如何传递消息凭证-TransportWithMessageCredential-SOAP请求中没有凭证 [英] How to pass message credentials - TransportWithMessageCredential - No credentials in the SOAP request

问题描述

我正在将WSBinding与"TransportWithMessageCredential"一起使用以保护我的WCF Web服务，并且在使用.NET客户端时也没有任何问题.

I am using WSBinding with "TransportWithMessageCredential" to secure my WCF web service, I am using it without any problems using .NET clients.

但是当尝试从Android或非.Net客户端使用它时，我不知道在何处提供消息凭据！

But when trying to use it from Android or non-.Net client, I can't tell where to provide the message credentials!!

我已经截获了.NET客户端发送的SOAP消息，它不包含任何与凭据有关的东西，但是运行良好，但是当对来自和Android客户端的SOAP请求使用相同的语法时，我们正面临着这个错误:

I have intercepted the SOAP message being sent by the .NET client, it doesn't contain any thing related to the credentials, but it is working perfectly, but when using the same syntax for the SOAP request from and Android client, we are facing this error:

无法处理该消息.这很可能是因为 操作' http://tempuri.org/XXX/YYY '不正确，或因为 消息包含无效或过期的安全上下文令牌，或者 因为绑定之间不匹配.安全上下文 如果服务由于以下原因中止了频道，则令牌将无效: 不活动.为了防止服务中止空闲会话 过早增加服务端点的接收超时 绑定.

The message could not be processed. This is most likely because the action 'http://tempuri.org/XXX/YYY' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.

.NET客户端正在发送的SOAP请求，并以被拦截的方式工作:

The SOAP request that is being sent by .NET client and working as intercepted:

<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
    <a:MessageID>urn:uuid:XX-XX-XX-XX-XX</a:MessageID>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
  </s:Header>
  <s:Body>
    <XXXXXX xmlns="http://tempuri.org/">
      <request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
        <d4p1:Prop1 i:nil="true" />
        <d4p1:Prop2 i:nil="true" />
        <d4p1:Prop3 i:nil="true" />
      </request>
    </XXXXXX >
  </s:Body>
</s:Envelope>

我的WCF对服务的认知:

My WCF confing for the service:

  <wsHttpBinding>
    <binding name="wsHttpBindingExt" maxReceivedMessageSize="4096000">
      <readerQuotas maxDepth="32" maxStringContentLength="409600" maxArrayLength="4096000" maxBytesPerRead="4096000" />
      <security mode="TransportWithMessageCredential" >
        <message clientCredentialType="UserName"/>
      </security>
    </binding>
  </wsHttpBinding>

对于正在工作的.NET客户端:

For the working .NET Client:

用于从.NET调用服务并正常工作的客户端代码:

Client code to call the service from .NET and working correctly:

XXXXXServiceClient client = new XXXXXServiceClient ();
client.ClientCredentials.UserName.UserName = "XXXX";
client.ClientCredentials.UserName.Password = "YYYY";
var res = client.DoXXXXX(a,b,c);

EDIT

EDIT

存在，拦截器并没有给我全部请求，但是我还有另一个问题.

It is exists, that interceptor is not giving me the whole request, but I have another problem.

使用提琴手，我发现有两个请求，第一个是请求安全令牌:

Using fiddler, I have found that there are two requests, the first one is to request a security token:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
        <a:MessageID>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:MessageID>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://XXX.XXX.com/XXX.svc</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2014-04-25T10:31:13.686Z</u:Created>
                <u:Expires>2014-04-25T10:36:13.686Z</u:Expires>
            </u:Timestamp>
            <o:UsernameToken u:Id="uuid-4d51d9cc-f621-48af-96a7-1fa541c18ea1-1">
                <o:Username>XXX</o:Username>
                <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">YYY</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
            <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
            <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
            <t:Entropy>
                <t:BinarySecret u:Id="uuid-c32043fe-d4fb-4802-b15a-ba2691c2b3d8-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">XXXXXXXXXXXXXXXXXXXXXXXXX</t:BinarySecret>
            </t:Entropy>
            <t:KeySize>256</t:KeySize>
        </t:RequestSecurityToken>
    </s:Body>
</s:Envelope>

此请求的响应为:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</a:Action>
        <a:RelatesTo>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:RelatesTo>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2014-04-25T10:31:02.106Z</u:Created>
                <u:Expires>2014-04-25T10:36:02.106Z</u:Expires>
            </u:Timestamp>
        </o:Security>
    </s:Header>
    <s:Body>
        <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
            <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
            <t:RequestedSecurityToken>
                <c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                    <c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
                </c:SecurityContextToken>
            </t:RequestedSecurityToken>
            <t:RequestedAttachedReference>
                <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
                </o:SecurityTokenReference>
            </t:RequestedAttachedReference>
            <t:RequestedUnattachedReference>
                <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <o:Reference URI="urn:uuid:e2562052-1de3-496d-b455-e36958692176" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
                </o:SecurityTokenReference>
            </t:RequestedUnattachedReference>
            <t:RequestedProofToken>
                <t:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKey>
            </t:RequestedProofToken>
            <t:Entropy>
                <t:BinarySecret u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-9" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">JrVuueyiE55P172GX97vM3KM/oo26pN71wQ4B4C5dbo=</t:BinarySecret>
            </t:Entropy>
            <t:Lifetime>
                <u:Created>2014-04-25T10:31:02.106Z</u:Created>
                <u:Expires>2014-04-26T01:31:02.106Z</u:Expires>
            </t:Lifetime>
            <t:KeySize>256</t:KeySize>
        </t:RequestSecurityTokenResponse>
    </s:Body>
</s:Envelope>

然后，我可以在第二个主要请求的响应中使用这些信息:

And then, I can use these information in this response in the main second request:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
        <a:MessageID>urn:uuid:e2ec7944-a6b8-46f1-b021-270cea67c205</a:MessageID>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://XXXX.YYYY.com/ZZZZ.svc</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2014-04-25T10:31:14.905Z</u:Created>
                <u:Expires>2014-04-25T10:36:14.905Z</u:Expires>
            </u:Timestamp>
            <c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                <c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
            </c:SecurityContextToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                    <Reference URI="#_0">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>YYYYYYYYYYYYYYYYYYYYYY=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>XXXXXXXXXXXXXXXXXXXXX=</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body>
    <XXXXXX xmlns="http://tempuri.org/">
      <request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
        <d4p1:Prop1 i:nil="true" />
        <d4p1:Prop2 i:nil="true" />
        <d4p1:Prop3 i:nil="true" />
      </request>
    </XXXXXX >
    </s:Body>
</s:Envelope>

这里最大的问题是，在哪里可以找到: BinarySecret，DigestValue，SignatureValue ！！！以及其他大量的值和ID！

The big question here is, where to find: BinarySecret, DigestValue, SignatureValue!!! and the other huge amount of values and ids!!!

推荐答案

您看到的消息交流是Ws-SecureConversation.在这里，您可以找到这些消息的完整规范: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html

The message exchanage that you see is Ws-SecureConversation. Here you can find the the full specification of those messages: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html

您很可能不想在Android客户端中实现或使用它，因此可以通过在message元素中将EstablishmentSecurityContext设置为false来禁用绑定.

Most likely you don't want to implement or use it in your Android client, so you can disable it in binding by setting establishSecurityContext to false in message element.

更多信息: 设置EstablishmentSecurity的影响是什么? 假"如果我使用https?

这篇关于如何传递消息凭证-TransportWithMessageCredential-SOAP请求中没有凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！