Sign a part of SOAP message with a WCF client

See more:

WCF

SOAP

message

Dear all

I have to create a SOAP request like this:

<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
	<soap11:Header>
		<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
			<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<SignedInfo>
					<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
					<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
					<Reference URI="#Id-1979cedd-0d7d-47d1-b80a-c7cad3a542e4">
						<Transforms>
							<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
						</Transforms>
						<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
						<DigestValue> … base64-kodierter Hashcode … </DigestValue>
					</Reference>
				</SignedInfo>
				<SignatureValue> … base64-kodierter Signaturwert … </SignatureValue>
				<KeyInfo>
					<X509Data>
						<X509Certificate> … base64-kodiertes Nutzer-Zertifikat … </X509Certificate>
					</X509Data>
				</KeyInfo>
			</ds:Signature>
		</wsse:Security>
	</soap11:Header>
	<soap11:Body>
		<wst:RequestSecurityTokenResponse xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Context="1aae57c8-092c-47a4-a5eb-c2ecbc21441d">
			<wst:SignChallengeResponse xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1979cedd-0d7d-47d1-b80a-c7cad3a542e4">
				<wst:Challenge>1002450673</wst:Challenge>
			</wst:SignChallengeResponse>
		</wst:RequestSecurityTokenResponse>
	</soap11:Body>
</soap11:Envelope>

I could create a request like this:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
          <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
          <Reference URI="#_1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <DigestValue> base64 coded digest </DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue> base64 coded signature </SignatureValue>
        <KeyInfo>
          <X509Data>
            <X509Certificate> base64 coded certifikat </X509Certificate>
          </X509Data>
        </KeyInfo>
      </Signature>
    </o:Security>
  </s:Header>
  <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <RequestSecurityTokenResponse Context="b28bef60-66dd-48bf-a8a2-8bce19ebd2c0" xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
      <SignChallengeResponse>
        <Challenge>9380658743</Challenge>
      </SignChallengeResponse>
    </RequestSecurityTokenResponse>
  </s:Body>
</s:Envelope>

I am able to create a signed message on body level but I have to sign the message at the level <signchallengeresponse>.

Have anybody an idea how I can do that with WCF.

What I have tried:

- I use CustomBinding with AsymmetricSecurityBinding
- I try to change the Behavior