WCF: Observing Message ProtectionOrder
Impact of Protection Order
How to observe/confirm that my request is signed and encrypted from WCF traces.
Utilize the knowledge of reading WCF traces and apply the same for troubleshooting the INTEROPE scenarios.
Via Protection Order, messages are secured using SOAP message security only (security mode=”Message”).
Not available if we move to Transport Security (security mode=”TransportWithMessageCredentials”).
However possible if we design a custom binding with Dual Layer of encryption - http://blogs.msdn.com/b/saurabs/archive/2013/05/03/wcf-dual-layer-encryption-message-transport.aspx.
Ignore the MessageProtection Order, let it be default:
To understand the Protection level on a soap envelope layer, refer this blog - http://blogs.msdn.com/b/saurabs/archive/2012/05/15/wcf-interop-understanding-protection-level.aspx
1. Request is Signed (with u:Id=”_0”) and Encrypted (with u:Id=”_1”)
2. To read them from traces, back trace this ID and identify the respective sections.
1. I can’t find the Signature tag in Envelope, is my request signed .. ?
Yes, the request is signed but because of the default Protection order (SignBeforeEncryptAndEncryptSignature), the signature is Encrypted.
Let us try to play with default Protection Order so that we can
1. Observe WCF traces with proper Signing.
2. Read the Signature Token
1. Request is Signed (with u:Id=”_2”) and Encrypted (with u:Id=”_3”)
Queries:I can’t find the Signature tag in Envelope, is my request signed .. ?
I hope this information helps us to review the WCF traces and identify the type of request being generated from client. The knowledge comes pretty handy in troubleshooting the INTEROP cases.