与WCF和SOAP的WS-Security纯文本用户名(无SSL)问题 [英] Issues with WCF and SOAP WS-Security PlainText Username (No SSL)
问题描述
我们需要消耗1.1 SOAP Web服务,使用Java,从C#/。NET 4.0应用程序中开发。我们要服务的编程或驻留在服务器的访问权限。这项服务暴露了一个非SSL连接,需要的WS-Security,用户名/ PasswordText。
We need to consume a SOAP 1.1 Web Service, developed using Java, from within a C#/.Net 4.0 application. We have no access to the service programming or the server it resides on. The service is exposed over a non SSL connection and requires WS-Security, Username/PasswordText.
使用了SoapUI(http://soapui.org/),我们能够只需创建一个项目,它指向WSDL和设置一个简单的用户名/ PasswordText WS-Security配置使用的Web服务。
Using SoapUI (http://soapui.org/) we are able to consume the web service simply by creating a project, pointing it to the WSDL and setting up a simple Username/PasswordText WS-Security configuration.
的问题是,我们无法使用WCF消费Web服务。一些经过研究,我们发现,使我们相信,这个问题可能是SOAP 1.1,WS-Security和中的wsHttpBinding之间的不兼容信息。所使用的C#代码如下:
The issue is that we are unable to consume the Web Service using WCF. After some researching, we found information that leads us to believe that the issue may be an incompatibility between SOAP 1.1, WS-Security, and the wsHttpBinding. The C# code used is the following:
//The WSService.ServiceClient class is generated by the Service Reference
var client = new WSService.ServiceClient();
client.ClientCredentials.UserName.UserName = "Username";
client.ClientCredentials.UserName.Password = "Password";
var response = client.MethodToBeConsumed();
创建的绑定如下:
The binding created is the following:
<binding name="GeneratedBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
的
绑定服务引用创建一个basicHttpBinding的。据我们了解,我们需要使用的WS-Security(SOAP 1.2)一个的wsHttpBinding,但由于serivice使用SOAP 1.1,这两个看似不兼容。
The binding created by the Service Reference is a basicHttpBinding. We understand that we need to use a wsHttpBinding for WS-Security (SOAP 1.2), but since the serivice uses SOAP 1.1, these two appear to not be compatible.
正确的请求信息应该是(通过SOAPUI生成):
The correct request message should be (as generated by SOAPUI):
POST http://server:port/Service HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: ""
Authorization: Basic ENCRYPTEDPASSWORD
User-Agent: Jakarta Commons-HttpClient/3.1
Host: server:port
Content-Length: 324
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:service.version.details">
<soapenv:Header/>
<soapenv:Body>
<urn:methodName>
<arg0>1</arg0>
<arg1>1</arg1>
</urn:method>
</soapenv:Body>
</soapenv:Envelope>
难道真的没有办法做到这一点使用WCF?可以这样使用customBinding解决?是我们唯一的选择,提供手动工艺的页眉/消息和解析响应?我一定要刺杀的Web服务开发人员通过非SSL连接使用WS-Security与SOAP 1.1?
Is there really no way to achieve this using WCF? Can this be solved using a customBinding? Is our only available choice to craft the headers/messages manually and parse the responses? Do I have to assasinate a web service developer for using WS-Security with SOAP 1.1 over a non SSL connection?
推荐答案
最后的解决办法是在授权报头插入到请求,如以下后描述:
The final solution was to insert the Authorization header into the requests as described in the following post:
http://social.msdn.microsoft.com/Forums/is/wcf/thread/4f8ab001-dafa-4347-bc41 -95255ecc9230
这不会需要选用修改生成的客户端,或绑定。
This requiered no modification to the generated client or the bindings.
这篇关于与WCF和SOAP的WS-Security纯文本用户名(无SSL)问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
