我正在尝试使用WS-UsernameToken规范验证SOAP请求,但目标设备始终拒绝访问.我的非工作请求看起来像这样.(我正在尝试哈希的密码是system.)

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">
 <Header>
  <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <UsernameToken>
      <Username>root</Username>
      <Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">EVpXS/7yc/vDo+ZyIg+cc0fWdMA=</Password>
      <Nonce>tKUH8ab3Rokm4t6IAlgcdg9yaEw=</Nonce>
      <Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-08-10T10:52:42Z</Created>
    </UsernameToken>
  </Security>
 </Header>
  <Body>
    <SomeRequest xmlns="http://example.ns.com/foo/bar" />
  </Body>
</Envelope>

我正在寻找的是一个类似的请求示例,但具有实际工作的身份验证令牌.例如,如果您有使用这些令牌的gSOAP应用程序,并且可以生成请求并在此处发布结果,我将非常感激.

编辑:

我稍稍调整了Rampart配置,现在我又陷入了另一个角度.

在Rampart的PostDispatchVerificationHandler中,抛出异常,因为尚未处理安全标头.

// If a security header is there and Rampart is engaged, it has to be processed.  
// If it is not processed, there must have been a problem in picking the policy 

SOAPHeaderBlock secHeader = getSecurityHeader(msgContext);
if (secHeader != null && (secHeader.isProcessed() == false)) {
     throw new AxisFault("InvalidSecurity - Security policy not found");
}

日志:

[DEBUG] [MessageContext: logID=a5012f2f13095af97123a192575c50a7f727850f3a9ecfc5] Invoking Handler 'HTTPLocationBasedDispatcher' in Phase 'Dispatch'
[DEBUG] [MessageContext: logID=a5012f2f13095af97123a192575c50a7f727850f3a9ecfc5] Invoking Handler 'Post dispatch security verification handler' in Phase 'Dispatch' …

我需要实现一个jax-ws客户端.

以下是提供者文档关于安全性的内容

目前,我们在http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf上使用SOAP Message Security 1.0版规范.

本标准使用另外两个来自W3C规范:
XMLENC(http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/)
和XMLDSIG(http://www.w3.org/TR/2002)/REC-xmldsig-core-20020212 /)

对于签名,使用指定X509的"URI"和"valueType"的直接"引用"的"SecurityTokenReference"是强制性的.对于加密,我们也推荐它,但我们也按优先顺序支持对keyIdentifier,X509IssuerSerial或keyName的引用.

加密和签名的块必须是"body"标记.

我们建议使用:"rsa-sha1"用于签名,"rsa-1_5"用于加密密钥,"tripledes-cbc"用于加密正文.

所以我提出了以下政策(从netbeans生成).但是......我看起来并不合适.Web服务尚无法访问,但我不确定规范版本是否匹配.我在这个问题上看了很多,但我仍然有些困惑.这个政策看起来不错吗？

<wsp1:Policy wsu:Id="ListeOperationsPeriodeSoapBindingSoapPolicy">
    <wsp1:ExactlyOne>
        <wsp1:All>
            <sp:TransportBinding>
                <wsp1:Policy>
                    <sp:TransportToken>
                        <wsp1:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp1:Policy>
                    </sp:TransportToken>
                    <sp:Layout>
                        <wsp1:Policy>
                            <sp:Lax/>
                        </wsp1:Policy>
                    </sp:Layout>
                    <sp:AlgorithmSuite>
                        <wsp1:Policy>
                            <sp:TripleDesRsa15/>
                        </wsp1:Policy>
                    </sp:AlgorithmSuite>
                </wsp1:Policy>
            </sp:TransportBinding>
            <sp:Wss10/>
            <sp:EndorsingSupportingTokens>
                <wsp1:Policy>
                    <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                        <wsp1:Policy>
                            <sp:WssX509V3Token10/>
                        </wsp1:Policy>
                    </sp:X509Token>
                </wsp1:Policy>
            </sp:EndorsingSupportingTokens>

        </wsp1:All>
    </wsp1:ExactlyOne>
</wsp1:Policy>
<wsp:Policy wsu:Id="ListeOperationsPeriodeSoapBindingSoap_perform_Input_Policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp1:SignedEncryptedSupportingTokens>
                <wsp:Policy>
                    <sp1:X509Token sp1:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp1:WssX509V3Token10/>
                        </wsp:Policy>
                    </sp1:X509Token>
                </wsp:Policy>
            </sp1:SignedEncryptedSupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>

</wsp:Policy>

编辑:我无法用wsit发送预期的消息.例如,使用Netbeans向导,如果不使用寻址,我无法获得加密的标头.这应该是可能的吗？

我用一个旧的轴1类和wss4j攻击了一些东西,它有效,但它很难看,而且我宁愿使用更具前瞻性的东西.

