我正在尝试将此 WSE3.0 代码转换为 WCF:
// we use Microsoft WSE 3.0 to insert the username token in the soap header.
// This strategy takes care of creating and inserting the Nonce and Created elements
// for us, as well as creating a password digest based on Nonce, Created, and
// the password itself. Refer to the WS-Secutiry UsernameToken Profile 1.1
// specification at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
Microsoft.Web.Services3.Security.Tokens.UsernameToken nametoken;
nametoken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(username, password, Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
Microsoft.Web.Services3.Design.Policy ClientPolicy = new Microsoft.Web.Services3.Design.Policy();
ClientPolicy.Assertions.Add(new UsernameOverTransportAssertion());
this._proxy.SetPolicy(ClientPolicy);
this._proxy.SetClientCredential<UsernameToken>(nametoken); …我正在尝试连接到需要SSL安全性和用户名/密码凭据的第三方SOAP 1.1服务.预期的一个例子是:
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>username</wsse:Username>
<wsse:Password>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
我的客户端配置如下:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="thirdpartyservicebindingconfig">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"
algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://..."
binding="basicHttpBinding"
bindingConfiguration="thirdpartyservicebindingconfig"
contract="thirdpartyservicecontract"
name="thirdpartyserviceendpoint" />
</client>
</system.serviceModel>
服务客户端代码是:
var client = new thirdpartyservicecontractclient();
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
var result = client.DoSomething();
我收到以下错误异常消息:
安全处理器无法在消息中找到安全标头.这可能是因为消息是不安全的故障,或者因为通信方之间存在绑定不匹配.如果为安全性配置服务并且客户端未使用安全性,则会发生这种情况.
编辑:
如果我将安全模式重新配置为"传输":
<security mode="TransportWithMessageCredential">
我从第三方服务收到错误:
com.sun.xml.wss.XWSSecurityException:消息不符合已配置的策略[AuthenticationTokenPolicy(S)]:未找到安全标头; 嵌套异常是com.sun.xml.wss.XWSSecurityException:com.sun.xml.wss.XWSSecurityException:消息不符合已配置的策略[AuthenticationTokenPolicy(S)]:找不到安全标头.
如何配置我的客户端以连接到此服务?
我在解析SOAP Web服务时遇到了一些问题.如何从WSDL中识别NAMESPACE,METHOD_NAME,URL和SOAP_ACTION以及如何使用SoapObject进行处理.
我想在android中调用soap.
下面是WSDL和SOAP REQUEST XML.
WSDL:
https://e1jas01.domain.cssus.com:8091/DV910/RI_AddressBookManager?WSDL
谢谢,Gowtham.
我正在尝试使用用户名令牌(用户名/密码)和客户端证书来调用Web服务(不确定后端是什么写入).
简短版本:如果我有一个客户端证书和用户名/密码可以使用WCF代码/配置的组合来生成下面的SOAP标头?
长版
下面是由Visual Studio 2010中的"添加服务引用"生成的服务接口(名称/ URI已更改以保护无辜者):
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(Namespace="http://servicenamespacehere", ConfigurationName="Service.Contract.ConfigName.Here")]
public interface IBackendService {
// CODEGEN: ...
[System.ServiceModel.OperationContractAttribute(IsOneWay=true, Action="http://servicenamespacehere#Method1")]
[System.ServiceModel.XmlSerializerFormatAttribute(SupportFaults=true)]
void Method1(Method1Params request);
我需要生成的调用的SOAP安全标头如下所示:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-08-26T20:22:50.522Z</u:Created>
<u:Expires>2014-08-26T20:27:50.522Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-6f243c9c-fd85-4634-8b57-cb196aee3195-60591">
<o:Username>myUser</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somePwd</o:Password>
</o:UsernameToken>
<o:BinarySecurityToken u:Id="uuid-6f243c9c-fd85-4634-8b57-cb196aee3195-60592" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">BASE64TOKENHERE=</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>BASE64DIGESTHERE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>BASE64SIGNATUREHERE=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-6f243c9c-fd85-4634-8b57-cb196aee3195-60592"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
SOAP XML PAYLOAD …我想从带有 C# 的 .Net Core 3.1 连接到需要我根据 WS-Security WS-Policy 2004/09签署Soap 1.1正文的 Web 服务。
这是政策要求的文字描述:
AsymmetricBindingAssertion表示使用非对称加密,其中签名必须使用请求者的证书(X509v3)。该InitiatorToken字段指示请求令牌必须是 X509v3 令牌并且它必须包含在所有请求消息中,而该RecipientToken字段指示响应令牌必须是 X509v3 但不会包含在任何消息中。为了识别令牌,将使用 keyIdentifier – 由MustSupportKeyRefIdentitier字段指定 。Timestamp还需要包含在内以规避重放攻击,因此 - 默认情况下 - 这也是签名的。该OnlySignEntireHeadersAndBody字段规定只允许对整个标题或正文进行签名 - 以减轻 XML 签名包装。最后,我们只规定 SOAP Envelope 的 Bodyelement 需要签名。
我添加了一个与Microsoft WCF Web Reference Provider的连接服务在 Visual Studio 2019 中并且所有实体都添加到 Reference.cs 中。我可以在没有 WS-Policy 要求的情况下很好地连接到 SoapUI 中服务的模拟版本。我已经验证了证书和东西,我就是不知道如何在肥皂体上签名。
我无法使用,WSHttpBinding因为它生成 Soap 1.2 并且我尝试使用的服务只理解Soap 1.1。
我用 尝试了不同的方法 …
我有一个应用程序通过https连接到实现WS-Security的基于SOAP的Web服务.Web服务是用Java编写的,需要纯文本密码以及正确设置的时间戳.
