soap - WCF client with signing and encryption + HTTPS with four certificates -


i have make wcf client 1 external soap web-service written in java. web-service uses ws-security signing , encryption (so, suppose have use wcf message level security). transport mechanism between client , web-service https 2-way handshaking.

the problem have use 4 different certificates - let call them certa, certb, certc , certd.

  • certa , certc must used signing soap message.
  • certb , certd must used soap message encryption , https handshaking.

basically, client supposed sign message using it's private key , encrypt message using server's public key. server opposite.

precisely, here's wcf client have in order send message server , receive response back:

  1. client sign soap request certificate certa (using certa's private key)

  2. client encrypt soap request certificate certd (using certd's public key)

  3. client send signed , encrypted soap message on https server (certificate certb required server during https 2-way handshaking authentication purpose)

on server side:

  1. server receives message, authenticate , authorize client
  2. server decrypt message certd's private key
  3. server verify message signature certa's public key. server process decrypted , verified message.
  4. server create response message , sign certificate certc (using certc's private key)
  5. server encrypts response message certificate certb (using certb's public key)
  6. server send response client on https transport.

when client receive server response:

  1. client decrypt response certb's private key
  2. client verify message signature certc's public key
  3. client process response.

the question how configure such wcf client? binding use enable soap signing & encryption on message layer + https 2-way handshake on transport layer , how "tell" wcf what's purpose of each of 4 certificates?

(yes, saw article: https://msdn.microsoft.com/en-us/library/ms729856(v=vs.110).aspx i'm afraid article doesn't provide solution case because use weird duplex binding require client open listening port , that's not option me since have use regular https connection).


Comments

Popular posts from this blog

account - Script error login visual studio DefaultLogin_PCore.js -

xcode - CocoaPod Storyboard error: -