C＃ - 使用SOAP和WS-TRUST传递证书以生成授权令牌 [英] C# - passing certificates using SOAP and WS-TRUST to generate authorization tokens

问题描述

我正在开发一个项目，该项目将使用第三方Web服务来实现某些功能。我们有2个WSDL文件1）与安全令牌服务相关的WSDL文件2）与我们的应用程序使用的某些功能相关的WSDL文件。我们还提供PKCS-12格式的客户端证书，他们说安全令牌服务系统使用它来生成运行时令牌以访问他们的服务。



我们还被告知，在运行时，安全令牌服务系统发出的授权令牌应由我们的应用程序使用SOAP库和WS-TRUST协议请求，并且他们还提到一些SOAP库将自动请求此令牌并使用WS将其传递给服务-TRUST协议。



任何人都可以在下面的问题上提出建议并帮助我理解证书文件和授权令牌的概念。



1）根据他们的文档，是否有任何SOAP库可以自动请求服务令牌并传递给实际服务。 2）如何使用SOAP传递证书以生成安全令牌？



我尝试过：



由于我是安全概念的新手，我一直在尝试对此进行研究很长一段时间但无法找到相关信息。

I am working on a project that would consume a 3rd party web service for certain functionality. We have got 2 WSDL files 1) WSDL file related to security token service 2) WSDL file related to certain functionality that our application uses. We are also provided with client certificate in PKCS-12 format, which they say is used by Security Token Service system to generate run time tokens for accessing their service.

We have also been informed that during run time the authorization token issued by Security Token Service system should be requested by our application using SOAP libraries and WS-TRUST protocols and also they mention some SOAP libraries will automatically request this token and pass it to service using WS-TRUST protocols.

Can anyone please suggest on below questions and help me understand concepts on certificate file and authorization tokens.

1) As per their documentation, is there any SOAP library which can automatically request service token and pass into actual service.? 2) How should the certificate be passed using SOAP to generate security token?

What I have tried:

Since am new to security concepts, I have been trying to research on this for quite a long time but couldn't find relevant information.

推荐答案

希望您从服务器端调用第三方Web服务，您的集成应该如下;



[浏览器] --- [您的服务器] ---当令牌不存在时--- [第三方安全托克服务]

[浏览器] --- [你的服务器] ---当令牌存在--- [第三方服务]



您的服务器应使用http-client来呼叫第三方服务，您应该在调用安全令牌服务时添加证书。这应该返回一个应该在浏览器cookie中设置的令牌。



代码片段：

Hope you are calling the third party web service from your server end, your integration should look like;

[Browser] ---[your server]---when token not present---[third party security toke service]
[Browser] ---[your server]---when token present---[third party service]

your server should use a http-client to call the third party service, where you should add the certificate when calling the security token service. This should return a token which should be set in your browser cookies.

code snippet:

WebRequestHandler handler = new WebRequestHandler();
X509Certificate2 certificate = GetMyX509Certificate();
handler.ClientCertificates.Add(certificate);
HttpClient client = new HttpClient(handler);

这篇关于C＃ - 使用SOAP和WS-TRUST传递证书以生成授权令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！