebs_header();             ebs.auditid = "123456789";             ebs.softwareconformancekey = confomancekey;              //the mcedt service support idp security model in first release.             idp_header idp = new idp_header();             idp.serviceusermuid = mohid;              msa_header msa = new msa_header();             msa.userid = userid;              //data upload             //sample claim provided ohip             uploaddata data = new uploaddata();             data.description = claim_file;             data.content = file.readallbytes(@"..\..\" + claim_file);              uploadrequest ur = new uploadrequest();             ur.upload = new uploaddata[1];             ur.upload[0] = data;              try             {                 resourceresult result = client.upload(ebs, msa, idp, ur.upload);              }             catch (exception e)             {                 console.writeline(e.message);             }          }     }

i believe have done far in line technical requirements: " electronic system constructs soap message using appropriate values , inserts ebs , idp headers soap message header user name , password (for idp in ws-security username token). soap headers , body digitally signed guarantee message integrity , source. if request data specified encrypted, specific web service technical specification, use public key of ebs system." don't know how sign headers , body , how encrypt data. certificates provided technical specifications , have proper information user , password. lack of knowledge stopping finish project.
in advance community help.

edit #1: sample message docs:

<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:msa="http://msa.ebs.health.ontario.ca/" xmlns:idp="http://idp.ebs.health.ontario.ca/" xmlns:edt="http://edt.health.ontario.ca/" xmlns:ebs="http://ebs.health.ontario.ca/">   <soapenv:header>     <ebs:ebs wsu:id="id-4"     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">       <softwareconformancekey>444361ee-277f-7732-c684-7a9923jfgh1b</softwareconformancekey>       <auditid>124355467675</auditid>     </ebs:ebs>     <idp:idp wsu:id="id-3"     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">       <serviceusermuid>1111222</serviceusermuid>     </idp:idp>     <wsse:security soapenv:mustunderstand="1"     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">       <wsse:binarysecuritytoken       encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary"            valuetype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#x509v3"       wsu:id="x509-04fd51796cb607011413612828891871">miif0zccblugawibagibajanbgkqhkig9w0baqufadcbzzelmakga1uebhmcq0exczajbgnvbagtam9umrewdwydvqqhewhraw5nc3rvbjepmccga1uechmgsgvhbhroifnvbhv0aw9ucybezwxpdmvyesbccmfuy2gxjtajbgnvbasthevszwn0cm9uawmgqnvzaw5lc3mgu2vydmljzxmxjzalbgnvbamthkvcuybuzxn0ienlcnrpzmljyxrlief1dghvcml0etelmcmgcsqgsib3dqejarywc2vhbi5jyxjzb25ab250yxjpby5jytaefw0xmja0mjkxnjaymjnafw0xnda0mzaxnjaymjnamigumqswcqydvqqgewjdqtelmakga1uecbmcb24xetapbgnvbactcgtpbmdzdg9umskwjwydvqqkeybizwfsdgggu29sdxrpb25zierlbgl2zxj5iejyyw5jadelmcmga1uecxmcrwxly3ryb25pyybcdxnpbmvzcybtzxj2awnlczetmbega1ueaxqkrujtx0nsawvuddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebameevvz96t117651bjxia8aae69n1kllijvhrxfxtv2jckojhzg19em6nftxznvrfjhjqcojxgreq0yljmihgiaiggug9g4ozhzosxm11b0k+l9si0uv1uqxspvkzbptlw3juy3e8ihobtby4tzdg0yfuuk5kpwt0jcqn8pcoi2oq2rqtednq0tg5/lofjamdrzbpk1etnnojzceakr3whpec++q2ntuy9qfyntpoyk5jksrvuuisr5ocw6rjfxtf7cj84qxwloxmwl4m3ykdti3oud36gplgo8fi2hlpnqvbdlcm7acv8klkc0eyifopbzheywaviiwc9ovybxrjg0caweaaaocafewgghtmakga1udewqcmaaweqyjyiziayb4qgebbaqdagswmesgcwcgsagg+eibdqq+fjxtu0wgq2xpzw50ignlcnrpzmljyxrlihzhbglkig9ubhkgzm9yie1psexuqy9iu0mgrujtifrlc3rpbmcwhqydvr0obbyefkv6tgi2sztstcipyfkzckr4yljmmiibbaydvr0jbih8mih5gbt/qi53ggvfsdz34whlq2gdg+phw6gb1asb0jcbzzelmakga1uebhmcq0exczajbgnvbagtam9umrewdwydvqqhewhraw5nc3rvbjepmccga1uechmgsgvhbhroifnvbhv0aw9ucybezwxpdmvyesbccmfuy2gxjtajbgnvbasthevszwn0cm9uawmgqnvzaw5lc3mgu2vydmljzxmxjzalbgnvbamthkvcuybuzxn0ienlcnrpzmljyxrlief1dghvcml0etelmcmgcsqgsib3dqejarywc2vhbi5jyxjzb25ab250yxjpby5jyyijaonnhct34+b/mcega1udegqambibfnnlyw4uy2fyc29uqg9udgfyaw8uy2ewjgydvr0rbb8whyebzgvyzxlrlmzlcm5hbmrlc0bvbnrhcmlvlmnhma4ga1uddweb/wqeawifodanbgkqhkig9w0baqufaaocaqeajqcht181f8ruunq8jha42kdkh+fdf0isuklbg5marho+wt1laltameaxdesnljbngvcgxpz4stymdch8moewyftcy5nkygqcuod2gpaj3hj50bjz9vzuyyubpumwiep2v75qqe62fhtqza/vja0i5emgmka3urhstdfndnejjtmhdxwrjajjrhphqwe0e1qtg+zv1ved0f5ozdvdylbvrm4s0mgcifk8qevztnsodp37mmsfr5ffmo91bqt23xagzukra428dw4t1ekjyed6pnssns4xcq6btx0au3mw5iintiayqp8rlsykwaj+dfatbg00kdgpebf1prvq4h91ea==</wsse:binarysecuritytoken>       <ds:signature id="sig-6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">         <ds:signedinfo>           <ds:canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">             <ec:inclusivenamespaces prefixlist="ebs edt idp msa soapenv"             xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>           </ds:canonicalizationmethod>           <ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />           <ds:reference uri="#usernametoken-2">             <ds:transforms>               <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">                 <ec:inclusivenamespaces prefixlist="ebs edt idp msa soapenv"                 xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>               </ds:transform>             </ds:transforms>             <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />             <ds:digestvalue>pethpied5ujpqxnukgn0k4p7up8c0dfpurxbpq+emwi=</ds:digestvalue>           </ds:reference>           <ds:reference uri="#ts-1">             <ds:transforms>               <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">                 <ec:inclusivenamespaces prefixlist="wsse ebs edt idp msa soapenv"                 xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>               </ds:transform>             </ds:transforms>             <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />             <ds:digestvalue>dqlqnqvhwzhrx7amwoyxemwxn2g0/rnd2i13wpp1vhw=</ds:digestvalue>           </ds:reference>           <ds:reference uri="#id-3">             <ds:transforms>               <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">                 <ec:inclusivenamespaces prefixlist="ebs edt msa soapenv"                 xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>               </ds:transform>             </ds:transforms>             <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />             <ds:digestvalue>k4irndaa4zbmkumifgkcluika8dmzwggdko5aq45lhg=</ds:digestvalue>           </ds:reference>           <ds:reference uri="#id-4">             <ds:transforms>               <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">                 <ec:inclusivenamespaces prefixlist="edt idp msa soapenv"                 xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>               </ds:transform>             </ds:transforms>             <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />             <ds:digestvalue>o92xrjqnwgz0hv7dx87vsyuscx0qhl/bfge3gmtuzqg=</ds:digestvalue>           </ds:reference>           <ds:reference uri="#id-5">             <ds:transforms>               <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">                 <ec:inclusivenamespaces prefixlist="ebs edt idp msa"                 xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>               </ds:transform>             </ds:transforms>             <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />             <ds:digestvalue>svnyvvp+mrjiylzfsg+bgw//8ipnvvio9px3vyufw3i=</ds:digestvalue>           </ds:reference>         </ds:signedinfo>         <ds:signaturevalue>           qdszlgy/atfozzo1c4tx+1e8ertrbmbysrxek6sj1jct/77tlv5pbgname9ttdmzf6h7/qb4rbgl 76lm0pacq9xm3dtssqoz/so82g+/kx8m9tpy9d44+dvlb+cxm9rpn2blmsvwtjf0kwi22smrzmtr 6a6jfnykgga6zwzc9nlfg5/ktvsyz39vodo3t5gyc15rsjhkvbggowmkm7x5phrhu+3gclebthp8+fgmmd9pjotl9wunzr7npy79xrngxmdml8hlve4+uic//b6tvrbgb2t8iwb5e5wdz+sshgmm0802 wfwgxlvxvshpejrohz5ovrgh7pkgluszp9fwkg==         </ds:signaturevalue>         <ds:keyinfo id="ki-04fd51796cb607011413612828892812">           <wsse:securitytokenreference wsu:id="str-04fd51796cb607011413612828892813">             <wsse:reference             uri="#x509-04fd51796cb607011413612828891871"             valuetype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#x509v3" />           </wsse:securitytokenreference>         </ds:keyinfo>       </ds:signature>       <wsse:usernametoken wsu:id="usernametoken-2">         <wsse:username>johndoe@examplemail.com</wsse:username>         <wsse:password         type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passwordtext">****</wsse:password>       </wsse:usernametoken>       <wsu:timestamp wsu:id="ts-1">         <wsu:created>2013-02-19t14:08:08z</wsu:created>         <wsu:expires>2013-02-19t14:08:38z</wsu:expires>       </wsu:timestamp>     </wsse:security>   </soapenv:header>   <soapenv:body wsu:id="id-5"   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">     <edt:upload>       <upload>         <content>           <inc:include href="cid:2341682853256" xmlns:inc="http://www.w3.org/2004/08/xop/include" />         </content>         <description>00123</description>         <resourcetype>cl</resourcetype>       </upload>     </edt:upload>   </soapenv:body> </soapenv:envelope>

