N
news.microsoft.com
Hi everyone,
For integrating with a 3rd party infrastructure, I am seeking a way to
configure WCF so that
1. SOAP 1.2 WebService calls are accepted (via HTTP)
2. The Credentials are placed into the message (message based security). The
username/password pair is encrypted using a certificate (the client has the
public key of it, my service owns the private one)
3. ONLY the credentials are to be encrypted; the payload itself must not be
encrypted.
I now of the security implications (replay attacs) of this, but I must
remodel an existing communication.
Any hints?
Thanks, regards
Joerg Fischer
For integrating with a 3rd party infrastructure, I am seeking a way to
configure WCF so that
1. SOAP 1.2 WebService calls are accepted (via HTTP)
2. The Credentials are placed into the message (message based security). The
username/password pair is encrypted using a certificate (the client has the
public key of it, my service owns the private one)
3. ONLY the credentials are to be encrypted; the payload itself must not be
encrypted.
I now of the security implications (replay attacs) of this, but I must
remodel an existing communication.
Any hints?
Thanks, regards
Joerg Fischer