使用摘要式身份验证使用 Web 服务 [英] Consuming a web service using digest authentication

问题描述

我们使用 C# 通过 SOAP 发送 XML 数据.该服务需要使用 #PasswordDigest 和 #Base64Binary Nonce 进行 HttpDigest 身份验证.我们的binding代码:

We are using C# to send XML data via SOAP. The service requires HttpDigest authentication with #PasswordDigest and #Base64Binary Nonce. Our binding code:

protected BasicHttpBinding binding = new BasicHttpBinding()
{
            Name = "ShipmentServiceSoapBinding",
            CloseTimeout = new TimeSpan(0, 01, 0),
            OpenTimeout = new TimeSpan(0, 01, 0),
            ReceiveTimeout = new TimeSpan(0, 10, 0),
            SendTimeout = new TimeSpan(0, 5, 0),
            AllowCookies = false,
            BypassProxyOnLocal = false, 
            HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
            MaxBufferPoolSize = 5242880,
            MaxReceivedMessageSize = 655360,
            MessageEncoding = WSMessageEncoding.Text ,
            TextEncoding =  new UTF8Encoding(),
            UseDefaultWebProxy = true,
            ReaderQuotas = new XmlDictionaryReaderQuotas() { MaxDepth = 32, MaxStringContentLength = 81920, MaxArrayLength = 1638400, MaxBytesPerRead = 409600, MaxNameTableCharCount = 163840 },
            Security = new BasicHttpSecurity() { Mode = BasicHttpSecurityMode.TransportWithMessageCredential, 
                                                 //Message = new BasicHttpMessageSecurity() { AlgorithmSuite = SecurityAlgorithmSuite.Default, ClientCredentialType = BasicHttpMessageCredentialType.UserName}, 
                                                 Transport = new HttpTransportSecurity(){ ClientCredentialType = HttpClientCredentialType.Digest}},

};

根据我们选择的 BasicHttpSecurityMode 类型，我们遇到了 3 个不同的问题.

We are encountering 3 different problems based on what type of BasicHttpSecurityMode we are choosing.

1. 传输 - XML 不包含任何安全信息
2. TransportCredentialOnly - 我们得到的错误指出端点不能是 https://
3. TransportWithMessagecredential - 这不是使用摘要

现在他们的 ServiceReference 允许我们使用 ClientCredentials 类，所以我们尝试使用 HttpDigest:

Now their ServiceReference allows us to use ClientCredentials class, so here is how we tried using HttpDigest:

typeClient.ClientCredentials.HttpDigest.ClientCredential.UserName = "username";
typeClient.ClientCredentials.HttpDigest.ClientCredential.Password = "password";

我读过其他 StackOverflow 问题，对于摘要，我们应该将 SoapHeader 与 AuthHeader 一起使用，但我们无法将其与 API 中提供的内容相匹配.有没有其他方法可以做到?还是他们的 API 没有为 C# 正确编写?

I've read on other StackOverflow question that for digest we should be using SoapHeader with AuthHeader, but there is no way for us to match it with what they give is in the API. Is there any other way of doing it? Or is their API not written correctly for C#?

推荐答案

在这种情况下使用摘要身份验证要复杂得多 - 您需要实现 IClientMessageInspector 以使其正常工作...这使您能够以摘要身份验证所需的方式修改 http 标头.

It is much more complicated to use digest auth in this scenario - you will need to implement IClientMessageInspector to get it working... this enables you to modify the http headers in a way that is needed for digest auth.

有用的链接:

• https://stackoverflow.com/a/3257760/847363
• http://benpowell.org/supporting-the-ws-i-basic-profile-password-digest-in-a-wcf-client-proxy/
• http://social.msdn.microsoft.com/Forums/en/wcf/thread/0f09954e-3cef-45b3-a00d-f0f579a06bf7
• http://msdn.microsoft.com/en-us/library/system.servicemodel.dispatcher.iclientmessageinspector.aspx
• http://msdn.microsoft.com/en-us/library/system.servicemodel.dispatcher.iclientmessageinspector.beforesendrequest.aspx
• http://yuzhangqi.itpub.net/post/37475/500654
• http://wcfpro.wordpress.com/category/wcf-extensions/
• http://social.technet.microsoft.com/wiki/contents/articles/1322.how-to-inspect-wcf-message-headers-using-iclientmessageinspector-en-us.aspx
• http:///weblogs.asp.net/paolopia/archive/2007/08/23/writing-a-wcf-message-inspector.aspx
• http://wcfpro.wordpress.com/2011/03/29/iclientmessageinspector/

这篇关于使用摘要式身份验证使用 Web 服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！