消费需要的WS-Security从ASP.NET 4.5应用程序的Web服务 [英] Consume a Web Service that requires WS-Security from ASP.NET 4.5 Application
问题描述
我需要消耗需要根据从ASP.NET 4.5应用程序的X.509证书的WS-Security的Web服务。到目前为止,我已经创建的Web引用,但我不知道如何实现的WS-Security。我有获得证书没有问题,但我不知道如何使用它在这种情况下,我需要得到如何进行的建议。
我的代码到目前为止很基本的,我需要的WS-Security添加到它:
VAR泰雷=新serviciotereSoapClient();
tere.ClientCredentials.ClientCertificate.Certificate = myCert;
VAR响应= tere.agregarGuia(贵啊);
服务配置:
< system.serviceModel>
<&绑定GT;
<&basicHttpBinding的GT;
<绑定名称=serviciotereSoapBinding>
<安全模式=运输>
<运输clientCredentialType =无proxyCredentialType =无
境界=/>
<消息clientCredentialType =证书algorithmSuite =默认/>
< /安全>
< /&结合GT;
< / basicHttpBinding的>
< /绑定>
<客户端>
<端点地址=https://secure.aduana.gov.py/test/tere/serviciotere
结合=basicHttpBinding的bindingConfiguration =serviciotereSoapBinding
合同=TEREReference .serviciotereSoapNAME =serviciotereSoap/>
< /客户>
< /system.serviceModel>
修改1
块引用>
根据我想出了以下实现@TrevorBrooks的答案:
- 创建使用svcutil.exe的
- 服务代理添加的wsHttpBinding至
的web.config
- 改变使用端点在第2步
- 添加绑定更改为使用新的WCF客户端的代码。
在Web.config现在看起来是这样的:
< system.serviceModel>
<&绑定GT;
<&的wsHttpBinding GT;
<绑定名称=WSHttpBinding_TereService>
<安全模式=运输>
<运输clientCredentialType =无proxyCredentialType =无
境界=/>
<消息clientCredentialType =证书algorithmSuite =默认/>
< /安全>
< /&结合GT;
< /&的wsHttpBinding GT;
< /绑定>
<客户端>
<端点地址=https://secure.aduana.gov.py/test/tere/serviciotere
结合=的wsHttpBindingbindingConfiguration =WSHttpBinding_TereService
合同=serviciotereSoap NAME =WSHttpBinding_TereService/>
< /客户>
< /system.serviceModel>
现在调用服务,我得到的ProtocolException的消息时:
内容类型text / xml的;响应消息不匹配绑定的内容类型的字符集= UTF-8(应用程序/肥皂+ xml的;字符集= UTF-8)。如果使用自定义的编码,确保该法实施得当IsContentTypeSupported。第一个372字节的响应为:
< ENV:信封的xmlns:ENV =HTTP://schemas.xmlsoap .ORG / SOAP /信封/'>
< ENV:页眉和GT; < / ENV:页眉和GT;
< ENV:身体与GT;
< ENV:故障的xmlns:ENV =HTTP://schemas.xmlsoap.org/soap/envelope/'>
<&faultode的GT; ENV:服务器16; / faultode的>
< faultstring> org.jboss.ws.core.CommonSOAPFaultException:
此服务需要与LT; WSSE:安全>中一个缺少< / faultstring取代。 < / ENV:故障>
< / ENV:身体与GT;
< / ENV:信封>
此错误是一个进步对我来说,因为与basicHttpBinding的的例外是更加可怕结果
的问题是因为服务需要WS-Security和需要与证书签署的消息,这是我的问题,我目前还无法弄清楚如何做到这一点。
在此的其他问题我给了太多的细节
编辑2:
我现在只要。样本包,对于服务的工作原理
块引用>
< soapenv:页眉和GT;
< WSSE:安全的xmlns:WSSE =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd的xmlns:WSU = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">
