How to: Digitally Sign a SOAP Message
WSE allows you to digitally sign SOAP messages by writing code in the SecureMessage method of an output custom filter for a custom policy assertion. For more details about creating custom policy assertions, see How to: Create a Custom Policy Assertion that Secures SOAP Messages.
The procedures in this topic describe how to sign the SOAP message but do not describe how to obtain a specific security token or how to send the SOAP message. For step-by-step procedures for the specific type of security token you are using, see Discrete Security Operations Supported By the Built-in Security Tokens.
To sign a SOAP message
Create a custom policy assertion.
For more details about creating custom policy assertions, see How to: Create a Custom Policy Assertion that Secures SOAP Messages.
In the output SOAP filter for the client or the Web service that signs SOAP messages, override the SecureMessage method.
The following code example overrides the SecureMessage method for the client output SOAP filter.
Public Overrides Sub SecureMessage(ByVal envelope As SoapEnvelope, ByVal security As Security)
public override void SecureMessage(SoapEnvelope envelope, Security security) {
Obtain the security token with which you want to sign the SOAP message with.
The following code example creates a new instance of a KerberosToken security token.
Dim kerbToken As New KerberosToken("host/" & hostname & _ "@" & domainName)
KerberosToken kerbToken = new KerberosToken("host/" + hostname + "@" + domainName);
Add the security token to the WS-Security SOAP header.
' Add the security token. security.Tokens.Add(kerbToken)
// Add the security token. security.Tokens.Add(kerbToken);
Create a new instance of the MessageSignature class using the security token that was just added to the WS-Security SOAP header.
' Specify the security token to sign the message with. Dim sig As New MessageSignature(kerbToken)
// Specify the security token to sign the message with. MessageSignature sig = new MessageSignature(kerbToken);
Add the digital signature to the WS-Security SOAP header.
The following code example adds the digital signature to WS-Security SOAP header for a SOAP request.
' Add the digital signature to the SOAP message. security.Elements.Add(sig)
// Add the digital signature to the SOAP message. security.Elements.Add(sig);
Example
The following code example creates a new KerberosToken security token, and then signs a SOAP request by using the token.
Public Overrides Sub SecureMessage(ByVal envelope As SoapEnvelope, ByVal security As Security)
Dim kerbToken As New KerberosToken("host/" & hostname & _
"@" & domainName)
' Add the security token.
security.Tokens.Add(kerbToken)
' Specify the security token to sign the message with.
Dim sig As New MessageSignature(kerbToken)
' Add the digital signature to the SOAP message.
security.Elements.Add(sig)
End Sub 'SecureMessage
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
KerberosToken kerbToken = new KerberosToken("host/" + hostname + "@" + domainName);
// Add the security token.
security.Tokens.Add(kerbToken);
// Specify the security token to sign the message with.
MessageSignature sig = new MessageSignature(kerbToken);
// Add the digital signature to the SOAP message.
security.Elements.Add(sig);
}