Protecting Custom Headers

When an operation uses SOAP headers, VuGen does not automatically sign or encrypt them. To incorporate a protection scheme such as a signature or encryption, you must manually add the following information to the scenario's configuration file (.stss) in the behavior element:

  • soapAction of the relevant operation

  • The header XML name and namespace

  • The protection level

The following example shows an outgoing message with the soapAction, http://mySoapAction. The XML element header1 from namespace http://myServiceNamespace is encrypted and signed. The header2 element from the same namespace is only signed.

<protocols ...>
              ...
              <behaviors>
                    <contractBehaviors>
                        <behavior>
                            <channelProtectionBehavior>
                                <protectionRequirements action="http://mySoapAction">
                                    <incomingEncryptionParts>
                                        <header localName="header1" namespace="http://myServiceNamespace" />                                   
                                    </incomingEncryptionParts>                                                             
                                    <incomingSignatureParts>
                                        <header localName="header1" namespace=" http://myServiceNamespace " />                                   
                                        <header localName="header2" namespace=" http://myServiceNamespace " />                                   
                                    </incomingSignatureParts>                                                             
                                </protectionRequirements>                                
                           </channelProtectionBehavior>
                        </behavior>
                    </contractBehaviors>
              </behaviors>
            </protocols>