< WSSE:的BinarySecurityToken EncodingType =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary的ValueType =HTTP ://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3WSU:ID =X509-B259DAB3D28E48CB6A140000796019094> MIIC9TCCAd2gAwIBAgIIUiM4nWs8kfcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTkxMTIwWhcNMTgxMjIwMTQzNzEzWjBBMRQwEgYDVQQDDAtjb3VyaWVyLnRudDEOMAwGA1UECwwFc29maWExDDAKBgNVBAoMA2RuYTELMAkGA1UEBhMCcHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOS71x5 + ChwGzWs4VlLgkePbU8 / zFHUrrE8nFNVsukMCc5q5hCK8 / CeNM + mxImilLdJrGoC2 / 000lQetB9B3AqIrAdOfBFU4 / qsAlgWI + kt2jnUsJMLRjQfxhAKMeX4RUb0CmTcsnXtWlFvYFFjiUi9nUJVSxCsmldVFgLIAHRPjAgMBAAGjfzB9MB0GA1UdDgQWBBTCwBBmU7f / 4SmNz7GNJ25ILkPuhjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDF + 1hOSdgg2DFOUofnnXdx9TxjeMA4GA1UdDwEB / wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAALVVGGNsTSMcfDBwkkNQH3MpfiNTo / mhH8ahqUVN1 + 5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt / 93f74B3a3oMpBtbVEiku2BKUp5cJfkYe2c5zPOxk3nzmQwcEoB ++ RgX9DJOtUkKA / It2IM9 / 8ggUyjceJQCpBRiA9Kg7 + h3HfmOKNn + 9 / pNu498JXhSRKa8Jr4pp / 1udYRk + W8sKGEBtAU9MvL3y0AbvLhUD + MZyvpHGB17fslC8Nnd5EBQH8hQD + DWGepyCBIlb0NA13YEoLMcRKDcWvSPd0UGWo2G0IOeUZaGuzzIz2n04QrXvnqQKAOFd9yH2VfGtWE =< / WSSE:的BinarySecurityToken>
< DS:签名ID =SIG-96的xmlns:DS =http://www.w3.org/2000/09/xmldsig#>
< DS:SignedInfo中>
< DS:CanonicalizationMethod的算法=http://www.w3.org/2001/10/xml-exc-c14n#的xmlns:DS =http://www.w3.org/2000/ 09 / XMLDSIG#>
< EC:InclusiveNamespaces PrefixList =soapenv网的xmlns:EC =http://www.w3.org/2001/10/xml-exc-c14n#>< / EC:InclusiveNamespaces>
< / DS:CanonicalizationMethod的>
< DS:是SignatureMethod算法=http://www.w3.org/2000/09/xmldsig#rsa-sha1的xmlns:DS =http://www.w3.org/2000/09 / XMLDSIG#>< / DS:是SignatureMethod>
< DS:参考URI =#ID-95的xmlns:DS =http://www.w3.org/2000/09/xmldsig#>
< DS:变换的xmlns:DS =http://www.w3.org/2000/09/xmldsig#>
< DS:变换算法=http://www.w3.org/2001/10/xml-exc-c14n#的xmlns:DS =http://www.w3.org/2000/ 09 / XMLDSIG#>
< EC:InclusiveNamespaces PrefixList =网的xmlns:EC =http://www.w3.org/2001/10/xml-exc-c14n#>< / EC:InclusiveNamespaces>
< / DS:转换>
< / DS:变换>
< DS:DigestMethod算法=http://www.w3.org/2000/09/xmldsig#sha1的xmlns:DS =http://www.w3.org/2000/09/xmldsig #>< / DS:DigestMethod>
< DS:DigestValue中的xmlns:DS =http://www.w3.org/2000/09/xmldsig#> whvAdAkypsWVXHXbIz / T54n0dBw = LT; / DS:DigestValue中>
< / DS:参考>
< / DS:SignedInfo中>
< DS:SignatureValue所>
MdHy5mceNtQWUD5WmVOzZU8roxD3EQkQmcZA9LsfhBcp3cFAD3P1qJJ9EyrRFBs5yCiYDY716Wzh
M + tFybt1 + EujXZZ3ytk4XaahkexNAG51iup1wvw0Km + nsj4u / x8DzTA / J9EG3ZdTSUrIVBsFcEQa
TF4BwUAgGBS87xqL5zc =
< / DS:SignatureValue所>
< DS:密钥信息n =KI-B259DAB3D28E48CB6A140000796019095>
< WSSE:SecurityTokenReference WSU:ID =STR-B259DAB3D28E48CB6A140000796019096的xmlns:WSSE =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext -1.0.xsd>
< WSSE:参考URI =#X509-B259DAB3D28E48CB6A140000796019094的ValueType =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile- 1.0#采用X509v3的xmlns:WSSE =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>< / WSSE:参考>
< / WSSE:SecurityTokenReference>
< / DS:密钥信息>
< / DS:签字>
< WSU:时间戳WSU:ID =TS-94>
< WSU:创建的xmlns:WSU =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd> 2014- 05-13T19:06:00.188Z< / WSU:创建>
< WSU:过期的xmlns:WSU =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd> 2014- 05-13T19:07:00.188Z< /华盛顿州立大学:截止日期>
< / WSU:时间戳>
< / WSSE:安全和GT;
< / soapenv:页眉和GT;
这是一个IM传递不工作:
块引用>
< S:信封的xmlns:S =HTTP:// schemas.xmlsoap.org/soap/envelope/的xmlns:U =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd>
< S:页眉和GT;
< VsDebuggerCausalityData的xmlns =http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink> uIDPowmum40QT95GqsY7XPKT7LIAAAAAvMwgorinWU + AVOWH + 3TPjP6NBU03AZtHqle8GLRYcYAACQAA< / VsDebuggerCausalityData>
<○:安全小号:mustUnderstand属性=1的xmlns:O =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0的.xsd>
< U:时间戳U:n =_ 0>
< U:创建> 2014-05-15T21:30:20.723Z< / U:创建>
< U:过期> 2014-05-15T21:35:20.723Z< / U:过期>
< / U:时间戳>
<○:的BinarySecurityToken U:n =UUID-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2的ValueType =http://docs.oasis-open.org/wss/2004/01/oasis -200401-WSS-X509令牌瞩目-1.0#采用X509v3> MIIC9jCCAd6gAwIBAgIINNZyZplkQHgwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTgzMjQ3WhcNMTgxMjIwMTQzNzEzWjBCMRUwEwYDVQQDDAxjb3Vycmllci5kaGwxDDAKBgNVBAsMA09QUzEOMAwGA1UECgwFREhMUFkxCzAJBgNVBAYTAlBZMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGoP0dxByIfto / hqJCOhobTdwQJ3AxJkqUeSNFnprAH8zi6HjBJhzkXptqXiR9GZR1H4U3UaN6aczKVh2PaPqU8ooTxjST0ywWBgXA1WP3ukrybUKxpSvqmiRJ / cANAYLovL + gmh2v / fqPiLs7vsgT + zj1330wRGqtrokYPMjlbQIDAQABo38wfTAdBgNVHQ4EFgQU6IHB4XfP7 + rbryy1Ru8kFcfSDqcwDAYDVR0TAQH / BAIwADAfBgNVHSMEGDAWgBQxftYTknYINgxTlKH5513cfU8Y3jAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQB3NQC + 0 / VmC7A1MStKdc2NctTo7P + mhvIBe54U / Vs8I5vXiatKz01BzHIbl7chjP063V4YTtehDCGkwUTtARqpkua7RfdlMqsmcr1s3qnD4lUpGuAeVW0Wsrhu1xGjPf02fTBdD3yyGWCeUiNvKuoweeATlGyB / VlHJaZHN4HuJCnWlPic6uUUMBYqrOOa + WJR / OCFHqkEiBsUihD6ergj7AeAAFcG41GI2ZjVWK / PEB71sbQqqGgLpigAS9f8PNMm + TnQuizrvLPKm3hanOKYr9ORrbWjZCL3dva1YobK4ykvUYpncj6YsOtuDi62RcHYjT7IF9UoeZHBE2vePc + K< / O:&的BinarySecurityToken GT;
<签名的xmlns =http://www.w3.org/2000/09/xmldsig#>
<&的SignedInfo GT;
< CanonicalizationMethod的算法=http://www.w3.org/2001/10/xml-exc-c14n#/>
<是SignatureMethod算法=http://www.w3.org/2000/09/xmldsig#rsa-sha1/>
<参考URI =#_ 0>
<&变换GT;
<变换算法=http://www.w3.org/2001/10/xml-exc-c14n#/>
< /变换>
< DigestMethod算法=http://www.w3.org/2000/09/xmldsig#sha1/>
<&的DigestValue GT; pM8KraJSLZumo77gD9 + JF2f8eBU = LT; /&的DigestValue GT;
< /参考和GT;
< /&的SignedInfo GT;
<&SignatureValue所GT; MZ9ZTKeGj5KNUEn4R6cQhRhOdK0frNK1O5KRGbM + YqfvzlVwVKQ6n7p9rncbtrdGsLg3CVwUVwB7PBF78tDx3p0LjF / Eg015t6qouSyK / 92qL3oRz / 8TbqLKpe / 1uySdmGhrqPrVlTDF2rHuFGwmQVSILyUVLg / nW7K + EDwS / LG = LT; /&的SignatureValue GT;
<密钥信息>
<○:SecurityTokenReference>
<○:参考URI =#UUID-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2/>
< / O:SecurityTokenReference>
< /密钥信息>
< /签署及GT;
< / O:安全和GT;
< / S:页眉和GT;
< / S:信封>
解决方案有是对所有类型的安全性和绑定的一般信息在这里: http://msdn.microsoft.com/en-us/library/system。 servicemodel.wshttpbinding.aspx
但是,你需要为这里列出来配置的WS-Security在你的web.config文件:http://msdn.microsoft.com/en-us/library/ms734663.aspx
例如,而不是
< basicHttpBinding的>
你可能会使用这样的:<&绑定GT;
<&的wsHttpBinding GT;
<绑定名称=WSHttpBinding_ICalculator/>
< /&的wsHttpBinding GT;
< /绑定>
<客户端>
<端点地址=HTTP://本地主机:8000 / ServiceModelSamples /服务/ CalculatorService的
结合=的wsHttpBindingbindingConfiguration =WSHttpBinding_ICalculator
合同=ServiceReference1.ICalculator的名字=WSHttpBinding_ICalculator>
<同一性GT;
<的UserPrincipalName值=migree@redmond.corp.microsoft.com/>
< /身份>
< /端点>
< /客户>
下面是关于这个问题的一个很好的小教程,以及:的 http://msdn.microsoft.com/en-us/library/ff648431.aspx
希望这有助于!
I need to consume a web service that requires WS-Security based on X.509 certificates from ASP.NET 4.5 application. So far i have created the web reference but i don't know how implement WS-Security. I have no problem with getting the certificate, but i don't know how to use it in this case, i need to get advice on how to proceed.
My code so far is very basic, i need to add WS-Security to it:
var tere = new serviciotereSoapClient(); tere.ClientCredentials.ClientCertificate.Certificate = myCert; var response = tere.agregarGuia( guia );
Service configuration:
<system.serviceModel> <bindings> <basicHttpBinding> <binding name="serviciotereSoapBinding" > <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere" binding="basicHttpBinding" bindingConfiguration="serviciotereSoapBinding" contract="TEREReference.serviciotereSoap" name="serviciotereSoap" /> </client> </system.serviceModel>
EDIT 1
Based on the answer of @TrevorBrooks i came with the following implementation:
- Create a service proxy using SvcUtil.exe
- Add wsHttpBinding to web.config
- Changed the endpoint to use the binding added in step 2.
- Changed the code to use the new WCF client.
