Michiel van Otegem, IT Composer
 RSS 2.0
# Friday, April 02, 2010
WSDL and WCF: WCF requires <sp:OnlySignEntireHeadersAndBody>

If you've ever tried svcutil.exe to import WSDL which has doesn't have <sp:OnlySignEntireHeadersAndBody> specified in the security policy, you'll know that this doens't fly. SvcUtil will tell you the the security policy is not supported. So why is this? I assume this has something to do with the a statement in paragraph 6.6 in the WS-SecurityPolicy specification, which states:

Setting the value of this property to 'true' mitigates against some possible re-writing attacks.

So apparently Microsoft decided that setting it to false is not a good idea, and decided not to support setting it to false (omitting the element).

 

Friday, April 02, 2010 3:01:07 PM (W. Europe Daylight Time, UTC+02:00)  #    Comments [0] -
Development | English | Services | WCF
Sign In

Tags
.NET (32) AppFabric (1) ASP.NET (70) Cloud (2) Development (51) English (94) Evenementen (11) Events (17) HTML5 (2) iOS (2) LINQ (4) Nederlands (71) Politiek (1) Review (10) Security (4) Services (5) SharePoint (4) Silverlight (3) SQL Server (7) Virtualization (1) Visual Studio (6) WCF (14) Windows (5) Windows Azure (4) Windows Forms (1) Windows Identity Foundation (9) Windows Mobile (2) Windows Workflow Foundation (1) WinFX (4) XML (5)
Archive
<April 2010>
SunMonTueWedThuFriSat
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678
About
This is the blog of Michiel van Otegem, a Senior Software Architect with Sogeti Netherlands, and author of several books and numerous articles on (ASP).NET, XML, and related technologies.
Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2012
Michiel van Otegem
All Content © 2012, Michiel van Otegem
DasBlog theme 'Business' created by Christoph De Baene (delarou)