使用.Net Client中的WSSE安全标头使用Java Web服务 [英] Consume java web service with WSSE Security Header from .Net Client

问题描述

我正在尝试从.net客户端调用具有wsse安全性的Java Web服务.我仍然找不到如何从.net调用的解决方案

供应商给了我证书和我将其导入到WS-Security配置中，并在SoapUI中配置为X509证书.

这里是肥皂信封SOAP UI

< soapenv:信封xmlns:soapenv ="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web =" http://webService.service.vim.logistics.teckwah.com/>
   < soapenv:Header>< wsse:Security xmlns:wsse =" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd xmlns:wsu =" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"< ds:Signature ID ="SIG -3"； xmlns:ds ="http://www.w3.org/2000/09/xmldsig#">< ds:SignedInfo>< ds:CanonicalizationMethod Algorithm ="http://www.w3.org /2001/10/xml-exc-c14n#>< ec:InclusiveNamespaces PrefixList =" soapenv web" xmlns:ec =" http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod>< ds:SignatureMethod Algorithm ="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/<ds:Reference URI =#id-1"< ds:Transforms< ds:Transform Algorithm ="; http://www.w3.org/2001/10/xml-exc-c14n#>< ec:InclusiveNamespaces PrefixList ="web" xmlns:ec ="http://www.w3.org/2001/10/xml-exc-c14n#"/</ds:Transform></ds:Transforms>< ds:DigestMethod算法="http://www.w3.org/2000/09/xmldsig#sha1"/< ds:DigestValue> Py2nf8T3ucIT/H0eZbz6MgakPs8 =</ds:DigestValue></ds:Reference>< ;/ds:SignedInfo>< ds:SignatureValue> nkeuVdsP7oh9qmz6gv5/At40GVnBhNOQKWVyIeEKW0E9Bx4BEa5tVn4NX9pfW7KTsp1wE0QyDM3G
OVDpARRc + xhtdST3Ard6f/dAqmPbD5KA9DPgTF61us8UM0jx1rNydr52UN6LMHINSQ/4PU0/7wOT
NOtrH1F8WK6KVzta0WMtP54Y6BWYZRvrY/ENIzKx5M9DyMEda + w + vlGB7pO4MFihsIZEZ/jLwZim
tiQH/TRjMa74pS7BhZYBYs74bWO9LXq7d/otxfRPlxZLle8MuH2LXqVKo9Nn0LHGCOX1qnoLdTyZ
OD9ZKNd2qr7MaedFJi2LW3oz490NjOSas61GDg ==</ds:SignatureValue>
< ds:KeyInfo ID =" KI-F64858524385333AD614738394871234>
< wsse:SecurityTokenReference wsu:Id =" STR-F64858524385333AD614738394871234">
< wsse:KeyIdentifier EncodingType ="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
值类型= QUOT; HTTP://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> MIIDTzCCAjegAwIBAgIEK0XRUjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJTRzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDENMAsGA1UEAxMEVGVzdDAeFw0xNjA2MTQwMzA2MzlaFw0xNzA2MTQwMzA2MzlaMFgxCzAJBgNVBAYTAlNHMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MQ0wCwYDVQQDEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3u4VlLseeqo + pNu8MWr5cdZ4UQF6UUJbkEToUORcyukZoXEUrsbdZGzktT02HxmOqsvcEdXrUbCy2yP8v + GP7EX0Zv3gdBK2toYdSRkl6TnDbbhd3ToxoO//T85nahWlkUI91JZ33XDX + N + /uiwZy6/mytg9Ilw1njzG9yZqdlpbp5S5P1q2hbEo9nscx5SjqCjIPT/Gy435iaePAEeQyld79AavkrY6 + QsasKD2 + l5HGgDaPqdE8L0rS9Awuk7bjD/q4JzBz8pVke0oXiXO4ZU7HEElLoHvbdB + Y9Tjo4uCK9JSIlTp1gc6/UxhUKkAXmfXAX5d1XW3kpjHJWsCwIDAQABoyEwHzAdBgNVHQ4EFgQU54pSGp50u5MxYKdrT7sJsriIJi8wDQYJKoZIhvcNAQELBQADggEBAHIjAZS6iEuZ2RLlfHA1TfnWTc2HdTwAcZxZe1F0 + zhGuKC5DMd4Zfjij35V5G6QRPTsmaVIBb1fqnGzrg5W22hADJqeCnZdc FW/U2CiCP9Ze92kWUDBze67gD31OGd5CbRLkz1g/mrZBCYf4Fu1pR8BDOI + 8L07MDuJC5K1mGD + JiHy5 + Rmzm8Kpjiy19gCeo6QlzXkgTPuYoNt0ASSeAfMMU/6QRUUp/RM/FrHoMvH6cK0yWk9Bz7tOhEF6w0pv9TtOudCUg0um8YHo4JemFiZ1T06iKdB4ihpsvXckllAd2UFymMJ7oQ/Q5/30fUrqTE7uRdplvG/QEkMUtyht7c = LT;/的wsse:KeyIdentifier></的wsse:SecurityTokenReference></DS:密钥信息></DS:签名</wsse:Security></soapenv:Header>
   < soapenv:Body wsu:Id =" id-1" xmlns:wsu =" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      < web:createUser>
         <！-可选:->
          < itemMaster>
           < customerInfo>
< city>古尔冈< city>
<州>孟买</州>
< companyName>拉尔夫·劳伦公司印度联络处</companyName>
< contactEmail> kumar@ralphlauren.com</contactEmail>
< contactName/>< contactNo> 91 9899969298</contactNo>
< country>印度</country>
< custType> PPR成员</custType>
< email> kumar@ralphlauren.com</email>
< fullName> Pavan</fullName>
< hpacctMgr> a5cceb52-14e0-46f8-90fd-04d9323bf680</hpacctMgr>
< lastModifiedBy/>
< pickupAddr> N/A</pickupAddr>
<敬礼> Mr</敬礼>
< tel> 91 9899969298</tel>
< timeZone/>
</customerInfo>
<用户>
< countryName/>
< timeZone/>
< userType/>
< username> kumar@ralphlauren.com</username>
</user>
         </itemMaster>
      </web:createUser>
   </soapenv:Body>
</soapenv:信封> 