我正在连接到具有axis/rampart的web服务,并被告知要删除InclusiveNamespaces,因为prefixList是"",这是不允许的.我怎么做？

部分看起来像

<ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsa soapenv" />
    </ds:CanonicalizationMethod>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    <ds:Reference URI="#Id-289005241">
        <ds:Transforms>
            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">              
                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
            </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />                          
        <ds:DigestValue>bla bla bla=</ds:DigestValue>
    </ds:Reference>
</ds:SignedInfo>

是否可以将轴/ rampart配置为在其为空时不打印包含名称空间？

我正在使用axis/rampart 1.6.2并连接到.NET服务

任何想法如何存档？或者我如何使它呈现非空前缀列表？

我正在使用客户端,尝试使用PHP发送和接收soap调用.他们设置了ws-security,并使用x.509证书进行身份验证.我已经能够使用SoapUI使这个工作,但我无法在PHP中使用它.

我遇到的问题是,他们不使用标准的二进制安全令牌或用户名/密码组合.他们在安全令牌参考中签署XML文件.

我一直在尝试使用Rob Richards的库来生成哈希,并且它似乎包含在其中的代码来完成我正在尝试做的事情,但我一直没有成功实现它.(https://github.com/robrichards/wse-php)

这是我们应该得到的:

<soapenv:Envelope xmlns:ord="http://order.pine.cypresscare.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <ds:Signature Id="SIG-17020931F46DA4F12E144355764463230" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces PrefixList="ord soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:CanonicalizationMethod>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
                <ds:Reference URI="#id-17020931F46DA4F12E144355764463229">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="ord" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ds:DigestValue>BZc+DagseonF6kbBdtONG73wjcE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eIICrWiZerxelcSNUack5OKgvdSKYS3p5KdblFLVztYksExNoZ9wLQ==</ds:SignatureValue>
            <ds:KeyInfo Id="KI-17020931F46DA4F12E144355764463227">
                <wsse:SecurityTokenReference wsu:Id="STR-17020931F46DA4F12E144355764463228">
                    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
                         MIID... (Hash goes here)
                    </wsse:KeyIdentifier>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
        </ds:Signature>
    </wsse:Security>
</soapenv:Header>

但我能得到的最好的是:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ord="http://order.pine.cypresscare.com">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="pfx7b827e06-1662-e6e4-78fd-6b4bb95aeb96" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
            MIIC... (Hash goes here)
        </wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> …

我有来自oracle的NO-.net webservice要访问我需要添加soap标头.如何在java中添加soap标头？

Authenticator.setDefault(new ProxyAuthenticator("username", "password"));
                System.getProperties().put("proxySet", "true");
                System.setProperty("http.proxyHost", "IP");
                System.setProperty("http.proxyPort", "port");




                proxy = new RegPresMed_Service(new URL("webservice")).getRegPresMed();
                ((BindingProvider) proxy).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "realwebservice");
                ((BindingProvider) proxy).getRequestContext().put("com.sun.xml.ws.request.timeout", new Integer(60000));
                ((BindingProvider) proxy).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "webserviceUsername");
                ((BindingProvider) proxy).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "webservicePassword");

这有必要吗？

 ((BindingProvider) proxy).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "webserviceUsername");
                    ((BindingProvider) proxy).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "webservicePassword");

我的肥皂标题是这样的:

<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken wsu:Id="UsernameToken-6"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>username</wsse:Username>
        <wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
        <wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">randomnaumber==</wsse:Nonce>
        <wsu:Created>dateCreated</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>

我有一个WCF客户端连接到基于Java的Axis2 Web服务(在我的控制之外).它即将应用WS-Security,我需要修复.NET客户端.但是,我正在努力提供正确的身份验证.我知道WSE 3.0可能会让它变得更容易,但我宁愿不再使用过时的技术.

