R – Specify parts of the header that have to be signed and/or encrypted in WCF with binding that support standards


Using Ws2007HttpBinding and securing the service, the WSDL file generated shows in the policy section that all the ws-addressing headers and the body will be signed, and that the body will be encrypted.

  <sp:Body /> 
  <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" /> 
  <sp:Body /> 

We would like to specify which headers have to be signed and/or encrypted, like it is possible in Apache rampart. For custom header or body elements, it is possible using annotations in the code, but for these elements that are added by the binding itself, is is possible?

Best Solution

Nevermind, after a few days I found an answer over here: http://blogs.msdn.com/drnick/archive/2007/01/19/securing-custom-headers-version-2.aspx

Related Question