Michiel van Otegem, IT Composer
 RSS 2.0
# Friday, April 02, 2010
WSDL and WCF: WCF requires <sp:OnlySignEntireHeadersAndBody>

If you've ever tried svcutil.exe to import WSDL which has doesn't have <sp:OnlySignEntireHeadersAndBody> specified in the security policy, you'll know that this doens't fly. SvcUtil will tell you the the security policy is not supported. So why is this? I assume this has something to do with the a statement in paragraph 6.6 in the WS-SecurityPolicy specification, which states:

Setting the value of this property to 'true' mitigates against some possible re-writing attacks.

So apparently Microsoft decided that setting it to false is not a good idea, and decided not to support setting it to false (omitting the element).

 

Friday, April 02, 2010 3:01:07 PM (W. Europe Daylight Time, UTC+02:00)  #    Comments [0] -
Development | English | Services | WCF
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (Some html is allowed: a@href@title, strike) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

Enter the code shown (prevents robots):
Live Comment Preview
Sign In

Tags
.NET (31) AppFabric (1) ASP.NET (69) Cloud (1) Development (51) English (93) Evenementen (11) Events (17) HTML5 (2) iOS (2) LINQ (4) Nederlands (71) Politiek (1) Review (10) Security (3) Services (5) SharePoint (4) Silverlight (3) SQL Server (7) Virtualization (1) Visual Studio (6) WCF (14) Windows (5) Windows Azure (4) Windows Forms (1) Windows Identity Foundation (8) Windows Mobile (2) Windows Workflow Foundation (1) WinFX (4) XML (5)
Archive
<February 2012>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
26272829123
45678910
About
This is the blog of Michiel van Otegem, a Senior Software Architect with Sogeti Netherlands, and author of several books and numerous articles on (ASP).NET, XML, and related technologies.
Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2012
Michiel van Otegem
All Content © 2012, Michiel van Otegem
DasBlog theme 'Business' created by Christoph De Baene (delarou)