使用 SSL 上的纯文本用户名凭据的第 3 方 SOAP 1.1 服务的 WCF 客户端配置 [英] WCF client configuration for 3rd party SOAP 1.1 service with plain text username credentials over SSL

问题描述

我正在尝试连接到需要 SSL 安全性和用户名/密码凭据的第三方 SOAP 1.1 服务.一个预期的例子是:

<wsse:安全><wsse:用户名令牌><wsse:用户名>用户名</wsse:用户名><wsse:Password>密码</wsse:Password></wsse:UsernameToken></wsse:安全></soapenv:Header>

我的客户端配置如下:

<绑定><基本HttpBinding><绑定名称=第三方服务绑定配置"><安全模式="TransportWithMessageCredential"><message clientCredentialType="用户名"algorithmSuite="默认"/></安全></binding></basicHttpBinding></绑定><客户><端点地址="https://..."绑定=基本HttpBinding"bindingConfiguration="第三方服务绑定配置"合同=第三方服务合同"名称=第三方服务端点"/></客户端></system.serviceModel>

服务客户端代码为:

var client = new thirdpartyservicecontractclient();client.ClientCredentials.UserName.UserName = "用户名";client.ClientCredentials.UserName.Password = "密码";var 结果 = client.DoSomething();

我收到以下错误异常消息:

<块引用>

安全处理器无法在信息.这可能是因为消息是不安全的故障或因为通信之间存在绑定不匹配派对.如果服务配置为安全和客户端没有使用安全性..

如果我将安全模式重新配置为传输":

我从第三方服务收到错误消息:

<块引用>

com.sun.xml.wss.XWSSecurityException:消息不符合配置的策略 [AuthenticationTokenPolicy(S)]:无安全性找到标题；嵌套异常是com.sun.xml.wss.XWSSecurityException:com.sun.xml.wss.XWSSecurityException:消息不符合配置的策略 [AuthenticationTokenPolicy(S)]:无安全性找到标题.

如何配置我的客户端以连接到此服务?

• 通过 SSL 使用纯文本密码的 WS 安全

解决方案

碰巧 Rick Strahl 遇到了同样的问题.这是他描述和解决问题的博客文章的链接.

问题:

<块引用>

问题是 WCF 需要响应中的 TimeStamp Soap 标头.如果您查看出站响应和 Soap 标头，您将看到那里有一个时间戳.预计时间戳为在返回 Soap 响应上返回.请注意，这不是一个WS-Security 的要求，所以 WCF 在这里做一些特别"的事情这实际上中断了此服务调用.

解决方案:

BindingElementCollection 元素 = client.Endpoint.Binding.CreateBindingElements();element.Find().IncludeTimestamp = false;client.Endpoint.Binding = new CustomBinding(elements);

<块引用>

以上代码通过显式修改Binding配置从出站呼叫中删除时间戳，从而删除要求服务器返回它.这让 WCF 感到高兴和电话接通了.

I am trying to connect to a third party SOAP 1.1 service that requires SSL security and username/password credentials. An example of what is expected is:

<soapenv:Header>
    <wsse:Security>
        <wsse:UsernameToken>
            <wsse:Username>username</wsse:Username>
            <wsse:Password>password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>
</soapenv:Header>

My client configuration is as follows:

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="thirdpartyservicebindingconfig">
                <security mode="TransportWithMessageCredential">
                    <message clientCredentialType="UserName"
                             algorithmSuite="Default" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://..." 
                  binding="basicHttpBinding"
                  bindingConfiguration="thirdpartyservicebindingconfig"
                  contract="thirdpartyservicecontract" 
                  name="thirdpartyserviceendpoint" />
    </client>
</system.serviceModel>

Service client code is:

var client = new thirdpartyservicecontractclient();

client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";

var result = client.DoSomething();

I'm getting the following fault exception message:

Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security..

EDIT:
If I reconfigure security mode to "Transport":
<security mode="TransportWithMessageCredential">
I get an error from the third party service:

com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy [ AuthenticationTokenPolicy(S) ]: No Security Header found.

How can I configure my client to connect to this service?

• WS Security using plain text passwords over SSL

解决方案

It just so happens Rick Strahl had the same problem. Here's the link to his blog post describing and solving the problem.

Issue:

The issue is that WCF expects a TimeStamp Soap header in the response. If you look at the outbound response and the Soap headers you'll see that there's a timestamp there. The timestamp is expected to be returned on the return Soap response. Note that this is not a requirement of WS-Security so WCF is doing something 'special' here that is in effect breaking this service call.

Solution:

BindingElementCollection elements = client.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;
client.Endpoint.Binding = new CustomBinding(elements);

The above code modifies the Binding configuration by explicitly removing the Timestamp from the outbound call which removes the requirement for the server to return it. And this makes WCF happy and the call goes through.

这篇关于使用 SSL 上的纯文本用户名凭据的第 3 方 SOAP 1.1 服务的 WCF 客户端配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！