如何在c#中使用第三方https wsdl web服务 [英] How to consume third party https wsdl web service in c#
问题描述
在SoapUI工具中我配置了具有传出WS-Security配置的.Jks文件签名是BinarySecurityToken,算法是CanonicalizationMethod和SignatureMethod它运行正常。
In SoapUI tool I've configured .Jks file with Outgoing WS-Security Configurations Signature is BinarySecurityToken and algorithm is CanonicalizationMethod and SignatureMethod it is working perfectly.
现在我尝试使用C#代码,如下所示:
Now I try to consume from C# code as below :
SprintApiService.QueryCsaPortTypeClient client = new QueryCsaPortTypeClient();
ClientCredentials ce = new ClientCredentials();
string fileName = Server.MapPath("");
fileName = fileName + "/test-01.pfx";
ce.ClientCertificate.Certificate = new X509Certificate2(fileName, "tag123");
var val = ce.ClientCertificate.Certificate.GetSerialNumber();
ce.ClientCertificate.SetCertificate("CN=jaitest-01, OU=TPA, OU=BMP, OU=Projects, O=Sprint, C=us", StoreLocation.CurrentUser, StoreName.TrustedPeople);
System.IdentityModel.Selectors.SecurityTokenManager sTokenMgr = ce.CreateSecurityTokenManager();
//var sTokenMgr = ce.CreateSecurityTokenManager();
但我没能成功。我总是得到拒绝客户(政策)请帮助我。
But I could not succeed. I am always getting "Rejected by Client (Policy)" please help me.
这是在SoapUI工具中创建的示例请求:
This is sample request which is created in SoapUI tool :
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-c55ce328-af36-4b0f-97d8-3bab57ee6a46" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2014-02-18T12:27:52Z</wsu:Created>
<wsu:Expires>2014-02-18T12:32:52Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken wsu:Id="SecurityToken-1da2e6b0-3a0d-4943-bcae-de0805d9c4c5" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDmTCCAwKgAwIBAgIERxqCLDANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGU3ByaW50MB4XDTExMDgwMjIwMDc0OVoXDTE4MDgwNDA0MDAwMFowYjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBlNwcmludDERMA8GA1UECxMIUHJvamVjdHMxDDAKBgNVBAsTA0JNUDEMMAoGA1UECxMDVFBBMRMwEQYDVQQDEwpzcHJpbnQtbXNvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG2yDWPQBNG9bjt+sVMzlaooX3jON7tOoqtIxPkXl7XCEvbzZpXL2tYtHXqxVfPo9h1weulbj0dE4LlVjlTjzW4upBI92StqDVYdzTLvZWie1fEslIThHDoX7paQpnrSew3TZ6fk4qVnF4h44J/rLnFt3jLEO6IyRhddganpoOowIDAQABo4IBnjCCAZowCwYDVR0PBAQDAgWgMCsGA1UdEAQkMCKADzIwMTEwODAyMjAwNzQ5WoEPMjAxODA4MDQwNDAwMDBaMBEGCWCGSAGG+EIBAQQEAwIFoDCB5AYDVR0fBIHcMIHZMDagNKAypDAwLjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBlNwcmludDEOMAwGA1UEAxMFQ1JMMjkwgZ6ggZuggZiGSmxkYXA6Ly9jYXg1MDAxLnNwcmludC5jb206Mzg5L289U3ByaW50LGM9VVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlhkpsZGFwOi8vY2F4NTAwMi5zcHJpbnQuY29tOjM4OS9vPVNwcmludCxjPVVTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTAfBgNVHSMEGDAWgBRFTY2yujBdccYEb58W/Dt7VY3NHzAdBgNVHQ4EFgQUzUEoNuQ9ummaIU8K6h28izpV2YUwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIDKDANBgkqhkiG9w0BAQUFAAOBgQCTDjwpnYdx9JZpBrIwm4qIF4tZmXCCUIBEcoER1oUw/NSdgbbRjpU5AxUR/aK1K3taa27HS+WBQYTeMw+Y/LFhp8m+UjHBx/O1kfk4JAz201Kk0HeGgFvt9sscLfK8YD0aavdDJ6Z0rMpHBlcv8VQ7P+1zqJLay3TY+atl9wuD/Q==</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Timestamp-c55ce328-af36-4b0f-97d8-3bab57ee6a46">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>8H8usvOvRYPwOKHVHdOXO6Y3Cz4=</DigestValue>
</Reference>
<Reference URI="#Body-db900962-5b93-4a49-a70a-a1745bed8255">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>54u/0PxaY+S7RigxrisF2Chnplc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>HC10RHq8lweC1KLGAzw1pxjju5LbWASn5GUCxane36DqUxaXQQnBrF0fyBkpI70H+ncrYaO00sxVd1QWnLfYxzl/YEWfHus/qObmFckRnNsEnx9MV5ejHhntbXdzIc9RFbXoFGPcoEGAsKoUbeOi7UWKbofzATG6VMlKhLFz01k=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-1da2e6b0-3a0d-4943-bcae-de0805d9c4c5" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
谢谢......