经过大量的谷歌搜索和实验,我无法弄清楚如何配置我的WCF客户端与此服务进行交互.除了正确答案之外,我还要感谢指向WCF和SOAP的教程的链接.
我当前客户端的app.config如下所示:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
<!--security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security-->
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://p1.my.com/tx/services/MyService"
binding="basicHttpBinding" bindingConfiguration="MyServiceSoapBinding"
contract="My.IMyService" name="MyServiceEndpointPort" />
</client>
</system.serviceModel>
</configuration>
并且客户端代码如下所示:
string response;
try
{
MyService.MyServiceClient svc = …我们正在尝试使用x509证书在客户端和WCF服务之间实现消息安全性.客户端发送soap安全标头,服务按预期验证标头.问题是该服务没有使用我们需要的安全头来签署它的响应消息.我相信下面包含了所需的所有信息,但如果您还需要其他信息,请告诉我.谢谢!
该服务的web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off" />
</system.web>
<system.serviceModel>
<services>
<service name="RealIdCardService.AetnaNavigator" behaviorConfiguration="serviceCredentialBehavior">
<endpoint address="" contract="RealIdCardService.IAetnaNav" binding="wsHttpBinding" bindingConfiguration="InteropCertificateBinding"></endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="serviceCredentialBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpsGetEnabled="true" />
<serviceCredentials>
<!--certificate storage path in the server-->
<serviceCertificate findValue="WcfClient" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="TrustedPeople" />
<issuedTokenAuthentication allowUntrustedRsaIssuers="true" />
<!--certificate storage path in the client-->
<clientCertificate>
<certificate findValue="WcfServer" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="TrustedPeople" />
<authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="InteropCertificateBinding"> …大多数情况下,我的混淆似乎是从我在WCF环境中理解安全性的尝试中解脱出来的.在WCF中,看起来证书可用于身份验证和加密.基本上,我试图理解:
我不完全确定这是正确的论坛.我的问题源于试图理解WCF,但我想我想理解这背后的理论.如果这是一个好主意,请为我建议正确的论坛.如果有必要的话,我很乐意尝试迁移这个问题.
提前致谢!
我必须使用Web服务安全X.509证书令牌配置文件1.1 OASIS标准规范,2006年2月1日,使我的WCF客户端使用Web服务(IBM DataPower)并签署/加密请求.
到目前为止,我已经创建了一个自定义绑定并"思考"我正在沿着正确的方向工作:
更新以反映最新的尝试
Private Function CreateCustomBinding() As Channels.Binding
Dim asbe As New Channels.AsymmetricSecurityBindingElement
asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10
asbe.InitiatorTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
asbe.RecipientTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
asbe.MessageProtectionOrder = Security.MessageProtectionOrder.EncryptBeforeSign
asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict
asbe.IncludeTimestamp = True
asbe.SetKeyDerivation(False)
asbe.DefaultAlgorithmSuite = Security.SecurityAlgorithmSuite.Basic128Rsa15 'By default, AES-128 is used as the encryption algorithm.
'Add the elements to the custom binding
Dim myBinding As New CustomBinding
'element order is important - see http://msdn.microsoft.com/en-us/library/ms733893(v=vs.90).aspx
'Protocol Binding Elements (security)
myBinding.Elements.Add(asbe)
'Encoding Binding Element
myBinding.Elements.Add(New TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, System.Text.Encoding.UTF8)) …如何创建完全安全的证明jnlp.我创建了一个jnlp并上传到我的在线服务器上.它根本不工作,但在我的本地,它工作正常.
我的在线JNLP正在打开GUI,只有当我将java安全级别降低到中等时(我认为它根本不安全)并且它不起作用(没有任何功能正常工作)
我用Google搜索了它,但找不到任何有用的东西. 编辑 你可以验证JNLP文件...找到链接 ..这个应用程序在我的本地运行完全正常..它不工作..可能是什么原因?
ws-security ×10
wcf ×8
soap ×6
wcf-security ×3
c# ×2
certificate ×2
.net ×1
.net-core ×1
cryptography ×1
https ×1
jar ×1
java ×1
jnlp ×1
soap-client ×1
swing ×1
wcf-client ×1
wsdl ×1
wse ×1
wsse ×1