如何传递消息凭证-TransportWithMessageCredential-SOAP请求中没有凭证
[英]How to pass message credentials - TransportWithMessageCredential - No credentials in the SOAP request
问题描述
I am using WSBinding with "TransportWithMessageCredential" to secure my WCF web service, I am using it without any problems using .NET clients. 
我使用带有“ TransportWithMessageCredential”的WSBinding来保护我的WCF Web服务,使用.NET客户端时我没有任何问题。
But when trying to use it from Android or non-.Net client, I can't tell where to provide the message credentials!! 但是,当尝试从Android或非.Net客户端使用它时,我不知道在何处提供消息凭据!!
I have intercepted the SOAP message being sent by the .NET client, it doesn't contain any thing related to the credentials, but it is working perfectly, but when using the same syntax for the SOAP request from and Android client, we are facing this error: 我已经截获了.NET客户端发送的SOAP消息,它不包含任何与凭据相关的信息,但是它工作正常,但是当对来自和Android客户端的SOAP请求使用相同的语法时,我们将面临这个错误:
The message could not be processed.
The SOAP request that is being sent by .NET client and working as intercepted: .NET客户端正在发送并以拦截方式工作的SOAP请求:
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
<a:MessageID>urn:uuid:XX-XX-XX-XX-XX</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body>
<XXXXXX xmlns="http://tempuri.org/">
<request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<d4p1:Prop1 i:nil="true" />
<d4p1:Prop2 i:nil="true" />
<d4p1:Prop3 i:nil="true" />
</request>
</XXXXXX >
</s:Body>
</s:Envelope>
My WCF confing for the service: 我的WCF对服务的认知:
<wsHttpBinding>
<binding name="wsHttpBindingExt" maxReceivedMessageSize="4096000">
<readerQuotas maxDepth="32" maxStringContentLength="409600" maxArrayLength="4096000" maxBytesPerRead="4096000" />
<security mode="TransportWithMessageCredential" >
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
For the working .NET Client: 对于工作的.NET客户端:
Client code to call the service from .NET and working correctly: 用于从.NET调用服务并正常工作的客户端代码:
XXXXXServiceClient client = new XXXXXServiceClient ();
client.ClientCredentials.UserName.UserName = "XXXX";
client.ClientCredentials.UserName.Password = "YYYY";
var res = client.DoXXXXX(a,b,c);
EDIT 编辑
It is exists, that interceptor is not giving me the whole request, but I have another problem. 存在的是,拦截器并没有给我全部请求,但是我还有另一个问题。
Using fiddler, I have found that there are two requests, the first one is to request a security token: 使用提琴手,我发现有两个请求,第一个是请求安全令牌:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<a:MessageID>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://XXX.XXX.com/XXX.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:13.686Z</u:Created>
<u:Expires>2014-04-25T10:36:13.686Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-4d51d9cc-f621-48af-96a7-1fa541c18ea1-1">
<o:Username>XXX</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">YYY</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:Entropy>
<t:BinarySecret u:Id="uuid-c32043fe-d4fb-4802-b15a-ba2691c2b3d8-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">XXXXXXXXXXXXXXXXXXXXXXXXX</t:BinarySecret>
</t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
And the response of this request is: 该请求的响应为:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</a:Action>
<a:RelatesTo>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:02.106Z</u:Created>
<u:Expires>2014-04-25T10:36:02.106Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestedSecurityToken>
<c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
</c:SecurityContextToken>
</t:RequestedSecurityToken>
<t:RequestedAttachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
</o:SecurityTokenReference>
</t:RequestedAttachedReference>
<t:RequestedUnattachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference URI="urn:uuid:e2562052-1de3-496d-b455-e36958692176" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</o:SecurityTokenReference>
</t:RequestedUnattachedReference>
<t:RequestedProofToken>
<t:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKey>
</t:RequestedProofToken>
<t:Entropy>
<t:BinarySecret u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-9" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">JrVuueyiE55P172GX97vM3KM/oo26pN71wQ4B4C5dbo=</t:BinarySecret>
</t:Entropy>
<t:Lifetime>
<u:Created>2014-04-25T10:31:02.106Z</u:Created>
<u:Expires>2014-04-26T01:31:02.106Z</u:Expires>
</t:Lifetime>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityTokenResponse>
</s:Body>
</s:Envelope>
And then, I can use these information in this response in the main second request: 然后,我可以在第二个主要请求的响应中使用这些信息:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
<a:MessageID>urn:uuid:e2ec7944-a6b8-46f1-b021-270cea67c205</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://XXXX.YYYY.com/ZZZZ.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:14.905Z</u:Created>
<u:Expires>2014-04-25T10:36:14.905Z</u:Expires>
</u:Timestamp>
<c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
</c:SecurityContextToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>YYYYYYYYYYYYYYYYYYYYYY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XXXXXXXXXXXXXXXXXXXXX=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
<XXXXXX xmlns="http://tempuri.org/">
<request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<d4p1:Prop1 i:nil="true" />
<d4p1:Prop2 i:nil="true" />
<d4p1:Prop3 i:nil="true" />
</request>
</XXXXXX >
</s:Body>
</s:Envelope>
The big question here is, where to find: BinarySecret, DigestValue, SignatureValue!!! 这里最大的问题是在哪里找到:BinarySecret,DigestValue,SignatureValue! and the other huge amount of values and ids!!! 以及其他大量的值和ID !!!
1 个解决方案
解决方案1
0 2014-04-25 21:54:04
The message exchanage that you see is Ws-SecureConversation. 您看到的消息交换方式是Ws-SecureConversation。 Here you can find the the full specification of those messages: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html 在这里,您可以找到这些消息的完整规范: http : //docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html
Most likely you don't want to implement or use it in your Android client, so you can disable it in binding by setting establishSecurityContext to false in message element. 您很可能不想在Android客户端中实现或使用它,因此可以通过在message元素中将EstablishmentSecurityContext设置为false来禁用绑定。
More info: What are the impacts of setting establishSecurityContext="False" if i use https? 更多信息: 如果我使用https,设置EstablishmentSecurityContext =“ False”有什么影响?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.