Web Service Custom Binding - sign SOAP header and message, but don't encrypt

I am trying to figure out how to call a Java Web Service (blackbox) from .NET which expects each request to be signed with a certificate (which is no problem).

I don't get it. Whatever I try, it fails. After spending hours with researching and testing I think the right way should be to use a customBinding instead of a basicHttpBinding. What I want to achieve is to sign th开发者_运维技巧e header as well as the message body.

By using authentication mode CertificateOverTransport only the SOAP header is signed, not the body. By using authentication mode MutualCertificate everything is signed and encrypted.

Do I have any chance to disable the encryption of the whole message?

I got it.

Binding:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.serviceModel>
        <bindings>
          <customBinding>
            <binding name="FFB">
              <context protectionLevel="Sign" />
              <textMessageEncoding messageVersion="Soap11" />
              <security authenticationMode="MutualCertificateDuplex" includeTimestamp="true" />
              <httpsTransport />
            </binding>
          </customBinding>
        </bindings>
    </system.serviceModel>
</configuration>

And additionally:

service.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;