edit: see here detailed solution consume ebs-edt service

since have both username auth , x.509 signature need create binding code:

var sec = (asymmetricsecuritybindingelement)securitybindingelement.createmutualcertificatebindingelement(messagesecurityversion.wssecurity10wstrust13wssecureconversation13wssecuritypolicy12basicsecurityprofile10);             sec.endpointsupportingtokenparameters.signed.add(new usernamesecuritytokenparameters());             sec.messagesecurityversion =                 messagesecurityversion.                     wssecurity10wstrust13wssecureconversation13wssecuritypolicy12basicsecurityprofile10;             sec.includetimestamp = false;             sec.messageprotectionorder = system.servicemodel.security.messageprotectionorder.encryptbeforesign;              b.elements.add(sec);             b.elements.add(new textmessageencodingbindingelement(messageversion.soap11, encoding.utf8));             b.elements.add(new httpstransportbindingelement());

then need sign headers. assuming use message contract (not data contract) headers explicitly tagged messageheader attribute add property "protectionmode=protectionmode.sign".


Comments

Post a Comment

Popular posts from this blog

c# - How Configure Devart dotConnect for SQLite Code First? -

-
can configure following sample code ? when run following code, error : no entity framework provider found ado.net provider invariant name 'devart.data.sqlite' setting in machine.config <system.data> <dbproviderfactories> <add name="dotconnect sqlite" invariant="devart.data.sqlite" description="devart dotconnect sqlite" type="devart.data.sqlite.sqliteproviderfactory, devart.data.sqlite, version=4.6.287.0, culture=neutral, publickeytoken=09af7300eec23701" /> </dbproviderfactories> </system.data> after add below block code in app.config <?xml version="1.0"?> <configuration>   <configsections> <!-- more information on entity framework configuration, visit http://go.microsoft.com/fwlink/?linkid=237468 --> <section name="entityframework" type="system.data.entity.internal.configfile.entityframeworksection, entit...
Read more

erlang - Saving a digraph to mnesia is hindered because of its side-effects -

-
updated the digraph library in erlang implements data type side-effectful. each operation on data type saves new state in ets table -- instead of returning altered version of itself, more common in functional languages. the problem usage perspective, impedes effort store or pass around state in convenient way requiring me first "collect" state before can start juggle around. the closest solution have seen far serializer/deserializer , these have drawback tied current structure of digraphs instead of operating on abstract type -- prevents future proof solution. update pascal pointed out serializer utilizes interface of digraph, , hence eliminates drawback mentioned above. better, albeit still inconvenient, see no better alternative. what recommendation on how store digraphs? should go different data type altogether? thanks. i not sure understand concern. fact digraph stored in ets transparent in user interface, might want chnge either exchange digr...
Read more

java - Copying object fields -

-
what best way of copying classes when need have 2 independent variables? have simple class: public class myclass { boolean = false; string b= "not empty"; } do need make method : assign(myclass data ) { a= data.a; b= data.b; } is there automatic method copy (duplicate) objects in java? do need make method : pretty close. instead of making method, should make constructor. such constructors called copy constructor , , create them this: myclass(myclass data) { = data.a; b = data.b; } and create copy of instance, use constructor this: myclass obj1 = new myclass(); myclass obj2 = new myclass(obj1); copy constructor can tedious : using copy constructor create deep-copy can tedious, when class has mutable fields. in case, assignment create copy of reference, , not object itself. have create copy of fields (if want deep copy). can go recursive. a better way create deep copy serialize , deserialize object. why not use clone()? ...
Read more