How to send Timestamp along with SOAP message from an Android APP to a WCF Web Service?
Question
We are developing an android application that communicates with a WCF Web service running on an embedded device. What I want to do is send message to and fro to the Web service from the android app securely.
As a part of the security considerations,we are required to sign the message that goes as a part of the SOAP request to the device and also the timestamp ie the time in which the message was signed and send that as a part of the request to the device so that the device knows when the message was signed and whether to act on that message or not.
Since we will be accessing the Web service from the android app(remote), we may also need to encrypt the payload with a key that is known to both the parties.
My question here is how to hash the timestamp and send it securely along with the signed message in the payload and how to get the timestamp value back in the WCF web service?
Any kind if help or resources is appreciated
1 answers
solution1
1 2016-11-23 08:37:19
The WS-Security specification provides a <wsu:Timestamp> element to include the creation and expiration times of the message.
<S11:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu="...">
<S11:Header>
<wsse:Security>
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Created>2001-09-13T08:42:00Z</wsu:Created>
<wsu:Expires>2001-10-13T09:00:00Z</wsu:Expires>
</wsu:Timestamp>
...
</wsse:Security>
...
</S11:Header>
You can add a timestamp to the SOAP message before sending. The server can read it from SOAP-header
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.