WCF客户端使用的WS-Security [英] WCF Client with WS-Security
本文介绍了WCF客户端使用的WS-Security的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我需要实现符合下列SOAP消息的例子WCF客户端:
I need to implement a WCF client that meets the following SOAP message example:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:msa="http://msa.ebs.health.ontario.ca/"
xmlns:idp="http://idp.ebs.health.ontario.ca/"
xmlns:edt="http://edt.health.ontario.ca/"
xmlns:ebs="http://ebs.health.ontario.ca/">
<soapenv:Header>
<ns2:EBS wsu:Id="id-1" xmlns:ns2="http://ebs.health.ontario.ca/" >
<SoftwareConformanceKey>444561ee-277f-77b2-c664-7a9923jfgh1b</SoftwareConformanceKey>
<AuditId>f68e6ff9-74f7-4022-8618-ec2cf0ee4b6a</AuditId>
</ns2:EBS>
<ns2:MSA wsu:Id="id-2" xmlns:ns2="http://msa.ebs.health.ontario.ca/" >
<ServiceUserMUID>4523394</ServiceUserMUID>
<UserID>johndoe</UserID>
</ns2:MSA>
<wsse:Security SOAP-ENV:mustUnderstand="1">
<wsu:Timestamp wsu:Id="id-3">
<wsu:Created>2012-06-26T16:18:15.185Z</wsu:Created>
<wsu:Expires>2012-06-26T16:18:45.185Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="id-4">
<wsse:Username>72214255</wsse:Username>
</wsse:UsernameToken>
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-0EE1C2718CEDCA9FC213407274954261">
MIICMzCCAZygAwIBAgIET1e+dDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsGA1UEChMET0hJUDEVMBMGA1UECxMMUmVnaXN0cmF0aW9uMRcwFQYDVQQDEw4xNDIuMTQ1LjcwLjE3NzAeFw0xMjAzMDcyMDAwNTJaFw0xMzAzMDcyMDAwNTJaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ0wCwYDVQQKEwRPSElQMRUwEwYDVQQLEwxSZWdpc3RyYXRpb24xFzAVBgNVBAMTDjE0Mi4xNDUuNzAuMTc3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs/JIP6CE5IkfTnD/c56K+QAYqETdLvW1xXJ6ipkVhjjC2ASKuuH4fvhbyxo2B4VugsL9r4E5jHEKoi+GDKOLlLZRfSy0cB8IcpXonAuGqMzhCoEQ1CdxNb9etMyvQGRKEBgniKKxTvpTyZdpYDi92up5E+FYL3jEejhp+1iDFJQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHn8VZS169BJMa4E6SNLnY7u80zSh90mbrTUWjM1dEicv3jQMMsrWHfoCt+nRSqfNLUTLc8U0LqiB3jnnNJgJt1T7Sp8eUZPdH0gY3i83ZXA8HDFKMZF3qL8I8ncu8FPcZGYBNhYrGjXXsuqXimiTIjxgm06ErRa/51szOFFxWrB
</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>FkhA37COGmsKeEH50LAGhKntvRpD0+xOGsGzXAV210k=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>RA1O1voUNDV9+hi6IzNNxkTHfEdu2pu6fppiwN23JGI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse xs xsi"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>3vVj2VEbLKEvGy4yt7k8i2BeWUOaCygnFMduT7EyP3A=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-4">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsu xs xsi"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>yFOmFgMDHMBooWIEsB3azib2EX7fR+Ich03J19kFMVE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec sp tns wsdl wsp wsse wsu xs xsi"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>zoxMcAQ2WLBIir333NJk52r4axwznflX+KxMQTPFvfQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
HmOiZS4gZbxv07+sLjyi7Vfg3Rfpvr3IVnaHfRp4aKvg5yBFlLocPIYwhUhmCCs1LXrJxR0hsbe0K2sz3ML5hH+PDEGetlPKSN9R1x9K95w7V1JQcTUULiVgNGLCfxgFV2HNy1iNvlTc7COS+7w4xSgsY4KlVgrBw0T1srhHpUA=
</ds:SignatureValue>
<ds:KeyInfo Id="KI-0EE1C2718CEDCA9FC213407274954662">
<wsse:SecurityTokenReference wsu:Id="STR-0EE1C2718CEDCA9FC213407274954663">
<wsse:Reference URI="#X509-0EE1C2718CEDCA9FC213407274954261"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-5"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<edt:upload>
<upload>
<content>
<inc:Include href="cid:2341682853256" xmlns:inc="http://www.w3.org/2004/08/xop/include" />
</content>
<description>00123</description>
<resourceType>CL</resourceType>
</upload>
</edt:upload>
</soapenv:Body>
</soapenv:Envelope>
最相似的我已经得到了一直下面的结合配置和定制绑定改动包括UserNameSecurityTokenParameter:
The most similar I've gotten has been with the following binding configuration and custom binding alteration to include the UserNameSecurityTokenParameter:
<bindings>
<wsHttpBinding>
<binding name="EDTDelegate"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="655360"
messageEncoding="Mtom"
textEncoding="utf-8"
useDefaultWebProxy="true">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Certificate" algorithmSuite="Default" establishSecurityContext="false" negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
这是在code我使用添加UsnerNameSupportingToken:
This is the code I'm using to add the UsnerNameSupportingToken:
public static Binding AddUserNameSupportingTokenToBinding( Binding binding )
{
var elements = binding.CreateBindingElements( );
var security = elements.Find<SecurityBindingElement>( );
