Over a million developers have joined DZone.

WCF.js Message Level Signature? Check.

DZone's Guide to

WCF.js Message Level Signature? Check.

· Web Dev Zone ·
Free Resource

Learn how to add document editing and viewing to your web app on .Net (C#), Node.JS, Java, PHP, Ruby, etc.

This is a very exciting moment for Wcf.js. It now supports one of the WS-Security most common scenarios - x.509 digital signatures. This is the first WS-Security implementation ever in javascript to support this. This implementation relies on xml-crypto on which I told you last time.

Look at any of the following Wcf bindings:

  <binding name="NewBinding1">
      <message clientCredentialType="Certificate" />
  <binding name="NewBinding0">
    <textMessageEncoding />
    <security authenticationMode="MutualCertificate"
      <secureConversationBootstrap />
    <httpTransport />

Assume only signatures are used (no encryption):


Then a soap request would look like this:

<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/" ... >
      <u:Timestamp xmlns:wsu="..." wsu:Id="_1">
      <o:BinarySecurityToken ValueType="..." EncodingType="..." u:Id="sec_0">
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
          <CanonicalizationMethod Algorithm="...xml-exc-c14n#" />
          <SignatureMethod Algorithm="...rsa-sha1" />
          <Reference URI="#_0">
              <Transform Algorithm=".../xml-exc-c14n#" />
            <DigestMethod Algorithm="...xmldsig#sha1" />
          <Reference URI="#_1">
              <Transform Algorithm=".../xml-exc-c14n#" />
            <DigestMethod Algorithm="...xmldsig#sha1" />
            <o:Reference URI="#sec_0" ValueType="..." />
  <Body xmlns:wsu="..." wsu:Id="_0">
    <GetData xmlns="http://tempuri.org/">

You can now interoperate with such services from javascript using Wcf.js with this code:

var wcf = require('wcf.js')
  , fs = require("fs")
  , TextMessageEncodingBindingElement = wcf.TextMessageEncodingBindingElement
  , HttpTransportBindingElement = wcf.HttpTransportBindingElement
  , SecurityBindingElement = wcf.SecurityBindingElement
  , CustomBinding = wcf.CustomBinding
  , Proxy = wcf.Proxy

var binding = new CustomBinding(
    [ new SecurityBindingElement({AuthenticationMode: "MutualCertificate"})
    , new TextMessageEncodingBindingElement(
                                 {MessageVersion: "Soap11WSAddressing10"})
    , new HttpTransportBindingElement()

var proxy = new Proxy(binding, "http://localhost:7171/Service")

proxy.ClientCredentials.ClientCertificate.Certificate =

var message = "<Envelope xmlns='http://schemas.xmlsoap.org/soap/envelope/'>" +
                    "<Header />" +
                      "<Body>" +
                        "<GetData xmlns='http://tempuri.org/'>" +
                          "<value>123</value>" +
                        "</GetData>" +
                      "</Body>" +

proxy.send(message, "http://tempuri.org/IService/GetData",
  function(message, ctx) {

Note that a pem formatted certificate needs to be used. Wcf likes pfx formats more, so check out the instructions here on how to do the conversion.

You should also be aware that Wcf.js by default does no validate incoming signatures from the server. If you wish to validate them check out the sample here.

Extend your web service functionality with docx, xlsx and pptx editing. Check out ONLYOFFICE document editors for integration.


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}