C# 在没有 Web 参考的情况下以编程方式将 wsse:Security 和 BinarySecurityToken 添加到 Envelope xml 文件
[英]C# Add wsse:Security and BinarySecurityToken to Envelope xml file programmatically without Web Reference
问题描述
Currently I have to generate an XML file, simulating a SOAP request, this file should be signed with an X.509 certificate
目前我必须生成一个 XML 文件,模拟一个 SOAP 请求,这个文件应该用 X.509 证书签名
At this moment I have this method to sign the file此时我有这个方法来签署文件
public static void SignXml(XmlDocument xmlDoc, X509Certificate2 uidCert)
{
CspParameters cspParams = new CspParameters();
cspParams.KeyContainerName = "XML_DSIG_RSA_KEY";
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);
// Check arguments.
if (xmlDoc == null)
throw new ArgumentException("xmlDoc");
if (rsaKey == null)
throw new ArgumentException("Key");
// Create a SignedXml object.
SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = rsaKey;
// Specify a canonicalization method.
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl;
// Set the InclusiveNamespacesPrefixList property.
XmlDsigExcC14NTransform canMethod = (XmlDsigExcC14NTransform)signedXml.SignedInfo.CanonicalizationMethodObject;
canMethod.InclusiveNamespacesPrefixList = "sol soapenv";
// Create a reference to be signed.
Reference reference = new Reference();
Reference reference1 = new Reference();
reference.Uri = "";
reference1.Uri = "";
string referenceDigestMethod = "http://www.w3.org/2001/04/xmlenc#sha256";
reference.DigestMethod = referenceDigestMethod;
reference1.DigestMethod = referenceDigestMethod;
// Add an enveloped transformation to the reference.
//XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
//reference.AddTransform(env);
XmlDsigExcC14NTransform c14n = new XmlDsigExcC14NTransform();
c14n.InclusiveNamespacesPrefixList = "wsse sol soapenv";
reference.AddTransform(c14n);
XmlDsigExcC14NTransform c14n1 = new XmlDsigExcC14NTransform();
c14n1.InclusiveNamespacesPrefixList = "sol";
reference1.AddTransform(c14n1);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
signedXml.AddReference(reference1);
// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
KeyInfo keyInfo = new KeyInfo();
SecurityTokenReference skr = new SecurityTokenReference();
skr.Reference = "some";
skr.ValueType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
keyInfo.AddClause(skr);
signedXml.KeyInfo = keyInfo;
// Compute the signature.
signedXml.ComputeSignature();
// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();
System.Console.WriteLine(signedXml.GetXml().InnerXml);
// Append the element to the XML docu0ment.
//xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlDigitalSignature, true));
XmlElement root = (XmlElement)xmlDoc.GetElementsByTagName("soapenv:Envelope")[0];
string query = string.Format("//*[@Id='{0}']", "IDH"); //Search the Header tag to add signature
XmlElement myElement = (XmlElement)xmlDoc.DocumentElement.SelectSingleNode(query);
myElement.AppendChild(xmlDigitalSignature);
}
I can generate this file我可以生成这个文件
<soapenv:Envelope xmlns:sol="
http://www.sol.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header Id="IDH">
<sol:authentication>
<id>4942014103</id>
<userid>ME.8494</userid>
</sol:authentication>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="sol soapenv" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsse sol soapenv" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>BEZBfqQ1QGgbhxvtB83/tr2Yt/8uJPEfvrh8Tn5O6oQ=</DigestValue>
</Reference>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="sol" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>BEZBfqQ1QGgbhxvtB83/tr2Yt/8uJPEfvrh8Tn5O6oQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>MiOL7D2YfIModsGXh+mm+Ok+oApaYMNenX8xFgwMCXcxW7blHqAPJ2VKGhraAdqy9crAvzEgT6MqD/T9ZWPnK1IHOcQlCt5XICkAlJVnLB78rWkYaTsjNLak2KSvQVCqEDIp0GEwGE6S+5cJykWmbOGiZg50VFFN8QRUlYiIB8I=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#some" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</soapenv:Header>
<soapenv:Body>
<sol:solbus>