我的方法是生成与SOAP UI代码完全相同的XML文档，并且不使用WSDL或添加服务引用"，但是我的问题是 >和 wsse:SecurityTokenReference wsu:Id =" STR-DF1A0181FB665F5F2D14730610455706"  会针对每个请求进行更改.

我的问题是如何在C#clinet中生成KeyInfo和SecurityTokenReference.如果我的方法是错误的，那应该是正确的方法.

谢谢

泗四

解决方案

>>我正在尝试从.net客户端调用具有wsse安全性的Java Web服务

您的Web服务类型和客户端是什么?您是说要从.net WCF客户端使用Java WCF服务吗?如果是这样，我建议您通过添加服务参考"使用服务，并在每个请求中检查安全标头.

>>我的问题是如何在C#clinet中生成KeyInfo和SecurityTokenReference

下面的链接可能对您有用.

#如何使WCF客户端符合特定的WS-Security-对UsernameToken和SecurityTokenReference进行签名

最好的问候

爱德华

I am trying to call java web service with wsse security from .net client. I still can't find a solution how to call from .net

Vendor gave me the certificate and I imported it into Outgoing WS-Security Configuration and configure as X509 Certificate in SoapUI.

Here is the soap envelope from SOAP UI

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webService.service.vim.logistics.teckwah.com/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:Signature Id="SIG-3" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="soapenv web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-1"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Py2nf8T3ucIT/H0eZbz6MgakPs8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nkeuVdsP7oh9qmz6gv5/At40GVnBhNOQKWVyIeEKW0E9Bx4BEa5tVn4NX9pfW7KTsp1wE0QyDM3G
OVDpARRc+xhtdST3Ard6f/dAqmPbD5KA9DPgTF61us8UM0jx1rNydr52UN6LMHINSQ/4PU0/7wOT
NOtrH1F8WK6KVzta0WMtP54Y6BWYZRvrY/ENIzKx5M9DyMEda+w+vlGB7pO4MFihsIZEZ/jLwZim
tiQH/TRjMa74pS7BhZYBYs74bWO9LXq7d/otxfRPlxZLle8MuH2LXqVKo9Nn0LHGCOX1qnoLdTyZ
OD9ZKNd2qr7MaedFJi2LW3oz490NjOSas61GDg==</ds:SignatureValue>
<ds:KeyInfo Id="KI-F64858524385333AD614738394871234">
<wsse:SecurityTokenReference wsu:Id="STR-F64858524385333AD614738394871234">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDTzCCAjegAwIBAgIEK0XRUjANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJTRzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDENMAsGA1UEAxMEVGVzdDAeFw0xNjA2MTQwMzA2MzlaFw0xNzA2MTQwMzA2MzlaMFgxCzAJBgNVBAYTAlNHMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MQ0wCwYDVQQDEwRUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3u4VlLseeqo+pNu8MWr5cdZ4UQF6UUJbkEToUORcyukZoXEUrsbdZGzktT02HxmOqsvcEdXrUbCy2yP8v+GP7EX0Zv3gdBK2toYdSRkl6TnDbbhd3ToxoO//T85nahWlkUI91JZ33XDX+N+/uiwZy6/mytg9Ilw1njzG9yZqdlpbp5S5P1q2hbEo9nscx5SjqCjIPT/Gy435iaePAEeQyld79AavkrY6+QsasKD2+l5HGgDaPqdE8L0rS9Awuk7bjD/q4JzBz8pVke0oXiXO4ZU7HEElLoHvbdB+Y9Tjo4uCK9JSIlTp1gc6/UxhUKkAXmfXAX5d1XW3kpjHJWsCwIDAQABoyEwHzAdBgNVHQ4EFgQU54pSGp50u5MxYKdrT7sJsriIJi8wDQYJKoZIhvcNAQELBQADggEBAHIjAZS6iEuZ2RLlfHA1TfnWTc2HdTwAcZxZe1F0+zhGuKC5DMd4Zfjij35V5G6QRPTsmaVIBb1fqnGzrg5W22hADJqeCnZdcFW/U2CiCP9Ze92kWUDBze67gD31OGd5CbRLkz1g/mrZBCYf4Fu1pR8BDOI+8L07MDuJC5K1mGD+JiHy5+Rmzm8Kpjiy19gCeo6QlzXkgTPuYoNt0ASSeAfMMU/6QRUUp/RM/FrHoMvH6cK0yWk9Bz7tOhEF6w0pv9TtOudCUg0um8YHo4JemFiZ1T06iKdB4ihpsvXckllAd2UFymMJ7oQ/Q5/30fUrqTE7uRdplvG/QEkMUtyht7c=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header>
   <soapenv:Body wsu:Id="id-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <web:createUser>
         <!--Optional:-->
          <itemMaster>
           <customerInfo>		
		<city>Gurgaon</city>
		<state>Mumbai</state>
		<companyName>Ralph Lauren Corporation India Liaison Office</companyName>
		<contactEmail>kumar@ralphlauren.com</contactEmail>
		<contactName/><contactNo>91 9899969298</contactNo>
		<country>India</country>
		<custType>PPR Member</custType>
		<email>kumar@ralphlauren.com</email>
		<fullName>Pavan </fullName>
		<hpacctMgr>a5cceb52-14e0-46f8-90fd-04d9323bf680</hpacctMgr>
		<lastModifiedBy/>
		<pickupAddr>N/A</pickupAddr>
		<salutation>Mr</salutation>
		<tel>91 9899969298</tel>
		<timeZone/>
</customerInfo>		
		<user>
		<countryName/>
		<timeZone/>
		<userType/>
			<username>kumar@ralphlauren.com</username>
		 </user>
         </itemMaster>
      </web:createUser>
   </soapenv:Body>
</soapenv:Envelope>

My approach is generate XML document exactly the same as SOAP UI code and without using the WSDL or "Add Service Reference" but my problem is and wsse:SecurityTokenReference wsu:Id="STR-DF1A0181FB665F5F2D14730610455706"> are keeping changing for each request.

My question is how to generate KeyInfo and SecurityTokenReference in C# clinet. If my approach is wrong what should be the right approach.

Thanks,

Si Thu

解决方案

Hi Si,

>> I am trying to call java web service with wsse security from .net client

What is your web service type and client? Do you mean you want to consume Java WCF service from .net WCF client? If so, I would suggest you to consume service by "Add Service Reference", and check the security Header in each request.

>> My question is how to generate KeyInfo and SecurityTokenReference in C# clinet

The link below might be useful to you.

# How to make WCF Client conform to specific WS-Security - sign UsernameToken and SecurityTokenReference

http://stackoverflow.com/questions/12832213/how-to-make-wcf-client-conform-to-specific-ws-security-sign-usernametoken-and

Best Regards,

Edward

这篇关于使用.Net Client中的WSSE安全标头使用Java Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！