简体   繁体   English

通过WCF客户端调用Java SOAP 1.1服务

[英]Calling Java SOAP 1.1 Service by WCF Client

Why a SOAP1.1 Web Service written in JAVA may not recognize a valid cert passed by WCF client? 为什么用JAVA编写的SOAP1.1 Web服务可能无法识别WCF客户端传递的有效证书?

We are getting 500 error from the service indicating that the service doesn't trust our cert. 我们从服务中收到500错误,表明该服务不信任我们的证书。 Can it be something to do with the WCF implementation of SOAP standard differing from what Java service expects to see? 与SOAP标准的WCF实现和Java服务所期望看到的有所不同吗?

Here's the WCF config: 这是WCF配置:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>

    <behaviors>
      <endpointBehaviors>
        <behavior name="ourCert">
          <clientCredentials>
            <clientCertificate x509FindType="FindBySubjectName" findValue="MyCompany"/>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>

    <bindings>
      <customBinding>
        <binding name="wsHttpSoap11" >
          <textMessageEncoding messageVersion="Soap11" />
          <httpsTransport requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>

    <client>
      <endpoint address="https://{site}.com/site.wsdl"
                binding="customBinding"
                behaviorConfiguration="ourCert"
                bindingConfiguration="wsHttpSoap11"
                contract="ServiceContract">
      </endpoint>
    </client>

  </system.serviceModel>

  <system.net>
    <defaultProxy useDefaultCredentials="true" />
  </system.net>

</configuration>

The certificate is validated against a trust chain so the generating framework is not relevant. 证书是根据信任链验证的,因此生成框架不相关。 Also note you use a transport level certificate so SOAP is less likely to be the source of error. 还要注意,您使用传输级别证书,因此SOAP不太可能成为错误源。

I suggest you do the following: 我建议您执行以下操作:

  1. Build a working java client to this service (either generate a certificate using openssl or use the one you have if it's in jks format). 为此服务构建一个工作的Java客户端(使用openssl生成证书,或者使用jks格式的证书)。 Verify the client is working. 验证客户端是否正常工作。
  2. Convert the jks certificate to pfx and use it with a WCF client. 将jks证书转换为pfx,并将其与WCF客户端一起使用。 The WCF client should now also be working. WCF客户端现在也应该正在工作。

If WCF still fails than compare the outgoing SOAP generated by the java and wcf clients (you can use fiddler to capture it). 如果WCF仍然失败,则可以比较java和wcf客户端生成的传出SOAP(可以使用fiddler捕获它)。 This might hint on other differences (maybe you actually need a message certificate and not transport, maybe your soap version is mismatched, etc). 这可能暗示其他差异(也许您实际上需要消息证书而不是传输,也许您的肥皂版本不匹配,等等)。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM