Discuss this help topic in SecureBlackbox Forum
SOAP: Sign SOAP message before sending with SOAP client
To sign a SOAP message before sending it you need to modify the generated or loaded SOAP message. The SOAP message (TElXMLSOAPMessage instance) could be accessed using TElXMLSOAPClient.SOAPMessage property. This message can be signed as described in the corresponding how-to articles.
The sample below adds a WS-Security header to the message:
C#:
SOAPClient.GenerateMessage();
SignWSS(SOAPClient.SOAPMessage, Certificate);
SOAPClient.SendMessage();
// process reply ...
void SignWSS(TElXMLSOAPMessage SOAPMessage, TElX509Certificate Certificate)
{
TElXMLWSSSignatureHandler Handler = new TElXMLWSSSignatureHandler(null);
int HandlerIndex = SOAPMessage.AddSignature(Handler, true);
try
{
Handler.AddReference(SOAPMessage.Envelope.Body, true);
Handler.Sign(Certificate, wecInBinarySecurityToken);
}
catch(Exception)
{
SOAPMessage.RemoveSignature(HandlerIndex);
throw;
}
}
Delphi:
SOAPClient.GenerateMessage();
SignWSS(SOAPClient.SOAPMessage, Certificate);
SOAPClient.SendMessage();
// process reply ...
procedure SignWSS(SOAPMessage : TElXMLSOAPMessage; Certificate : TElX509Certificate);
var
Handler : TElXMLWSSSignatureHandler;
HandlerIndex : Integer;
begin
Handler := TElXMLWSSSignatureHandler.Create(nil);
HandlerIndex := SOAPMessage.AddSignature(Handler, true);
try
Handler.AddReference(SOAPMessage.Envelope.Body, true);
Handler.Sign(Certificate, wecInBinarySecurityToken);
except
SOAPMessage.RemoveSignature(HandlerIndex);
raise;
end;
end;