WSE 3.0:Usernametoken,无需随机数和时间戳,无需对主体进行签名
[英]WSE 3.0: Usernametoken Without nonce and timestamp and signinging the body
问题描述
So i have a provider that opened a Web Service so i can consult him. 
因此,我有一个打开Web服务的提供商,因此我可以咨询他。 The problem is that it only supports WSE (yep i tried in WCF but it just aint happening due to the security restrictions) for .net clients. 问题在于,它仅支持.net客户端的WSE(是的,我在WCF中尝试过,但是由于安全性限制,它只是在发生)。 and he has put out some special characteristics on the security of the message. 他在消息的安全性方面提出了一些特殊的特征。 It must be authenticated via Usernametoken, but without sending the nocne and timestamp. 必须通过Usernametoken对其进行身份验证,但不发送nocne和时间戳。 also he needs the body to be signed... anyone who knows how to do that with WSE. 他还需要对尸体进行签名……任何知道如何使用WSE进行签名的人。
Thanks in advance 提前致谢
1 个解决方案
解决方案1
0 2014-03-21 21:10:36
So after a day or two doing research i fount out how to do that. 因此,经过一两天的研究,我发现了如何做到这一点。 WSE3 is based on policies, so i made up a Custom PolicyAssertion for adding the usernametoken header and deleting the nonce and timestamp of the header following this tutorial http://www.codeproject.com/Articles/12189/Custom-WSE-Policy-Assertions-for-Signing-and-E WSE3基于策略,因此我按照本教程http://www.codeproject.com/Articles/12189/Custom-WSE-Policy-组成了一个Custom PolicyAssertion,用于添加usernametoken头以及删除头的现时和时间戳。断言和签名
And then Used a Custom SecurityPolicyAssertion to do the signing. 然后使用自定义SecurityPolicyAssertion进行签名。
Then through the wse3policy config i called first the custom SecurityPolicyAssertion and then the custom PolicyAssertion. 然后通过wse3policy配置,我首先调用了自定义SecurityPolicyAssertion,然后是自定义PolicyAssertion。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.