Skip to main content

WSIT message sign/encryption settings not honored

3 replies [Last post]
Anonymous

I have the WSIT client configurations as below, however, messages are not
encrypted when the operation is called. Any idea as to what I could be doing
wrong?

and

Thanks!

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

I can see the policies but can you show the policy references ?. I
think u are missing them ?. I can see a policy ID
"customBind_IService1_GetData_Input_policy" but its not clear where
the policy reference for it is. The other one sp:SymmetricBiding
should again be inside a wsp:Policy element with a wsu:Id that is
referenced from the wsdl binding section.

On Apr 22, 2012, at 5:12 AM, markus.minimus wrote:

> I have the WSIT client configurations as below, however, messages
> are not
> encrypted when the operation is called. Any idea as to what I could
> be doing
> wrong?
>
>
>
> and
>
>
> Thanks!
>
>

markus.minimus

Sorry for the confusion, I removed the wrapping elements for brevity. The
wsdl is a big large, but the input/output policies are similar. The wsdl
does have the Policy references as below:

<wsp:Policy wsu:Id="customBind_IService1_policy">
  <wsp:ExactlyOne>
     <wsp:All>
         <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
     </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy wsu:Id="customBind_IService1_policy">
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

Where is this policy id referenced in the WSDL. Look under the WSDL
Binding elements. The only reason for signature/encryption not
happening can be that metro runtime could not detect any policy
settings for the particular operation(s) that you are invoking.

On Apr 30, 2012, at 5:04 AM, markus.minimus wrote:

>

Also curious why the wsu:Id is appearing on the close tag.