wcf Interop:安全标头中没有时间戳可用于进行重播检测 [英] wcf Interop: No timestamp is available in security header to do replay detection

问题描述

我正在尝试使用WCF调用Java服务.该服务会发回一条消息，但不会返回我的程序. WCF生成: 安全标题中没有时间戳可用于进行重放检测.

I am trying to call a Java service using WCF. The service sends a message back but it does not make back to my program. WCF generates: No Timestamp is available in security header to do replay detection.

我在Fiddler中捕获了返回的消息，并且主体中有一个Timestamp字段.

I captured the returned message in Fiddler and there is a Timestamp field in the body.

<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="SecurityToken-</wsse:BinarySecurityToken>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#Id-649325bc-661f-ede4-9ba7-6366c9de792e"><dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>Pm0bbVqKJfz05tPpphXtBJjDyew=</dsig:DigestValue>
</dsig:Reference></dsig:SignedInfo>
<dsig:SignatureValue> *snip*</dsig:SignatureValue>
<dsig:KeyInfo>
<SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#SecurityToken-65e3d200-a1e1-b453-03f6-dd800869423d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
</wsse:Security>
</SOAP-ENV:Header>

<SOAP-ENV:Body wsu:Id="Id-649325bc-661f-ede4-9ba7-6366c9de792e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ns0:ResponseMessage xmlns:ns0="http://www.ercot.com/schema/2007-06/nodal/ews/message"><ns0:Header><ns0:Verb>reply</ns0:Verb><ns0:Noun>BidSet</ns0:Noun><ns0:ReplayDetection><ns0:Nonce>09f359b4ddb89f0a23dd6d05508cc372</ns0:Nonce><ns0:Created>2012-03-08T09:44:16.865-06:00</ns0:Created></ns0:ReplayDetection><ns0:Revision>001</ns0:Revision><ns0:Source>ERCOT</ns0:Source><ns0:UserID>API_EMP327</ns0:UserID><ns0:MessageID>temp</ns0:MessageID>

</ns0:Header><ns0:Reply><ns0:ReplyCode>OK</ns0:ReplyCode><ns0:Timestamp>2012-03-08T09:44:16.865-06:00</ns0:Timestamp></ns0:Reply>

<ns0:Payload>*snip*</ns0:Payload>

我看过: http://social. msdn.microsoft.com/forums/zh-CN/wcf/thread/3be779e7-1d73-455c-8aa0-cb90026e8993/

并适当修改了我的配置.添加securityHeaderLayout ="Lax" 和

and modified my config appropriately. Adding securityHeaderLayout="Lax" and

<customBinding>
        <binding name="NodalCustomBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:10:00">
          <textMessageEncoding messageVersion="Soap11" />
          <security
            authenticationMode="MutualCertificate"
            requireDerivedKeys="false"
            includeTimestamp="true"
            securityHeaderLayout="Lax"
             keyEntropyMode="ClientEntropy"
            messageProtectionOrder="SignBeforeEncrypt"
            messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
            requireSecurityContextCancellation="false"
            allowSerializedSigningTokenOnReply="true"
            enableUnsecuredResponse="true" >
            <secureConversationBootstrap />
            <localClientSettings detectReplays="false"/>
          <localServiceSettings detectReplays="false"/>
          </security>

          <httpsTransport />

我仍然遇到相同的错误.

I am still getting the same error.

任何帮助将不胜感激！

基思

推荐答案

错误表明肥皂包 header 中的wsse:Security元素中没有时间戳.我看到的timestamp元素在body元素中，并且不适用于ws-security配置.此外，includeTimestamp属性设置为true.只是在这里猜测，但是您是否尝试过将其设置为false?

The error is saying there is no timestamp in the wsse:Security element in the soap envelope header. The timestamp element I see is in the body element and has no applicability to the ws-security configuration. Also, the includeTimestamp attribute is set to true. Just guessing here but have you tried setting it to false?

这篇关于wcf Interop:安全标头中没有时间戳可用于进行重播检测的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！