类似的问题(未解决),包括这个,这个和这个.

SOAP消息应如下所示:

<wsse:UsernameToken>
  <wsse:Username><!-- Removed--></wsse:Username> 
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"><!-- Removed--></wsse:Password> 
  <wsse:Nonce><!-- Removed--></wsse:Nonce> 
  <wssu:Created>2010-05-28T12:50:33.675+01:00</wssu:Created> 
</wsse:UsernameToken>

但是,我的看起来像这样:

<s:Header>
<h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"></h:Security>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2010-06-23T10:31:23.441Z</u:Created>
<u:Expires>2010-06-23T10:36:23.441Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-d329b3b2-6a1f-4882-aea6-ec6b8a492de7-1">
<o:Username>
<!-- Removed-->
</o:Username>
<o:Password>
<!-- Removed-->
</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>

我的客户端看起来像这样:PS注意所需的 SecurityHeaderType参数.那是什么？

public MyAck SendRequest(MyRequest request)
{
 RemoteServicePortTypeClient client = new RemoteServicePortTypeClient();

 client.ClientCredentials.UserName.UserName = "JAY";
 client.ClientCredentials.UserName.Password = "AND";

    // what is the difference between the two different Credential …

我需要使用ASP.NET中的WS-Security保护的Web服务.

我正在使用SoapUI测试服务,作为信封请求:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://aduana.gov.py/webservices">
   <soapenv:Header/>
   <soapenv:Body>
      <web:agregarGuia>
         <!--Optional:-->
         <guia>?</guia>
         <!--Optional:-->
         <autenticacion>
            <!--Optional:-->
            <codAduana>?</codAduana>
            <!--Optional:-->
            <firmaWSAA>?</firmaWSAA>
            <!--Optional:-->
            <idUsuario>?</idUsuario>
            <!--Optional:-->
            <ticketWSAA>?</ticketWSAA>
         </autenticacion>
      </web:agregarGuia>
   </soapenv:Body>
</soapenv:Envelope>

我得到的回应是:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
   <env:Header/>
   <env:Body>
      <env:Fault>
         <faultcode>env:Server</faultcode>
         <faultstring>org.jboss.ws.core.CommonSOAPFaultException: This service requires &lt;wsse:Security>, which is missing.</faultstring>
      </env:Fault>
   </env:Body>
</env:Envelope>

所以我联系了服务提供商,他们告诉我,必须使用WS-Security来调用服务.因此,发送到服务器的SOAP消息必须使用我的证书进行数字签名.

问题是我不知道该怎么做.到目前为止,我添加了一个服务参考,我在代码中传递了提到的证书:

var srvRef = new DnaSoapClient(); 
srvRef.ClientCredentials.ClientCertificate.Certificate = theCert;
var response = srvRef.agregarManifiesto( dnaManifiesto );

我google了一些,有些人推荐WCF.我正在构建一个ASP.NET 4.5应用程序.这个场景有什么选择？我需要知道如何使用我的证书签署邮件.

编辑1: 我能够推进这个问题,现在我可以发送带有证书签名的SOAP消息,我即将完成任务.现在我无法在安全标签中设置正确的元素,我编辑了问题以显示信封,正确的信封和我的信封.

