使用WCF服务或SoapUi更改规范化算法
[英]Change canonicalization algorithm with WCF service or in SoapUi
问题描述
i'm trying to develop WCF service with WS-Security (Https and messages signed), basically - it's working and i can consume it with my .NET client app, but i need to be able to test this webservice with SoapUi. 
我正在尝试使用WS-Security(签名的HTTP和消息)开发WCF服务,基本上,它可以正常工作,并且可以通过.NET客户端应用程序使用它,但是我需要能够使用SoapUi测试此Web服务。 I can generate almost the same request like made by my .NET client app, but with only one difference - SoapUi use canonicalization xml-exc-c14n# like: 我可以生成与我的.NET客户端应用程序几乎相同的请求,但只有一个不同-SoapUi使用规范化xml-exc-c14n#,例如:
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsse s" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
and my .NET client like: 和我的.NET客户端类似:
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
I've tried samples from Change canonicalization algorithm with WCF to change this, but without success. 我尝试了使用WCF的更改规范化算法中的示例来更改此设置,但没有成功。 I can't set defaultAlgorithmSuite variable with class derived from SecurityAlgorithmSuite because WCF throws ArgumentOutOfRangeException but only on runtime. 我无法使用从SecurityAlgorithmSuite派生的类设置defaultAlgorithmSuite变量,因为WCF仅在运行时抛出ArgumentOutOfRangeException。 Below's my configuration: 下面是我的配置:
EndpointAddress address = new EndpointAddress(new Uri("dest_wcf_address"), EndpointIdentity.CreateDnsIdentity("cert"));
CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
asec.SetKeyDerivation(false);
asec.AllowInsecureTransport = true;
asec.IncludeTimestamp = true;
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.RequireClientCertificate = false;
binding.Elements.Add(asec);
binding.Elements.Add(textMessageEncoding);
binding.Elements.Add(transport);
config.Description.Behaviors.Add(new ServiceMetadataBehavior { HttpGetEnabled = true, HttpsGetEnabled = true });
config.Description.Behaviors.Add(new ServiceDebugBehavior { IncludeExceptionDetailInFaults = true });
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
config.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "cert_cn");
config.Credentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
"clienct_cert_cn");
config.Credentials.ClientCertificate.Authentication.
CertificateValidationMode =
X509CertificateValidationMode.Custom;
config.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new CustomX509CertificateValidator();
config.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
ServiceEndpoint endpoint = config.AddServiceEndpoint(typeof(IService1), binding, "service_address");
endpoint.Address = address;
So how to change canonicalization algorithm 那么如何更改规范化算法
1 个解决方案
解决方案1
0 已采纳 2017-11-22 13:07:03
I haven't found the way to change Canonicalization algorithm but the problem was different - SoapUI doesn't trim whitespaces while calculating signature hash using EXC-C14N. 我还没有找到更改Canonicalization算法的方法,但是问题有所不同-SoapUI在使用EXC-C14N计算签名哈希时不会修剪空格。 Pretty print in xml broke security. xml中的漂亮打印破坏了安全性。 As solution we can set Strip Whitespaces property in SoapUI on Request level, or manually remove them from body element. 作为解决方案,我们可以在请求级别的SoapUI中设置Strip Whitespaces属性,或从body元素中手动删除它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.