Wcf WS-Security 服务器 [英] Wcf WS-Security server
问题描述
我已经用这样的绑定配置创建了服务:
i have created service with such binding configuration:
<bindings>
<customBinding>
<binding name="DefaultBinding">
<textMessageEncoding messageVersion="Soap12" />
<httpTransport />
</binding>
</customBinding>
</bindings>
当我的服务收到这样的消息时:
And when my service receives message starting like this:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<Security s:mustUnderstand="1" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken>
<Username>
</Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">...</Password>
<Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">KWVa4abCrEemOMT55VEZkgIAAAAAAA==</Nonce>
<Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2013-08-28T13:29:05.966Z</Created>
</UsernameToken>
</Security>
...
它产生错误:
来自命名空间 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' 无法理解...
The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood ...
我也试过:
<wsHttpBinding>
<binding name="DefaultBinding">
<security mode="Message" />
</binding>
</wsHttpBinding>
如何处理或忽略此标头?
据我所知,我需要通过不安全传输的用户名,所以我尝试了:
As i understood i need username over insecure transport, so i tried:
<customBinding>
<binding
name="DefaultBinding">
<textMessageEncoding messageVersion="Soap12" />
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="True">
</security>
<httpTransport>
</httpTransport>
</binding>
</customBinding>
我也试过CUB:
<bindings>
<clearUsernameBinding>
<binding name="myClearUsernameBinding" messageVersion="Soap12">
</binding>
</clearUsernameBinding>
</bindings>
两者都以客户端错误结束:验证消息的安全性时出错.但它适用于测试 CUB 的客户端.可能有什么问题?
Both ends with error on client: An error occurred when verifying security for message. But it works with test CUB's client. What could be wrong ?
CUB 信封的标题.
测试客户端的标题.
推荐答案
解决方案很简单:
- 创建服务行为
- 创建调度消息检查器
- 将创建的服务行为添加到服务器
然后只需解析或删除未使用的mustUnderstand"标头.
And then just parse or just delete unused "mustUnderstand" headers.
第 1 步:
public class WSSecurityBehavior : IServiceBehavior {
public void Validate(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) {
}
public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase,
Collection<ServiceEndpoint> endpoints,
BindingParameterCollection bindingParameters) {
}
public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) {
var endpoints = serviceHostBase
.ChannelDispatchers
.Cast<ChannelDispatcher>()
.SelectMany(dispatcher => dispatcher.Endpoints);
foreach (var endpoint in endpoints)
endpoint.DispatchRuntime.MessageInspectors.Add(new WSSecurityInspector());
}
}
第 2 步:
public class WSSecurityInspector : IDispatchMessageInspector {
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext) {
var headerPosition = request.Headers.FindHeader("Security",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
if (headerPosition > -1)
request.Headers.RemoveAt(headerPosition);
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState) {
}
}
第 3 步:
Host.Description.Behaviors.Add(new WSSecurityBehavior());
这篇关于Wcf WS-Security 服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!