Why WCF SoapFault responses are encrypted in some situations?

Question

I am creating a WCF webservice whose requests/responses are supposed to be signed only. For this, on ServiceContract attribute I have set

ProtectionLevel = ProtectionLevel.Sign

That works ok.

Due to requirements some SoapFaults are supposed to be thrown from service; two types of SoapFaults:

related to application
related to WS-Addressing (e.g. MessageID is missing)

For this I am using the normal of approach of dealing with SoafFaults: create an IErrorHandler in which a Message instance is created with MessageFault.CreateFault.

Almost all the returned SoapFaults are not encrypted (which is ok for me), my question is why the ones with action="http://www.w3.org/2005/08/addressing/fault" or "http://www.w3.org/2005/08/addressing/soap/fault" are encrypted?

how do you know it is encrypted? can you provide a sample response? — esskar, Dec 12 '12 at 14:01
I know is encrypted because I view it with SvcTraceViewer (on client side). — csg, Dec 16 '12 at 12:38
@csg have you found out why? I am having the exact same problem. — Martijn B, Mar 08 '16 at 11:31

score 0 · Answer 1 · answered Jan 29 '13 at 14:37

Check out http://msdn.microsoft.com/en-us/library/aa347791.aspx and http://msdn.microsoft.com/en-us/library/system.servicemodel.faultcontractattribute.aspx. It states that

If you select a binding that enables security and you do not set the ProtectionLevel property anywhere on the contract, all application data will be encrypted and signed.

I guess that the build in types by default use this behaviour. You can verify this by looking at which exception is actually thrown.

The protection level is set at the contract level with: [ServiceContract(ProtectionLevel = ProtectionLevel.Sign)] — csg, Jan 30 '13 at 23:56

Why WCF SoapFault responses are encrypted in some situations?

1 Answers1