<in>H4sIAAAAAAAEAI1VXW+bMBR9n7T/YPFcvgJJW9RQUZJ0aAnpAp26vVQWOK2lgCPjJM2/nwEHTEKk8cY59/heHx/Dw+NXtgF7RAtM8rFiaoby6H7/9rBmiTPzYt97X079CeBFeeFWF8FXisfDK2dXT9cDhoB0sj9EMfGIapvy3mUfKJMqjivGAwT5AiVMUajpUdzR2CktRhGHGIrdeQJZAdt/xtbyryBOZJyGc4F1aqUsBnBKCacoGKAn6gaIuSCuQw7+hEKE9x/uGTbAvzYxC684n39+VZuy8fLZpr9p39oPdWSqvEFOZFhhmrCnY5o0d38Vbr+jhJukIJwnuJe41q3QUhicRmYu6LW9lfS2S4FDeaGm/nuWxdY5fOdQ19pmS37e7AS5LSqrrkfCRB/iCbFFGJFHS5jT1Od3DT4ZqwFfIptGku+g+njRq/UoY9Uu9HqjUc3Yk4NfesUxvCDL1/GYblvf/aoYKc1YiqGaYFK0vdhbcKPDCZzsFq6QfLeu2W7lXPoWDjZeR7oRA16NlU+n+MdSXNEtnn3HXbepJtgRdv9RN4v6fh6xR4/CVeTMMYmDdg4oVPr6sN34MjNGSdaVxPvryl/nHFITD+KYYbzNqPloz1SJ4wZZ9BviZA7+ZKvxqsmroWSTmvT3BT/k9AsqO0dGusLN5CRerUWaoT/bN71F6Ymjh9q6S36nngMxEmBLFwcAAA==</in>
</sol:solbus>
</soapenv:Body>
</soapenv:Envelope>
In method SingXml xmlDoc contains this xml, anfter sing I add to header在方法 SingXml xmlDoc 中包含这个 xml,在唱歌之后我添加到标题
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sol="http://www.sol.com">
<soapenv:Header Id="IDH">
<sol:authentication>
<id></id><userid></userid> <------ With info
</sol:authentication>
</soapenv:Header>
<soapenv:Body>
<sol:siatbus>
<in></in> <-----With info
</sol:siatbus>
</soapenv:Body>
</soapenv:Envelope>
I need something more, Signature must be within a Security tag inside Header tag, with a BinarySecurityToken element我需要更多东西,签名必须在 Header 标签内的 Security 标签内,带有 BinarySecurityToken 元素
For example例如
<soapenv:Header> <!-- extrac of the example file -->
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-D53CCD6983E4CE0BD7142791021078262">
MIIDbDgg4iF74cqiF6NcnzBnD9qA2MB6hSo38e0RISilEFSzWikDqBtOjgm7ux9fdeHojDm4uvhsSfbEyGmGTAQRzg9yIiD3ovjOzuZsf+I3HWS9F6xl6sb2+wvYXD4DFk/OD+N7UszGsoWFZg
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
.....
</ds:Signature>
I can add <wsse:Security tag with hard code String, but I do not know if it affects the BinarySecurityToken inside我可以用硬编码String添加<wsse:Security标签,但不知道会不会影响里面的BinarySecurityToken
How is the internal data ( MIIDbDgg4i ....) of the token is generated?令牌的内部数据( MIIDbDgg4i ....)是如何生成的?
What I have to do to add the Security tag?我必须做什么才能添加Security标签?
Extra额外的
How I can add the prefix ds to the Signature and its children?如何将前缀ds添加到签名及其子项?
1 个解决方案
解决方案1
10 2015-11-17 16:14:41
The BinarySecurityToken is simply the base 64 encoded version of the cert. BinarySecurityToken 只是证书的 base 64 编码版本。 If you export the cert and copy to file making sure you clicked the Base-64 encoded option you will see the value that is used in the BinarySecurityToken element.如果导出证书并复制到文件并确保单击 Base-64 编码选项,您将看到 BinarySecurityToken 元素中使用的值。 You can see this by opening the exported file in notepad.您可以通过在记事本中打开导出的文件来看到这一点。
To programmatically populate your xml element directly from the Client cert do something like this:要直接从客户端证书以编程方式填充 xml 元素,请执行以下操作:
var cert = new X509Certificate2(ClientCertificateFilePath, ClientCertificatePassword);
var export = cert.Export(X509ContentType.Cert, ClientCertificatePassword);
var base64 = Convert.ToBase64String(export);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
用于添加soap标头的C#代码wsse:Security,wsse:BinarySecurityToken,ds:Signature,wsse:UsernameToken,wsu:Timestamp - C# code to add soap header wsse:Security, wsse:BinarySecurityToken,ds:Signature, wsse:UsernameToken,wsu:Timestamp
C# 生成没有 XML 根元素的 SOAP 包络 - C# Generate SOAP Envelope without XML Root Element
如何在使用.pfx证书的Web服务调用中添加BinarySecurityToken? C# - How add BinarySecurityToken in the call to webservice with .pfx certificate? C#
如何添加wsse:Security标头 - How to add wsse:Security header
在 C# 中以编程方式创建 WCF 客户端的标头 (wsse) 部分 - Creating Headers (wsse) Section of WCF Client Programmatically in C#
以编程方式在C#中添加无管理员权限的文件关联 - Programmatically add file association without admin rights in C#
如何在C#中以编程方式添加新引用? - How to add new reference programmatically in c#?
c#以编程方式添加服务引用 - c# programmatically add service reference
使用带有证书和设置安全性的 web 服务 c#/.net,还没有添加服务参考? - Consume web services c#/.net with certificates and setting up security, also without adding service reference?
在C#中创建XML Amazon Envelope - Create XML Amazon Envelope in C#
相关标签