I have created a WCF client to consume a Java web service. The soap 1.1 request and response are signed and encrypted using X509 Certs. I am currently receiving the following exception when attempting to read the response data.
Unable to resolve the '#id-1234' URI in the signature to compute the digest.
The client functions correctly for the responses where the body itself is signed. For this specific response, the body itself is not signed. A part within the body is signed. For example:
<Body>
<myResponseModel>
<result>
<item wsu:Id="id-1234" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
</result>
</myResponseModel>
</Body>
I found this SO response previously that says WCF does not support signing pieces of the body. Rather, you must sign the body as a whole. WCF- Sign a specific field inside the body of a soap message
My questions are:
- Does this fact still hold? If so, what is the reasoning behind this?
- Is there any workaround for my case? I do not need to sign a part of the body from the client (yet). Instead, I only need to be able to handle the response where a part of the body is signed.
I do not know the reasoning behind signing only part of the response for the Java service. I may be able to suggest changing the approach if I can provide a reasonable explanation for why the current approach is not supported in WCF. I do not have any direct control over the service code.
My client code is a bit extensive (and private), using a custom binding, custom message encoder, and custom credentials, but I can likely provide some pseudo code to help illustrate my setup if it will help.
Thank you in advance for your help.