正确:这是正确请求的样本信封

<soapenv:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-B259DAB3D28E48CB6A140000796019094">MIIC9TCCAd2gAwIBAgIIUiM4nWs8kfcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTkxMTIwWhcNMTgxMjIwMTQzNzEzWjBBMRQwEgYDVQQDDAtjb3VyaWVyLnRudDEOMAwGA1UECwwFc29maWExDDAKBgNVBAoMA2RuYTELMAkGA1UEBhMCcHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOS71x5+ChwGzWs4VlLgkePbU8/zFHUrrE8nFNVsukMCc5q5hCK8/CeNM+mxImilLdJrGoC2/000lQetB9B3AqIrAdOfBFU4/qsAlgWI+kt2jnUsJMLRjQfxhAKMeX4RUb0CmTcsnXtWlFvYFFjiUi9nUJVSxCsmldVFgLIAHRPjAgMBAAGjfzB9MB0GA1UdDgQWBBTCwBBmU7f/4SmNz7GNJ25ILkPuhjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDF+1hOSdgg2DFOUofnnXdx9TxjeMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAALVVGGNsTSMcfDBwkkNQH3MpfiNTo/mhH8ahqUVN1+5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt/93f74B3a3oMpBtbVEiku2BKUp5cJfkYe2c5zPOxk3nzmQwcEoB++RgX9DJOtUkKA/It2IM9/8ggUyjceJQCpBRiA9Kg7+h3HfmOKNn+9/pNu498JXhSRKa8Jr4pp/1udYRk+W8sKGEBtAU9MvL3y0AbvLhUD+MZyvpHGB17fslC8Nnd5EBQH8hQD+DWGepyCBIlb0NA13YEoLMcRKDcWvSPd0UGWo2G0IOeUZaGuzzIz2n04QrXvnqQKAOFd9yH2VfGtWE=</wsse:BinarySecurityToken>
    <ds:Signature Id="SIG-96" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
          <ec:InclusiveNamespaces PrefixList="soapenv …

我使用JBoss 4.2.3.GA. 在之前的任务中,我使用了JBoss支持的基本加密机制(WS-Security).即我使用密钥库,信任库文件进行加密和签名消息.通常(以标准方式)在jboss-wsse-*文件中定义了必须在加密过程中使用的密钥别名.我在Action book中使用了JBoss的ws安全配置.

没关系.加密工作正常.

但在我当前的任务中,我需要手动和动态地为键指定别名.任务描述:

• 我有几个档案.在每个配置文件中,可以是必须用于加密消息的公钥的别名别名.

• 我有密钥库包含服务器的私钥/公钥和客户端的公钥,它们将向服务器发送消息

• 我需要使用此别名指定的公钥从配置文件获取别名并加密消息(在客户端).

• 所以我需要以某种方式从密钥库加载数据(它必须驻留在文件系统文件夹,即外耳文件),从中获取适当的公钥,然后进行加密.
• 之后,我需要向具有私钥进行解密的远程Web服务(服务器端)发送消息.
• 在这里,我看到了服务器端逻辑的几种变体:Web服务使用标准JBoss机制进行解密,或者我可以手动加载密钥库数据并手动进行解密.

所以问题是关于:

1. 有没有办法为JBoss指定文件系统目录来加载密钥库？
2. 我可以为标准JBoss WSS机制指定加密别名,以允许jboss在crypt进程中使用此信息吗？
3. 如果我必须进行手动加密/解密,那么如何将多个Java对象包装到WS消息中,然后使用必要的别名加密它以及如何手动将此消息发送到远程Web服务？

我只是不知道如何开始,使用什么框架,甚至有必要使用外部(非JBoss)框架...

我的任务是尝试与建筑物中的ONVIF摄像机建立通信,最终升级公司的domotic解决方案,以自动识别ONVIF摄像机,并能够设置它们并使用它们的服务.

我已经能够以这种方式收集一些基本信息,如模型,MAC地址和固件版本:

    EndpointAddress endPointAddress = new EndpointAddress("<mycameraurl:<mycameraport>/onvif/device_service");
    CustomBinding bind = new CustomBinding("DeviceBinding");
    DeviceClient temp = new DeviceClient(bind, endPointAddress);
    String[] arrayString = new String[4];
    String res = temp.GetDeviceInformation(out arrayString[0], out arrayString[1], out arrayString[2], out  arrayString[3]);
    MessageBox.Show("Model " + arrayString[0] + ", FirmwareVersion " + arrayString[1] + ", SerialNumber " + arrayString[2] + ", HardwareId " + arrayString[3]);

我在app.config文件中有customBinding的xml规范:

  <customBinding>
    <binding name="DeviceBinding">
      <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
          messageVersion="Soap12" writeEncoding="utf-8">
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      </textMessageEncoding>
      <httpTransport manualAddressing="false" maxBufferPoolSize="524288"
          maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
          bypassProxyOnLocal="false" …