MessageSecurityException: The security header element 'Timestamp' with the '' id must be signed

Posted by NiklasN on Stack Overflow See other posts from Stack Overflow or by NiklasN
Published on 2010-06-18T09:40:43Z Indexed on 2010/06/18 9:43 UTC
Read the original article Hit count: 463

Filed under:
|
|

I'm asking the same question here that I've already asked on msdn forums http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/70f40a4c-8399-4629-9bfc-146524334daf

I'm consuming a (most likely Java based) Web Service with I have absolutely no access to modify. It won't be modified even though I would ask them (it's a nation wide system).

I've written the client with WCF. Here's some code:

CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement element = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
element.AllowSerializedSigningTokenOnReply = true;
element.SetKeyDerivation(false);
element.IncludeTimestamp = true;
element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
element.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
element.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier();
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
element.IncludeTimestamp = false;

binding.Elements.Add(element);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());

EndpointAddress address = new EndpointAddress(new Uri("url"));

ChannelFactory<MyPortTypeChannel> factory = new ChannelFactory<MyPortTypeChannel>(binding, address);

ClientCredentials credentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();

credentials.ClientCertificate.Certificate = myClientCert;
credentials.ServiceCertificate.DefaultCertificate = myServiceCert;
credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

service = factory.CreateChannel();

After this every request done to the service fails in client side (I can confirm my request is accepted by the service and a sane response is being returned)

I always get the following exception

MessageSecurityException: The security header element 'Timestamp' with the '' id must be signed.

By looking at trace I can see that in the response there really is a timestamp element, but in the security section there is only a signature for body.

Can I somehow make WCF to ingore the fact Timestamp isn't signed?

© Stack Overflow or respective owner

Related posts about c#

Related posts about wcf