WCF客户端安全头错误"无效安全令牌提供" [英] WCF client security header error "An invalid security token was provided"
本文介绍了WCF客户端安全头错误"无效安全令牌提供"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
根据我们的供应商,我们需要发送这类标题的:
< soapenv:页眉和GT;
< WSSE:安全的xmlns:WSSE =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd>
< WSSE:用户名令牌WSU:ID =用户名令牌-12的xmlns:WSU =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility -1.0.xsd>
< WSSE:用户名>串LT; / WSSE:用户名>
< WSSE:密码TYPE =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText>串LT; / WSSE:密码>
< / WSSE:用户名令牌>
< / WSSE:安全和GT;
< / soapenv:页眉和GT;
但随着提琴手检查出来的时候我送这个头:
< S:信封的xmlns:S =http://schemas.xmlsoap.org/soap/envelope/的xmlns:U =HTTP://文档。 oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">
< S:页眉和GT;
< VsDebuggerCausalityData的xmlns =http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink> uIDPo / HuqG5V / ExLj3CNfRenvjEAAAAA7YcLXCnGukqViuu2jfqDDp47VC4vVV1Omqf / X2lHIcsACQAA< / VsDebuggerCausalityData>
<○:安全小号:mustUnderstand属性=1的xmlns:O =http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0的.xsd>
<○:用户名令牌U:n =UUID-5d0431d0-d951-4a22-91c1-a33d76ce41b3-1>
<○:用户名>用户名< / O:用户名>
<○:密码>密码和LT; / O:密码>
< / O:用户名令牌>
< / O:安全和GT;
< / S:页眉和GT;
我使用的是自定义绑定如下(我用同样的方法authetication用它在另外一个web服务和工程确定)
私有静态绑定CreateMultiFactorAuthenticationBinding()
{
HttpsTransportBindingElement httpTransport =新HttpsTransportBindingElement() ;
httpTransport.MaxReceivedMessageSize = int.MaxValue;
// AddressHeader addressHeader = AddressHeader.CreateAddressHeader(安全,http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ,安全xmlObjectSerializer);
CustomBinding约束力=新CustomBinding();
binding.Name =myCustomBinding;
TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = FALSE;
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
messageSecurity.SetKeyDerivation(假);
TextMessageEncodingBindingElement限额=新TextMessageEncodingBindingElement(MessageVersion.Soap11,System.Text.Encoding.UTF8);
Quota.ReaderQuotas.MaxDepth = 32;
Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
Quota.ReaderQuotas.MaxArrayLength = 16384;
Quota.ReaderQuotas.MaxBytesPerRead = 4096;
Quota.ReaderQuotas.MaxNameTableCharCount = 16384;
binding.Elements.Add(配额);
binding.Elements.Add(messageSecurity);
binding.Elements.Add(httpTransport);
返回绑定;
}
私人WaybillManagementPOD GetClient()
{
CustomBinding customBinding =(CustomBinding)CreateMultiFactorAuthenticationBinding();
的EndpointAddress的EndpointAddress =新的EndpointAddress(this.EndPointAddr);
WaybillManagementPOD代理=&的ChannelFactory LT; WaybillManagementPOD> .CreateChannel(customBinding,的EndpointAddress);
ServicePointManager.ServerCertificateValidationCallback =(OBJ,证书链,错误)=>真正;
ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
的ChannelFactory _bankChannel =新的ChannelFactory< WaybillManagementPOD>(customBinding,this.EndPointAddr);
&的ChannelFactory LT; WaybillManagementPOD>的ChannelFactory = NULL;
WaybillManagementPOD客户端= NULL;
的ChannelFactory =新的ChannelFactory< WaybillManagementPOD>(customBinding,的EndpointAddress);
channelFactory.Credentials.UserName.UserName = this.WsUser;
channelFactory.Credentials.UserName.Password = this.WsPass;
客户端= channelFactory.CreateChannel();
返回客户端;
}
公共registrarCartaDePorteResponse registrarCP(ParametrosRegistro REG)
{
WaybillManagementPOD cliente = GetClient();
试
{
registrarCartaDePorte REQ =新registrarCartaDePorte(REG);
registrarCartaDePorteResponse RESP = cliente.registrarCartaDePorte(REQ);
回报RESP;
}
赶上(例外五)
{
扔Ë;
}
}
PS:我知道这不是好习惯的旁路SSL证书,但现在仅用于测试。
无论是我的供应商和我想不通的地方是来自错误,或在错误的谎言,如果它在该类型的结合还是别的什么
解决方案
我终于作为建议在这里的://计算器。 COM /问题/ 5836685 /正确的路,通讯,WSSE-的UsernameToken换Web网页>正确的方式进行通信WSSE UsernameToken的对SOAP Web服务
<终点...>
<集管和GT;
< WSSE:用户名令牌的xmlns:WSSE =HTTP://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>;
< WSSE:用户名>鲍勃LT; / WSSE:用户名>
< WSSE:密码类型=HTTP://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>
1234
< / WSSE:密码>
< / WSSE:用户名令牌>
< /头>
< /端点>
< /客户>
另外现在我的web服务直接调用从由WCF引用创建的类,而不是使用自定义一流上述
另外复制从服务解决UI解决方案的信息,请参见此处的 WCF错误 - 找不到默认的终结点元素引用合同'UserService.UserService
