soap - WCF client with signing and encryption + HTTPS with four certificates -
i have make wcf client 1 external soap web-service written in java. web-service uses ws-security signing , encryption (so, suppose have use wcf message level security). transport mechanism between client , web-service https 2-way handshaking.
the problem have use 4 different certificates - let call them certa, certb, certc , certd.
- certa , certc must used signing soap message.
- certb , certd must used soap message encryption , https handshaking.
basically, client supposed sign message using it's private key , encrypt message using server's public key. server opposite.
precisely, here's wcf client have in order send message server , receive response back:
client sign soap request certificate certa (using certa's private key)
client encrypt soap request certificate certd (using certd's public key)
client send signed , encrypted soap message on https server (certificate certb required server during https 2-way handshaking authentication purpose)
on server side:
- server receives message, authenticate , authorize client
- server decrypt message certd's private key
- server verify message signature certa's public key. server process decrypted , verified message.
- server create response message , sign certificate certc (using certc's private key)
- server encrypts response message certificate certb (using certb's public key)
- server send response client on https transport.
when client receive server response:
- client decrypt response certb's private key
- client verify message signature certc's public key
- client process response.
the question how configure such wcf client? binding use enable soap signing & encryption on message layer + https 2-way handshake on transport layer , how "tell" wcf what's purpose of each of 4 certificates?
(yes, saw article: https://msdn.microsoft.com/en-us/library/ms729856(v=vs.110).aspx i'm afraid article doesn't provide solution case because use weird duplex binding require client open listening port , that's not option me since have use regular https connection).
Comments
Post a Comment