WCF Security Interop Scenarios

Recently I had to consume a web service that uses WS-Security. The web service is written in Java and I was using a .NET client (WCF). The service configuration uses not only username/password token but also X509 certificates on both the client and the server. Messages are signed and encrypted using asymmetric mechanisms.

None of the existing WCF bindings with message security (WsHttpBinding and Ws2007HttpBinding) supports this scenario by default, mostly because they use hybrid mechanisms, with symmetric “session” keys.

I had to dig on custom bindings, binding elements, initiator and recipient tokens, message protection order and so on. Confused? So was I. This rather old MSDN post helped me a lot! I’ll try to detail the scenario and the solution on another post.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s