if ( security != null )
{
var tokenParameters = new UserNameSecurityTokenParameters( );
tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
tokenParameters.RequireDerivedKeys = false;
security.EndpointSupportingTokenParameters.SignedEncrypted.Add( tokenParameters );
return new CustomBinding( CollectionUtils.GetArray<BindingElement>( elements ) );
}
throw new ArgumentException( "Binding contains no SecurityBindingElement" );
}
不过,无法连接和或从服务器获取比内部服务器错误另一响应(我假设由于不符合一个预期由服务器的消息)
However, it is unable to connect and or get another response from the server than an internal server error (I assume due to not compliance of the message with the one expected by the server)
这是我发送消息。
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://edt.health.ontario.ca/EDTDelegate/uploadRequest</a:Action>
<h:EBS xmlns:h="http://ebs.health.ontario.ca/" xmlns="http://ebs.health.ontario.ca/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SoftwareConformanceKey xmlns="">444361ee-277f-7732-c684-7a9923jfgh1b</SoftwareConformanceKey>
<AuditId xmlns="">124355467675</AuditId>
</h:EBS>
<h:IDP xmlns:h="http://idp.ebs.health.ontario.ca/" xmlns="http://idp.ebs.health.ontario.ca/">
<ServiceUserMUID xmlns="">1111222</ServiceUserMUID>
</h:IDP>
<h:MSA xmlns:h="http://msa.ebs.health.ontario.ca/" xmlns="http://msa.ebs.health.ontario.ca/">
<ServiceUserMUID xmlns="">1111222</ServiceUserMUID>
<UserID xmlns="">johndoe@examplemail.com</UserID>
</h:MSA>
<a:MessageID>urn:uuid:5e622e7a-ec98-4ee3-b7c8-1cfaec188136</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo86225XKzvdDstW/QNIEkkkAAAAAUbXx6AYITkSuseKiCyJ3EndgEcfrnxtMkRLZu91buJMACQAA</VsDebuggerCausalityData>
<To a:mustUnderstand="1" u:Id="_1" xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope">https://ws.ebs.health.gov.on.ca:1441/EDTService/EDTService</To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2013-10-07T14:47:11.687Z</u:Created>
<u:Expires>2013-10-07T14:52:11.687Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-5ee937ee-c1c6-404c-a827-1ca0ee22cfe1-1">
<o:Username>johndoe@examplemail.com</o:Username>
<o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">54321</o:Password>
</o:UsernameToken>
<o:BinarySecurityToken u:Id="uuid-5ee937ee-c1c6-404c-a827-1ca0ee22cfe1-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIB0TCCATqgAwIBAgIQZSTkN52mXZFGuZfVCPPu4TANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTMwMTA0MTcwMTQxWhcNMTgwMTA0MDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN+FQSfgZuCELM+dfMLM+JUecV9313wmgFRMKVWHlgGml/9QrSCXmSoiiTZl+5n7DLmjTnB7RbrAu/rva6KPPulN5QOBrYQDvea0Iw0eUXsZw2DYKGMpeCOnZI73g4LXSTq7MsOUc+6U579Sca0clPjXTJwZ/wO0E1aq/x5OJjhDAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAVxQTfRI26bqJthHgETMLPmtMPaUwRQEcy7Kn1GQdPKXBaSHbN8iUkUoUBRvWCBVd+PilCgNXPMyK52WZJEqGyNdBzVR9oXa1sYWeXm3Nic0Qp2uZ7cMA5t/TLLdb7L03QdJ2OWtaPc29yClquas5OOTQtDBL79Nzm+/z45M12DQ==</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>nJu/wqr3l9c+bsczWgNkoqR9orc=</DigestValue>
</Reference>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>YwVphhmJ70apQiykWlMqZ7dv2S4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>BpulyIHAVry9TW8T2mZvPv9yP8FEGa21UdedB3KZWo7xQ4fbYrewAuOkacm2NN2q+a9jlc5iHRIQ9Ktdb0EieHzXQne2PNiIl2E1QXT5NG/MDAfnczvkXxbG2hrCdP0ZXbMIwtA2znv0u1/UwrFEjm5ILqUd+wgTlqDaEpgCpBU=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-5ee937ee-c1c6-404c-a827-1ca0ee22cfe1-2"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<upload xmlns="http://edt.health.ontario.ca/">
<upload xmlns="">
<content>
<xop:Include href="cid:http%3A%2F%2Ftempuri.org%2F1%2F635167396385870396" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>
</content>
<description>C:\CL\1\HI155614.018</description>
<resourceType>CL</resourceType>
</upload>
</upload>
</s:Body>
</s:Envelope>
可能有人请告诉我,我做错了吗?我看到的第一件事情是,我只有2参考章节中的签名/ SignedInfo中,而在这个例子有五:-S请帮助!先谢谢了。
Could somebody please tell me what I'm doing wrong? The first thing I've seen is that I have only 2 Reference sections in the Signature/SignedInfo while in the example there are 5. :-S Please help !!! Thanks in advance.
推荐答案
解决的办法是根据这个帖子来工作:
The solution was to work according to this post:
12常见的WCF互操作的混乱亚龙Naveh的
在12月18日,2013年亚龙还出版:的这个帖子解释细节的安大略省卫生及长期护理Web服务
In December 18th, 2013. Yaron also published: this post explaining the details for the Ontario Ministry of Health and Long-Term Care WebServices
这篇关于WCF客户端使用的WS-Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
