如何获取 WCF 请求的 base64 签名编码 [英] How to get the base64 signature encoding for a WCF request
问题描述
我有一个 WCF 客户端代理,并且正在使用以下绑定元素来签署对第三方 Java Web 服务的请求:
I have a WCF client proxy and am using the following binding element to sign the request to a third party Java web service:
Dim asec As TransportSecurityBindingElement = SecurityBindingElement.CreateCertificateOverTransportBindingElement()
asec.EnableUnsecuredResponse = True
asec.SetKeyDerivation(False)
asec.AllowInsecureTransport = True
asec.IncludeTimestamp = True
但是,我被告知服务端存在验证错误:
However, I'm told there is a validation error on the service side:
签名验证失败:编码类型无效(只有 base64 是支持)令牌:uuid-168b7c90-2d6a-4928-9979-94cb84443d3b-1
Signature validation failed: Invalid encoding type (only base64 is supported) for token:uuid-168b7c90-2d6a-4928-9979-94cb84443d3b-1
所以我假设我需要将一些东西(可能是签名?)设置为 base64 编码.我该怎么做?
So I'm assuming I need to set something (probably the signature?) to base64 encoding. How can I do this?
推荐答案
回答问题:
虽然我不知道为什么会这样,或者这意味着什么.
Though I don't know why this works, or what it means.
SecurityBindingElement.CreateCertificateOverTransportBindingElement() 将绑定的 MessageSecurityVersion 初始化为其默认值,即:
SecurityBindingElement.CreateCertificateOverTransportBindingElement() initializes the MessageSecurityVersion of the binding to its defaults, which is:
WS-Security 1.1、2005 年 2 月的 WS-Trust、2005 年 2 月的 WS-SecureConversation 和 WS-SecurityPolicy 1.1.
WS-Security 1.1, WS-Trust of February 2005, WS-SecureConversation of February 2005 and WS-SecurityPolicy 1.1.
通过您现在调用的重载,您指定了这个:
With the overload you're now calling, you're specifying this:
基于 WS-Security 1.0、2005 年 2 月的 WS-Trust、2005 年 2 月的 WS-SecureConversation 和 WS-SecurityPolicy 1.1 安全规范的基本安全配置文件 1.0.
Basic Security Profile 1.0 based on WS-Security 1.0, WS-Trust of February 2005, WS-SecureConversation of February 2005 and WS-SecurityPolicy 1.1 security specifications.
要确定 WCF 实际发出的 EncodingType,您必须在两者之间放置一个 HTTP 监视器(例如 Fiddler),或者让 .NET 输出跟踪信息来记录正在发送的消息.您还可以访问或请求服务器日志以查看服务器认为消息无效的原因.
To determine what EncodingType WCF actually emits, you'll have to either put an HTTP monitor in between (e.g. Fiddler) or let .NET output trace information to log the message being sent. You can also access or request the server logs to see why the server thinks the message is invalid.
然而,我怀疑,鉴于对实际错误消息的某些 Web 搜索,Java 服务器抱怨您的 WCF 客户端省略EncodingType=...#Base64Binarywsse:BinarySecurityToken.根据规范,这是唯一允许的值(如果双方同意,则为自定义值),并且未标记为可选值.
I suspect however, given certain web searches on the actual error message, that the Java server complains about your WCF client omitting the EncodingType=...#Base64Binary on the wsse:BinarySecurityToken. According to the spec, that is the only allowed value (or a custom one if both parties agree on it) and it's not marked as optional.
在将 MessageSecurityVersion 更改为 WS-sec 1.0 后,也解释了 here(很容易找到 - 一旦你知道你在找什么),我猜 WCF 显式输出 EncodingType 属性,导致服务接受消息.
After changing the MessageSecurityVersion to WS-sec 1.0 as also explained here (which is easy to find - once you know what you're looking for), I guess WCF explicitly outputs the EncodingType attribute, causing the service to accept the message.
这篇关于如何获取 WCF 请求的 base64 签名编码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
