让 WCF 接受未签名的“To"标题 [英] Getting WCF to accept unsigned 'To' Header
问题描述
我有一个使用 WSHttpBinding 的 WCF Web 服务.安全性是 TransportWithMessageCredential.我有一个客户端连接到我,它正在发送带有未签名标题中的 To 元素的 Soap 消息.我的服务不喜欢这样,并抛出 System.ServiceModel.Security.MessageSecurityException 和消息通过传输安全接收的消息具有未签名的‘To’标头".我无法找到 WS-Security 规范中专门指定的元素的签名,但我看到它被推荐用于防止重定向攻击.
I have a WCF web service that is using WSHttpBinding. The security is TransportWithMessageCredential. I have a client connecting to me that is sending a Soap message with the To element in the header unsigned. My service doesn't like this and is throwing System.ServiceModel.Security.MessageSecurityException with the message "The message received over Transport security has unsigned 'To' header". I haven't been able to find the signing of the element specified specifically in the WS-Security spec but I have seen it recommended to prevent redirect attacks.
那么有谁知道我是否可以将我的 Web 服务配置为不检查要签名的 To 元素?还有问题的另一面,但我无法更改此客户端与我的连接方式.
So does anyone know if there is anyway for me to configure my web service not to check for the To element to be signed? Also the other side of the issue but I cannot change how this client is connecting to me.
推荐答案
我们遇到了同样的问题,并就此事联系了 Microsoft 支持.他们为此发布了一个修补程序.请参阅位于
We've had the same issue, and contacted Microsoft support about it. They released a hotfix for this. See the KB article at
https://support.microsoft.com/en-us/kb/2974335
这篇关于让 WCF 接受未签名的“To"标题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!