Encrypting a SOAP Message
Web Services Enhancements for Microsoft .NET (WSE) enables .NET Framework clients and Web services created using ASP.NET to encrypt and decrypt SOAP messages used to communicate with Web services. Encrypting and decrypting SOAP messages can be key to securing a Web application, because SOAP messages are by default plain text and thus can be read by any recipient. An encrypted SOAP message is cryptographically encoded, so that only the owner of a private key or a symmetric key can read the contents of the message.
WSE supports both asymmetric and symmetric encryption. Asymmetric encryption allows a Web service client to encrypt the message using the public key of an X.509 certificate, such that only the owner of the private key of the X.509 certificate can decrypt the SOAP message. Symmetric encryption requires that a Web service and client share a secret key outside the SOAP message communication. Then, a client encrypts SOAP messages using that shared key and a Web service decrypts the SOAP messages using the same secret key.
WSE encrypts the entire contents of the SOAP <Body> by default, and it decrypts received SOAP messages that contain only partially encrypted SOAP <Body> elements.
Supported Security Tokens
The following table lists the security tokens that can be used to encrypt SOAP messages and the step-by-step procedures for doing so.
| Security Token | Step-by-step procedure |
|---|---|
X.509 Certificate |
How to: Encrypt a SOAP Message Using an X.509 Certificate How to: Decrypt a SOAP Message Encrypted with an X.509 Certificate |
User name and password (UsernameToken) |
How to: Encrypt a SOAP Message by Using a User Name and Password How to: Decrypt a SOAP Message Encrypted Using a User Name and Password |
Kerberos ticket |
How to: Encrypt a SOAP Message By Using a Kerberos Ticket How to: Decrypt a SOAP Message Encrypted Using a Kerberos Ticket |
Security context token |
|
Custom security token |
N/A |
See Also
Tasks
How to: Encrypt a SOAP Message
How to: Determine Which Parts of a SOAP Message Were Signed or Encrypted