Pie*_*ree 4 php wcf web-services
我很难从PHP站点使用安全的WCF Web服务.我在PHP方面的知识是有限的,我在网上找到了各种各样的例子但是没有成功使它们工作.
我有一个Silverlight应用程序也使用此WebService,它工作正常.但是当我运行PHP站点时,我收到此错误:
MessageSecurityException:安全性处理器无法在消息中找到安全标头.这可能是因为消息是不安全的故障,或者因为通信方之间存在绑定不匹配.如果为安全性配置服务且客户端未使用安全性,则会发生这种情况.
我还尝试将customBinding更改为basicHttpBinding.当我这样做时,不再调用自定义用户名验证器.但是,使用basicHttpBinding并删除我的WCF服务上的凭据验证"工作"(除了它是不安全的事实).所以这个问题似乎与安全信息有关.
有人可以给我一个工作示例或教程,可以帮助我使这个PHP页面工作吗?
这是我的PHP代码:
$options = array(
'soap_version' => SOAP_1_1,
'exceptions' => true,
'trace' => 1,
'cache_wsdl' => WSDL_CACHE_NONE,
'Username' => 'MyUserName',
'password' => 'MyPassword');
$client = new SoapClient('https://UrlToService/Service.svc?wsdl', $options);
try
{
$phpresponse = $client->Get();
print $phpresponse->GetResult->Version;
echo "</b><BR/><BR/>";
}
catch(Exception $e)
{
echo "<h2>Exception Error!</h2></b>";
echo $e->getMessage();
echo "<BR/><BR/>";
}
WCF配置
<behavior name="sslBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyNamespace.ServiceUserNameValidator, MyNamespace" />
</serviceCredentials>
<serviceSecurityAudit
auditLogLocation="Application"
serviceAuthorizationAuditLevel="Failure"
messageAuthenticationAuditLevel="Failure"
suppressAuditFailure="true" />
</behavior>
<customBinding>
<binding name="sslCustomBinding">
<security authenticationMode="UserNameOverTransport" includeTimestamp="true" allowInsecureTransport="true">
<localServiceSettings maxClockSkew="00:10:00" />
<localClientSettings maxClockSkew="00:10:00" />
<secureConversationBootstrap />
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
</customBinding>
<service behaviorConfiguration="sslBehavior" name="MyNamespace.Services.Service">
<endpoint address="" binding="customBinding"
bindingConfiguration="sslCustomBinding" contract="MyNamespace.ServiceContracts.IService" />
<host>
<baseAddresses>
<add baseAddress="https://UrlToService/Services/" />
</baseAddresses>
</host>
</service>
我解决了这个问题.我不得不在PHP中扩展"SoapHeader"类,使其符合WS-Security标准.
这是解决方案:
PHP Header类
class WsseAuthHeader extends SoapHeader
{
private $wss_ns = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';
function __construct($user, $pass, $ns = null)
{
if ($ns)
{
$this->wss_ns = $ns;
}
$auth = new stdClass();
$auth->Username = new SoapVar($user, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);
$auth->Password = new SoapVar($pass, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);
$username_token = new stdClass();
$username_token->UsernameToken = new SoapVar($auth, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns);
$security_sv = new SoapVar(
new SoapVar($username_token, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns),
SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'Security', $this->wss_ns);
parent::__construct($this->wss_ns, 'Security', $security_sv, true);
}
}
PHP客户端调用
$options = array(
'soap_version' => SOAP_1_1,
'exceptions' => true,
'trace' => 1,
'wdsl_local_copy' => true
);
$username = "MyUser";
$password = "MyPassword";
$wsse_header = new WsseAuthHeader($username, $password);
$client = new SoapClient('https://UrlToService/Service.svc?wsdl', $options);
$client->__setSoapHeaders(array($wsse_header));
try
{
$phpresponse = $client->Get();
print $phpresponse->GetResult->Version;
echo "</b><BR/><BR/>";
}
catch(Exception $e)
{
echo "<h2>Exception Error!</h2></b>";
echo $e->getMessage();
}
希望它会帮助别人!
感谢Chris:使用PHP连接到受WS-Security保护的Web服务