Sign SOAP call with X509Certificate in .Net Core

Question

Help sign the SOAP call.

Connected Service (wsdl) was added to the project.
There is a pfx certificate available.

In the old implementation of the .Net Framework, this worked as (Microsoft.Web.Services3):

var svc = new QueryNumberPortingService.QueryNumberPortingService
{
    Url = "someServiceUrl"
};
var cert = new X509Certificate2("certFilePath", "certPassword", X509KeyStorageFlags.MachineKeySet);
svc.wsMessageHeader = new WsMessageHeaderType { ... };
var signatureToken = new X509SecurityToken(cert);
SoapContext requestContext = svc.RequestSoapContext;
requestContext.Security.Elements.Add(new MessageSignature(signatureToken));
return svc;

Output received:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
    xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soap:Header>
        // Custom headers
        // ...

        <wsa:Action wsu:Id="Id-b6bb139a-38eb-4b01-8adc-dd8f7212dd65">...</wsa:Action>
        <wsa:MessageID wsu:Id="Id-4601e0cd-aae2-4405-a7ec-8a6002563478">urn:uuid:6eaf15d8-9769-454f-9fc3-9757a7a8c924</wsa:MessageID>
        <wsa:ReplyTo wsu:Id="Id-c6a68fcf-2b3d-4f02-afcf-e88fa760e7b8">
            <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
        </wsa:ReplyTo>
        <wsa:To wsu:Id="Id-1b0b6cf7-a96c-4a09-a57e-c96122fadb0c">https://...</wsa:To>
        <wsse:Security soap:mustUnderstand="1">
            <wsu:Timestamp wsu:Id="Timestamp-3b39f6d5-b8e5-4836-a9f6-94d3cc920f69">
                <wsu:Created>2020-01-06T23:54:59Z</wsu:Created>
                <wsu:Expires>2020-01-06T23:59:59Z</wsu:Expires>
            </wsu:Timestamp>
            <Signature
                xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
                        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                        <Reference URI="#Id-b6bb139a-38eb-4b01-8adc-dd8f7212dd65">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>0tpWVRC...294ks=</DigestValue>
                        </Reference>
                        <Reference URI="#Id-4601e0cd-aae2-4405-a7ec-8a6002563478">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>Isp...obbU=</DigestValue>
                        </Reference>
                        <Reference URI="#Id-c6a68fcf-2b3d-4f02-afcf-e88fa760e7b8">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>Jfi...VTQ=</DigestValue>
                        </Reference>
                        <Reference URI="#Id-1b0b6cf7-a96c-4a09-a57e-c96122fadb0c">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>/Q...Wc=</DigestValue>
                        </Reference>
                        <Reference URI="#Timestamp-3b39f6d5-b8e5-4836-a9f6-94d3cc920f69">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>KnJ...+U=</DigestValue>
                        </Reference>
                        <Reference URI="#Id-b32bc628-4704-4db1-949c-1e5ff2cb7dd0">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                            <DigestValue>Lj...I=</DigestValue>
                        </Reference>
                    </SignedInfo>
                    <SignatureValue>DG...Q==</SignatureValue>
                    <KeyInfo>
                        <wsse:SecurityTokenReference>
                            <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">KT...w=</wsse:KeyIdentifier>
                        </wsse:SecurityTokenReference>
                    </KeyInfo>
                </Signature>
            </wsse:Security>
        </soap:Header>
        <soap:Body wsu:Id="Id-b32bc628-4704-4db1-949c-1e5ff2cb7dd0">
            // Some payloads
        </soap:Body>
    </soap:Envelope>

I cannot use this method at this time. The code below generates the corresponding xml.

var binding = new BasicHttpsBinding(BasicHttpsSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

var svc = new QueryNumberPortingPortTypeClient(
   binding,
   new EndpointAddress(_queryNumberPortingServiceUrl)
);
svc.ClientCredentials.ClientCertificate.Certificate = GetCertificate();

return svc;

<?xml version="1.0" encoding="utf-16"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <s:Header>
    <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">*</Action>
    <h:wsMessageHeader xmlns="*" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:h="*">
      // custom header
    </h:wsMessageHeader>
  </s:Header>
  <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    some payloads
  </s:Body>
</s:Envelope>

Please help. There is no mention of Security.

I'm having the same problem. Let me know if you figure it out! — Ulf Kristiansen, Mar 13 '20 at 17:14
I have the same problem. You can include the security info changing SecirityMode to TransportWithMessageCredential. Now I am including security in header but body is not getting sign. — Andro Font, May 15 '21 at 19:59

Sign SOAP call with X509Certificate in .Net Core

0 Answers0