The web.config now looks like this:
<system.serviceModel> <bindings> <wsHttpBinding> <binding name="WSHttpBinding_TereService" > <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> </wsHttpBinding> </bindings> <client> <endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_TereService" contract="serviciotereSoap" name="WSHttpBinding_TereService" /> </client> </system.serviceModel>
Now when invoking the service i get ProtocolException with the message:
The content type text / xml; charset = UTF-8 of the response message does not match the content type of the binding (application / soap + xml; charset = utf-8). If using a custom encoder, be sure that the method is implemented properly IsContentTypeSupported. The first 372 bytes of the response were:
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <env:Header> </ env: Header> <env: Body > <env: Fault xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> <faultcode>env:Server</faultcode> <faultstring> org.jboss.ws.core.CommonSOAPFaultException: This service requires <wsse:Security>, which is missing </ faultstring>. </ Env: Fault> </env:Body> </env:Envelope>
This error is a step forward for me because with basicHttpBinding the exception was more horrible
The problem is because the Service requires WS-Security and need to sign the message with a certificate, that is my problem and i cannot yet figure out how to do it. In this other question i gave the details too.EDIT 2: I was now provided a sample envelope that works for the service.
<soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-B259DAB3D28E48CB6A140000796019094">MIIC9TCCAd2gAwIBAgIIUiM4nWs8kfcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTkxMTIwWhcNMTgxMjIwMTQzNzEzWjBBMRQwEgYDVQQDDAtjb3VyaWVyLnRudDEOMAwGA1UECwwFc29maWExDDAKBgNVBAoMA2RuYTELMAkGA1UEBhMCcHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOS71x5+ChwGzWs4VlLgkePbU8/zFHUrrE8nFNVsukMCc5q5hCK8/CeNM+mxImilLdJrGoC2/000lQetB9B3AqIrAdOfBFU4/qsAlgWI+kt2jnUsJMLRjQfxhAKMeX4RUb0CmTcsnXtWlFvYFFjiUi9nUJVSxCsmldVFgLIAHRPjAgMBAAGjfzB9MB0GA1UdDgQWBBTCwBBmU7f/4SmNz7GNJ25ILkPuhjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDF+1hOSdgg2DFOUofnnXdx9TxjeMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAALVVGGNsTSMcfDBwkkNQH3MpfiNTo/mhH8ahqUVN1+5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt/93f74B3a3oMpBtbVEiku2BKUp5cJfkYe2c5zPOxk3nzmQwcEoB++RgX9DJOtUkKA/It2IM9/8ggUyjceJQCpBRiA9Kg7+h3HfmOKNn+9/pNu498JXhSRKa8Jr4pp/1udYRk+W8sKGEBtAU9MvL3y0AbvLhUD+MZyvpHGB17fslC8Nnd5EBQH8hQD+DWGepyCBIlb0NA13YEoLMcRKDcWvSPd0UGWo2G0IOeUZaGuzzIz2n04QrXvnqQKAOFd9yH2VfGtWE=</wsse:BinarySecurityToken> <ds:Signature Id="SIG-96" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ec:InclusiveNamespaces PrefixList="soapenv web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod> <ds:Reference URI="#id-95" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ec:InclusiveNamespaces PrefixList="web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">whvAdAkypsWVXHXbIz/T54n0dBw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> MdHy5mceNtQWUD5WmVOzZU8roxD3EQkQmcZA9LsfhBcp3cFAD3P1qJJ9EyrRFBs5yCiYDY716Wzh M+tFybt1+EujXZZ3ytk4XaahkexNAG51iup1wvw0Km+nsj4u/x8DzTA/J9EG3ZdTSUrIVBsFcEQa TF4BwUAgGBS87xqL5zc= </ds:SignatureValue> <ds:KeyInfo Id="KI-B259DAB3D28E48CB6A140000796019095"> <wsse:SecurityTokenReference wsu:Id="STR-B259DAB3D28E48CB6A140000796019096" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#X509-B259DAB3D28E48CB6A140000796019094" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="TS-94"> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:06:00.188Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:07:00.188Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header>
