Decrypt the packet received
When received by the message after encrypting the X.509 certificate, SOAPINPUTFILTER automatically attempts to decrypt using the private key of the user key storage room. Of course, this need to tell WSE to find additional configuration of this certificate. information. This information is specified by the security element of the application configuration file. This example is app.config on the client. For X.509 encryption, you only need to add an X509 child node, the content is the same as below.
StoreLocation = "Currentuser" VerifyTrust = "true" AllowTestroot = "false" /> In my example, I set the StoreLocation property of the X509 node to CURRENTUSER, assuming the certificate in the current user's certificate storage room, when I used the trusted certificate from the CA, I also set VerifyTrust to TRUE. These properties can also be modified with WSE setting tools. With this information, WSE can obtain a private key for the certificate in the packet, and can also decrypt the symmetry session key, decrypt the content to the end, to decrypt the text text. Select packets for decryption When the entire message body is encrypted by the default, WSE can be used to encrypt specific elements in the SOAP message; the only problem is that the elements of the security head element cannot be encrypted. You can also encrypt nested elements, In this example, I modified the X.509 version of the getXmldocument method, using a X.509-based security token to digitize encrypted, and its EncryptedResponse parent node, and the XML document returned is as follows: Responding to the message is not necessary to be encrypted Here is sensitive data. To encrypt an element, it requires a WSU: ID property so that the reference can be added to the node when XML is serialized. Namespace WSU is defined as: XMLns: WSU = "http://schemas.xmlsoap.org/ws/2002/07/UTILITY In order to complete this, I add this XML to a new XML document, then add a ID attribute to the Microsoft XML Document Object Model (DOM) supported by the .NET Framework, which also needs to join the accessory System.xml to the project reference Inside, add the following: USING SYSTEM.XML; Using system.xml.serialization; When I add multiple ID attributes to the nested element, I started to traverse its parent's eNCryptedResponseponse, as follows: String [] myid = {"ID:" guid.newguid (), "id:" guid.newguid ()}; // Create an XML document for returning XML XmlDocument mydoc = new xmldocument (); MyDoc.loadxml (" "EncryptedResponse>" "Here is sensitive data." ""); // Get an EncryptedSubResponse node XMLNode = mydoc.firstchild.lastchild.FirstChild; / / Traverse the elements, add two ID attributes / / To ensure that most elements of the internal elements can be prioritized / / Otherwise we will get an exception For (INT i = 0; i { // Create a new id attribute String WSU = "http://schemas.xmlsoap.org/ws/2002/07/utility"; Xmlnode myattr = mydoc.createnode (XMLNodetype.attribute, "WSU", "ID", WSU); Myattr.Value = myID [i]; // Add attribute to the document Root.attributes.setnamedItem (Myattr); Root = root.parentnode; // Move to the parent node } Suppose I have already used the logic of my previous logic from the X.509 certificate, I added these references to the EncryptedData element, as follows: // loop to traverse the ID value, add it to the new encryptedData element For (INT i = 0; i { // Create a new head, "#" is the prefix used to ensure that the relevant URI can be referenced to the head. EncryptedData myencheader = new encrypteddata (MyToken, "#" myID [i]); // Add a new head to the collection MyContext.security.eencheads; } // Return to encrypted data Return mydoc;