现在一切似乎都工作正常。
According to our provider we need to send this kind of Header:
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>string</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">string</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
But when checking out with Fiddler I sent this header:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo/HuqG5V/ExLj3CNfRenvjEAAAAA7YcLXCnGukqViuu2jfqDDp47VC4vVV1Omqf/X2lHIcsACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-5d0431d0-d951-4a22-91c1-a33d76ce41b3-1">
<o:Username>username</o:Username>
<o:Password>password</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
I'm using a custom Binding as follows (I used it on another webservice with the same authetication method and works ok)
private static Binding CreateMultiFactorAuthenticationBinding()
{
HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement();
httpTransport.MaxReceivedMessageSize = int.MaxValue;
//AddressHeader addressHeader = AddressHeader.CreateAddressHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", security, xmlObjectSerializer);
CustomBinding binding = new CustomBinding();
binding.Name = "myCustomBinding";
TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
messageSecurity.SetKeyDerivation(false);
TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);
Quota.ReaderQuotas.MaxDepth = 32;
Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
Quota.ReaderQuotas.MaxArrayLength = 16384;
Quota.ReaderQuotas.MaxBytesPerRead = 4096;
Quota.ReaderQuotas.MaxNameTableCharCount = 16384;
binding.Elements.Add(Quota);
binding.Elements.Add(messageSecurity);
binding.Elements.Add(httpTransport);
return binding;
}
private WaybillManagementPOD GetClient()
{
CustomBinding customBinding = (CustomBinding)CreateMultiFactorAuthenticationBinding();
EndpointAddress endpointAddress = new EndpointAddress(this.EndPointAddr);
WaybillManagementPOD proxy = ChannelFactory<WaybillManagementPOD>.CreateChannel(customBinding, endpointAddress);
ServicePointManager.ServerCertificateValidationCallback = (obj, certificate, chain, errors) => true;
ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
ChannelFactory _bankChannel = new ChannelFactory<WaybillManagementPOD>(customBinding, this.EndPointAddr);
ChannelFactory<WaybillManagementPOD> channelFactory = null;
WaybillManagementPOD client = null;
channelFactory = new ChannelFactory<WaybillManagementPOD>(customBinding, endpointAddress);
channelFactory.Credentials.UserName.UserName = this.WsUser;
channelFactory.Credentials.UserName.Password = this.WsPass;
client = channelFactory.CreateChannel();
return client;
}
public registrarCartaDePorteResponse registrarCP(ParametrosRegistro reg)
{
WaybillManagementPOD cliente = GetClient();
try
{
registrarCartaDePorte req = new registrarCartaDePorte(reg);
registrarCartaDePorteResponse resp = cliente.registrarCartaDePorte(req);
return resp;
}
catch (Exception e)
{
throw e;
}
}
PS: I know it's not of good practice to bypass SSL certificate, but right now is for testing only.
Neither my provider nor I cannot figure out where is the error coming from, or where the error lies, if it's in the type of binding or something else.
解决方案
I finally used as suggested here Correct way communicate WSSE Usernametoken for SOAP webservice
<endpoint ...>
<headers>
<wsse:UsernameToken xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bob</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>
1234
</wsse:Password>
</wsse:UsernameToken>
</headers>
</endpoint>
</client>
Also now I call the webservice directly from the class created by the WCF reference, instead of using the custom class above.
Plus copying the information from the service solution to the UI solution, see here: WCF Error - Could not find default endpoint element that references contract 'UserService.UserService'
Now everything seems working fine.
这篇关于WCF客户端安全头错误"无效安全令牌提供"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