This is the one im passing that is not working:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPowmum40QT95GqsY7XPKT7LIAAAAAvMwgorinWU+AVOWH+3TPjP6NBU03AZtHqle8GLRYcYAACQAA</VsDebuggerCausalityData> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2014-05-15T21:30:20.723Z</u:Created> <u:Expires>2014-05-15T21:35:20.723Z</u:Expires> </u:Timestamp> <o:BinarySecurityToken u:Id="uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC9jCCAd6gAwIBAgIINNZyZplkQHgwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTgzMjQ3WhcNMTgxMjIwMTQzNzEzWjBCMRUwEwYDVQQDDAxjb3Vycmllci5kaGwxDDAKBgNVBAsMA09QUzEOMAwGA1UECgwFREhMUFkxCzAJBgNVBAYTAlBZMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGoP0dxByIfto/hqJCOhobTdwQJ3AxJkqUeSNFnprAH8zi6HjBJhzkXptqXiR9GZR1H4U3UaN6aczKVh2PaPqU8ooTxjST0ywWBgXA1WP3ukrybUKxpSvqmiRJ/cANAYLovL+gmh2v/fqPiLs7vsgT+zj1330wRGqtrokYPMjlbQIDAQABo38wfTAdBgNVHQ4EFgQU6IHB4XfP7+rbryy1Ru8kFcfSDqcwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQxftYTknYINgxTlKH5513cfU8Y3jAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQB3NQC+0/VmC7A1MStKdc2NctTo7P+mhvIBe54U/Vs8I5vXiatKz01BzHIbl7chjP063V4YTtehDCGkwUTtARqpkua7RfdlMqsmcr1s3qnD4lUpGuAeVW0Wsrhu1xGjPf02fTBdD3yyGWCeUiNvKuoweeATlGyB/VlHJaZHN4HuJCnWlPic6uUUMBYqrOOa+wJr/OCFHqkEiBsUihD6ergj7AeAAFcG41GI2ZjVWK/PEB71sbQqqGgLpigAS9f8PNMm+TnQuizrvLPKm3hanOKYr9ORrbWjZCL3dva1YobK4ykvUYpncj6YsOtuDi62RcHYjT7IF9UoeZHBE2vePc+K</o:BinarySecurityToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#_0"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>pM8KraJSLZumo77gD9+JF2f8eBU=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MZ9ZTKeGj5KNUEn4R6cQhRhOdK0frNK1O5KRGbM+YqfvzlVwVKQ6n7p9rncbtrdGsLg3CVwUVwB7PBF78tDx3p0LjF/Eg015t6qouSyK/92qL3oRz/8TbqLKpe/1uySdmGhrqPrVlTDF2rHuFGwmQVSILyUVLg/nW7K+EDwS/Lg=</SignatureValue> <KeyInfo> <o:SecurityTokenReference> <o:Reference URI="#uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2"/> </o:SecurityTokenReference> </KeyInfo> </Signature> </o:Security> </s:Header> </s:Envelope>
解决方案There is general information on all types of security and bindings here: http://msdn.microsoft.com/en-us/library/system.servicemodel.wshttpbinding.aspx
But you need to configure WS-Security in your web.config file as outlined here: http://msdn.microsoft.com/en-us/library/ms734663.aspx
For example, instead of
<basicHttpBinding>
you might use something like:<bindings> <wsHttpBinding> <binding name="WSHttpBinding_ICalculator" /> </wsHttpBinding> </bindings> <client> <endpoint address="http://localhost:8000/ServiceModelSamples/Service/CalculatorService" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICalculator" contract="ServiceReference1.ICalculator" name="WSHttpBinding_ICalculator"> <identity> <userPrincipalName value="migree@redmond.corp.microsoft.com" /> </identity> </endpoint> </client>
Here's a nice little tutorial on the subject as well: http://msdn.microsoft.com/en-us/library/ff648431.aspx
Hope this helps!
这篇关于消费需要的WS-Security从ASP.NET 4.5应用程序的Web服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!