Hi everyone!
I'm working on a .NET app that calls a Java Web service.
.NET is generating the <BinarySecurityToken> of the SOAP request:
But it's not generating a <Reference> tag that is needed by the server and that should look a little something like this:
Note the URI attribute must have the same ID of the BinarySecurityToken object. Below is the code that's generating the SOAP request that's missing this tag.
I don't know if it needs another instruction or something, I hope you guys can help me.
I'm working on a .NET app that calls a Java Web service.
.NET is generating the <BinarySecurityToken> of the SOAP request:
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="CertId-82F59FC97F9B80906B13522947735311">MIIDNjCC6l...[yada, yada]</wsse:BinarySecurityToken>
But it's not generating a <Reference> tag that is needed by the server and that should look a little something like this:
<Reference URI="#CertId-82F59FC97F9B80906B13522947735311">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>wTMyZchQSJUSgFxgc0FehIrnK08=</ds:DigestValue>
</Reference>
Note the URI attribute must have the same ID of the BinarySecurityToken object. Below is the code that's generating the SOAP request that's missing this tag.
WSReference.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60
Dim signatureToken As X509SecurityToken = New X509SecurityToken(cert)
requestContext.Security.Tokens.Add(signatureToken)
Dim sig As New MessageSignature(signatureToken)
requestContext.Security.Elements.Add(sig)
I don't know if it needs another instruction or something, I hope you guys can help me.