推荐答案
感谢上帝,经过长时间的研究,我发现了一个解决方案,
谷歌搜索/ binging和努力工作。 Just Recap:使用X509 SecurityToken Https证书的第三方Web服务
(用Java编码)消耗在
.NET中。
Thank god, finally i've found a solution after a long research, googling/binging and hard work. Just Recap: Third party web service (coded in Java) with X509 SecurityToken Https certificate consume in .NET.
是的,我们可以消费上述服务使用旧技术使用WSE
2.0 / WSE 3.0(Web服务增强功能)和最新使用WCF。我刚刚尝试使用WSE 2.0它按预期工作,但错误代码
WSE464:找不到此消息的策略仍然可以在try中看到响应。 .catch阻止并使用适当的解密XML响应消息。
Yes, we can consume the above service using old technology using WSE 2.0 / WSE 3.0 (Web Services Enhancements) and Latest using WCF. I've just tried using WSE 2.0 it's working as expected but with Error code "WSE464: No policy could be found for this message" still i can able to get see response in try..catch block and use appropriate decrypt XML response message.
遵循的步骤
-
安装客户端给定证书(.pfx)
Install the client given certificate (.pfx)
在运行命令类型mmc中打开Microsoft管理控制台(MMC) →输入
a。文件→添加/删除管理单元→在列表框中选择证书→单击添加→选择我的
当前用户→完成 - >单击确定。
Open Microsoft Management Console (MMC) in run command type mmc → Enter
a. File → Add/Remove snap in → Select certificate in list box → Click Add → Select My
Current User → Finish –> Click Ok.
b. Select Trusted Root Certification → Expand it → Select Certificate → Right click on
Certificate → Select All Tasks → Import → Select your Certificate location and finish the
wizard process
对本地计算机(本地计算机)重复步骤2
Repeat Step 2 for Local Machine (Local Computer)
安装Microsoft WSE(Web服务增强)2.0 SP3 / WSE 3.0注意。 WSE 2.0 / 3.0仅支持.Net Framework 2.0。
http://www.microsoft.com/en -in / download / details.aspx?id = 23689
Install Microsoft WSE (Web Services Enhancements) 2.0 SP3 / WSE 3.0 Note. WSE 2.0/3.0 will support .Net Framework 2.0 only. http://www.microsoft.com/en-in/download/details.aspx?id=23689
在Visual Studio中创建新的Web应用程序项目
展开项目→右单击参考→添加服务参考→高级→添加Web参考→在URL文本框中粘贴服务WSDL链接→单击转到按钮(指向右箭头)→由于它是https,它将显示带有警告消息的弹出窗口单击是,直到它停止→输入Web引用名称,然后单击添加引用按钮
右键单击→引用→添加引用→单击浏览→\Program Files \ Microsoft Outlook \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ →单击添加
代理/现在生成的Stubbed类→在Web Reference文件夹下查找Reference.cs文件(如果不可见)单击在解决方案资源管理器中显示所有文件。 →打开Reference.cs文件并将System.Web.Services.Protocols.SoapHttpClientProtocol替换为WebServicesClientProtocol
Create new web application project in Visual Studio Expand project → Right click on Reference → Add Service Reference → Advanced → Add Web Reference → Paste your Service WSDL link in URL text box → Click on Go button (Pointing right arrow) → Since it's https it will show with popup with warning message click Yes until it's stops → Enter Web Reference name and click Add Reference button Right click → Reference → Add reference → Click Browse → \Program Files\Microsoft WSE\v2.0\ → Select "Microsoft.Web.Services2.dll" → Click Add Proxy/Stubbed class generated now → Look for Reference.cs file under Web Reference folder if not visible click Show all files in Solution Explorer. → Open Reference.cs file and Replace "System.Web.Services.Protocols.SoapHttpClientProtocol" with "WebServicesClientProtocol"
protected void Page_Load(object sender, EventArgs e)
{
private static string ClientBase64KeyId = "XPaTfx6Lx8dV/oh6ebOeOo4Xdummy";
MyService myClient = new MyService();
try
{
SecurityToken signingToken = GetClientToken(false);
//Get the SoapContext for the SOAP request.
