堆栈内存溢出
  简体   繁体   English

WCF wsHttpBinding和XML签名

[英]WCF wsHttpBinding and XML Signatures

 原文  2013-10-09 16:07:01       c#/ xml/ wcf/ web-services/ soap

问题描述

I have a WCF SOAP service that responds with licensing information. 我有一个WCF SOAP服务,该服务以许可信息作为响应。 The client will save the SOAP response and load it every time the program loads, verifying the user is not passed the expiration date etc. Because of this, one of the requirements of the response is to have a signature such that the client can run the data through some encryption algorithm and check the result against the signature that was sent over to verify nothing has been changed about the file. 客户端将保存SOAP响应,并在每次程序加载时加载SOAP响应,并验证用户未通过到期日期等。因此,响应的要求之一是具有签名,以便客户端可以运行SOAP响应。通过某种加密算法对数据进行加密,并根据发送过来的签名检查结果,以确认文件没有任何更改。 This is nothing new, this is XML signing . 这并不是什么新鲜事物,这是XML签名 However, the service is written with DataContractSerializer, so I can't just take the data, create an XML signature, and inject that straight into the SOAP response. 但是,该服务是使用DataContractSerializer编写的,因此我不能只获取数据,创建XML签名并将其直接注入SOAP响应中。

I know WsHttpBinding has some security features, the WS-Security page on MSDN describes the Ws binding protocol WRT to SOAP as having the ability to... 我知道WsHttpBinding具有一些安全性功能,MSDN上的WS-Security页面将Ws绑定协议WRT与SOAP描述为具有以下功能:

Identify the entity or entities involved with the message. 标识消息所涉及的一个或多个实体。

Prove that the entities have the correct group memberships. 证明实体具有正确的组成员身份。

Prove that the entities have the correct set of access rights. 证明实体具有正确的访问权限集。

Prove that the message has not changed. 证明消息没有更改。

but I can't find exactly how it does that last part. 但我无法确切地找到最后一部分。 Looking at the SOAP response I get with WsHttpBinding on, I see CipherData and CipherValue, but researching that leads me to believe that's more to do with the actual message encryption, not content validation. 看一下我在WsHttpBinding上获得的SOAP响应,我看到了CipherData和CipherValue,但是研究使我相信,这更多与实际的消息加密有关,而不是内容验证。 I see something like ValidateResponse and ValidateResult, but those look like spaces for another endpoint to validate the information, and this product needs to work on devices not connected to the internet once the file is gotten from this service. 我看到类似ValidateResponse和ValidateResult之类的东西,但是它们看起来像是用于另一个端点的空格以验证信息,并且一旦从此服务获取文件,该产品就需要在未连接到Internet的设备上工作。

I know I could theoretically just put all the data into a variable and SHA256 it and tell my client to do the same process but that's dirty and very unstandardized. 我知道从理论上讲我可以将所有数据放入一个变量中并对其进行SHA256运算,并告诉我的客户执行相同的过程,但这很脏而且非常不规范。 I feel like there should be an equivalent to XML Signatures for SOAP responses but I can't find anything through searching. 我觉得应该有一个与XML签名等效的SOAP响应,但是我无法通过搜索找到任何东西。

1 个解决方案

解决方案1
 3 已采纳  2013-10-09 17:35:38

wsHttpBinding supports WS-Security, which includes digital signature in the SOAP message. wsHttpBinding支持WS-Security,它在SOAP消息中包括数字签名。 To enable it, you need to use the ServiceContractAttribute.ProtectionLevel or the OperationContractAttribute.ProtectionLevel on the service contract definition, rather than doing it in the service configuration like you would expect 要启用它,您需要在服务协定定义上使用ServiceContractAttribute.ProtectionLevelOperationContractAttribute.ProtectionLevel ,而不是像您期望的那样在服务配置中使用它

So, on your service contract: 因此,在您的服务合同上: 

  [ServiceContract(ProtectionLevel=ProtectionLevel.EncryptAndSign)]
  public interface IMyServiceThatIWantToEncyptAndSign
  {
    ...
  }

or 要么 

  [ServiceContract(ProtectionLevel=ProtectionLevel.Sign)]
  public interface IMyServiceThatIWantToSign
  {
    ...
  }

or 要么 

[OperationContract(ProtectionLevel=ProtectionLevel.EncryptAndSign)]
string MyOperationThatIWantToEncryptAndSignSign(string msg);

or 要么 

[OperationContract(ProtectionLevel=ProtectionLevel.Sign)]
string MyOperationThatIWantToSign(string msg);

The default value for this is ProtectionLevel.None which is why I think you are not seeing any signature. 默认值是ProtectionLevel.None ,这就是为什么我认为您没有看到任何签名的原因。

The relevant MSDN links are here for the service contract: 服务合同的相关MSDN链接位于此处:

http://msdn.microsoft.com/en-us/library/system.servicemodel.servicecontractattribute.aspx http://msdn.microsoft.com/en-us/library/system.servicemodel.servicecontractattribute.aspx

and here for the operation contract: 这里是运营合同:

http://msdn.microsoft.com/en-us/library/system.servicemodel.operationcontractattribute.aspx http://msdn.microsoft.com/en-us/library/system.servicemodel.operationcontractattribute.aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WCF服务:WSHttpBinding - WCF Service : WSHttpBinding 在 wcf 中使用 wsHttpBinding 启用 session - Enable session with wsHttpBinding in wcf 如何使用WCF wsHttpBinding和SSL? - How to work with WCF wsHttpBinding and SSL? WCF将大图像上传为wsHttpBinding - WCF upload large images as wsHttpBinding 为什么WCF wsHttpBinding Timestamp是可选的? - Why is the WCF wsHttpBinding Timestamp optional? WCF从基本转到wsHttpBinding - WCF Going from Basic to wsHttpBinding 通过WsHttpBinding以编程方式创建Wcf客户端 - Programatically Creating Wcf client with WsHttpBinding WCF / wsHttpBinding / 消息安全 - BadTokenRequest - WCF / wsHttpBinding / Message Security - BadTokenRequest WCF Windows身份验证不适用于wsHttpBinding - WCF Windows authentication not working with wsHttpBinding 使用wsHttpBinding的WCF服务配置 - Configuration of WCF Service using wsHttpBinding
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM