Saturday, May 26, 2012

Wcf.js message level signature? Check.


This is a very exciting moment for Wcf.js. It now supports one of the WS-Security most common scenarios - x.509 digital signatures. This is the first WS-Security implementation ever in javascript to support this. This implementation relies on xml-crypto on which I told you last time.

Look at any of the following Wcf bindings:

Assume only signatures are used (no encryption):

Then a soap request would look like this:

You can now interoperate with such services from javascript using Wcf.js with this code:

Note that a pem formatted certificate needs to be used. Wcf likes pfx formats more, so check out the instructions here on how to do the conversion.

You should also be aware that Wcf.js by default does no validate incoming signatures from the server. If you wish to validate them check out the sample here.


What's next? get this blog rss updates or register for mail updates!