Mik*_*all 4 .net c# wcf ws-security soap
我正在尝试使用用户名令牌(用户名/密码)和客户端证书来调用Web服务(不确定后端是什么写入).
简短版本:如果我有一个客户端证书和用户名/密码可以使用WCF代码/配置的组合来生成下面的SOAP标头?
长版
下面是由Visual Studio 2010中的"添加服务引用"生成的服务接口(名称/ URI已更改以保护无辜者):
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(Namespace="http://servicenamespacehere", ConfigurationName="Service.Contract.ConfigName.Here")]
public interface IBackendService {
// CODEGEN: ...
[System.ServiceModel.OperationContractAttribute(IsOneWay=true, Action="http://servicenamespacehere#Method1")]
[System.ServiceModel.XmlSerializerFormatAttribute(SupportFaults=true)]
void Method1(Method1Params request);
我需要生成的调用的SOAP安全标头如下所示:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-08-26T20:22:50.522Z</u:Created>
<u:Expires>2014-08-26T20:27:50.522Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-6f243c9c-fd85-4634-8b57-cb196aee3195-60591">
<o:Username>myUser</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somePwd</o:Password>
</o:UsernameToken>
<o:BinarySecurityToken u:Id="uuid-6f243c9c-fd85-4634-8b57-cb196aee3195-60592" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">BASE64TOKENHERE=</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>BASE64DIGESTHERE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>BASE64SIGNATUREHERE=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-6f243c9c-fd85-4634-8b57-cb196aee3195-60592"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
SOAP XML PAYLOAD FOLLOWS...
我无法找到任何能够支持包含两者UserName和Certificate类型的客户端消息凭据的WCF绑定/端点设置的组合.
由于某些搜索,我发现有人表示我需要自定义WCF绑定以包含两种凭据类型,并且他们指向此MSDN链接:
http://msdn.microsoft.com/en-us/library/ms751480(v=vs.100).aspx
但是,当我按照代码示例时,我收到一个错误:
'The service certificate is not provided for target'
现在,ClientCredentials对象同时具有ClientCertificate属性(我通过客户端证书的指纹成功加载),但ServiceCertificate是什么?
如果所有我都有客户端证书和用户名/密码可以使用,那么生成上面的SOAP头需要什么样的WCF代码/配置组合?
这只能通过代码绑定来完成:
var b = new CustomBinding();
var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
sec.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
sec.MessageSecurityVersion =
MessageSecurityVersion.
WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sec.IncludeTimestamp = false;
sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
b.Elements.Add(sec);
b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
b.Elements.Add(new HttpsTransportBindingElement());
| 归档时间: |
|
| 查看次数: |
1499 次 |
| 最近记录: |