SoapContext requestContext = client.RequestSoapContext;
// Expire this message one minute after it is sent.
requestContext.Security.Timestamp.TtlInSeconds = 3600;
// Add the X509 certificate to the WS-Security header.
requestContext.Security.Tokens.Add(signingToken);
MessageSignature sig = new MessageSignature(signingToken);
requestContext.Security.Elements.Add(sig);
RequestClass request = new RequestClass();
request.Name ="";
ResponceClass responce = myClient.QueryCsa(request);
}
catch(Exception ex)
{
lblResultMessage.Text = ex.Message;
}
public static X509SecurityToken GetClientToken(bool selectFromList)
{
X509SecurityToken token = null;
// Open the CurrentUser Certificate Store and try MyStore only
X509CertificateStore store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
if (selectFromList)
{
//token = RetrieveTokenFromDialog(store);
}
else
{
token = RetrieveTokenFromStore(store, ClientBase64KeyId);
}
return token;
}
private static X509SecurityToken RetrieveTokenFromStore(X509CertificateStore store, string keyIdentifier)
{
if (store == null)
throw new ArgumentNullException("store");
X509SecurityToken token = null;
try
{
if (store.OpenRead())
{
// Place the key ID of the certificate in a byte array
// This KeyID represents the Wse2Quickstart certificate included with the WSE 2.0 Quickstarts
// ClientBase64KeyId is defined in the ClientBase.AppBase class
Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(keyIdentifier));
if (certs.Count > 0)
{
if (!certs[0].SupportsDigitalSignature ||
(certs[0].Key == null))
{
//MessageBox.Show(
// "The certificate must support digital " +
// "signatures and have a private key available.");
//securityToken = null;
}
// Get the first certificate in the collection
token = new X509SecurityToken(((Microsoft.Web.Services2.Security.X509.X509Certificate)certs[0]));
}
}
}
finally
{
if (store != null)
store.Close();
}
return token;
}
}
在您的页面中添加以下代码,并从X509 Certficate Tool获取ClientBase64KeyId值。
Add the following code in in your page and Get ClientBase64KeyId value from X509 Certficate Tool.
开始→程序文件→Microsoft WSE 2.0→X509证书工具→选择证书位置是本地计算机→疼痛名称是个人→单击打开证书按钮,列出证书和选择适当的使用MMC安装的。现在从Key Identifier(Based64 Encoded)值中选择值并在代码下面使用它。如果您的应用程序是Asp.Net Web应用程序,则可能无法访问,因此请单击查看私钥文件属性按钮并在同一工具中指定相应的安全权限。
Start → Program Files → Microsoft WSE 2.0 → X509 Certificate Tool → Select Certificate Location is Local Computer → Sore Name is Personal → Click Open Certificate Button, listed with certificates and select appropriates which is one installed using MMC. Now pick the values from Key Identifier (Based64 Encoded) value and use it below code. If your application is Asp.Net Web application, it may not accessible so click 'View Private Keys File Properties' button and assign appropriate Security permission in the same tool itself.
我们几乎完成了70%的工作。现在,这是非常关键的部分......我们将要应用政策细节。这是关于X509证书的安全政策,它定义了签署(签名),加密,完整性,保密性的哪个部分等等。不要惊慌我们有一个名为WSE 2.0工具的助手,
是chumma :)试试吧开始→程序文件→Microsoft WSE 2.0→配置编辑器→文件→打开→从应用程序指向Web.config
Almost we've done 70% of work. Now it's very crucial part going to do now... Yes we're going to apply Policy details.This is all about Security Policy related to X509 Certificate which defines about what part it's going to Sign (Signature), Encryption, Integrity, Confidentiality and so on. Don't panic we have helper called WSE 2.0 Tool, Yes chumma :) try it Start → Program Files → Microsoft WSE 2.0 → Configuration Editor → File → Open → Point to Web.config from your application
常规=>选中复选框
安全性,路由和自定义过滤器=>它们是不叫我:)
所以留下它。
Security, Routing and Customized Filters => They are not called me:) So Leave It.
政策=>非常重要。 1.选中启用策略2.单击添加→名称
/输入任何名称→下一步→保留默认值(安全客户端
应用程序)→(默认)下一步→下一步→(默认值:X509证书)→
下一步→选择证书→从$
列表中选择适当的证书→确定→下一步→完成
Policy => Very Important. 1. Check Enable Policy 2.Click Add → Name
it / Enter any name → Next → Leave it default (Secure Client
Application) → (Default) Next → Next → (Default: X509 Certificate) →
Next → Select Certificate → Select appropriate certificate from the
list → Ok → Next → Finish
TokenIssuing =>保留
TokenIssuing => Leave it
诊断=>选中相应的跟踪复选框以及
日志记录目的
Diagnostics => Check it appropriate check boxes for tracing and
logging purpose
文件→保存→关闭它:)
File → Save → Close it :)
现在可以创建policyCache.config,它是在Web.config文件中引用。这里我们添加了我们的HTTPS服务URL。完成
Now one would've created policyCache.config which is referenced in Web.config file. Here we have add our HTTPS service URL in . Done
这是通过WSE 2.0实现的。是的,我知道这是旧技术。我是
尝试使用WCF作为客户端...我会在下一个会话中发布....
:)快乐编程: )
JaiSankar
:) Happy Programming :) JaiSankar
这篇关于如何在c#中使用第三方https wsdl web服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
