如何在 WCF 客户端服务中实现 WS-security(时间戳、用户名令牌、签名)
[英]How do I implement WS-security in WCF client service (timestamp, usernametoken, signature)
问题描述
I need to implement a WCF request with WS-Security.
我需要使用 WS-Security 实现 WCF 请求。 The header must to have this tags (Signature, UsernameToken and Timestamp) as shown below: header 必须具有此标签(签名、用户名令牌和时间戳),如下所示:
<soapenv:Header>
<wsse:Security>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...
<wsse:UsernameToken wsu:Id="UsernameToken-DCF9C511">...
<wsu:Timestamp wsu:Id="TS-DCF9C5119CC59E9AE2159888852210410">...
</wsse:Security>
</soapenv:Header>
I've tried with this code, and I get "Signature" and "TimeStamp" tags in header but the "UsernameToken" tag is not present:我已经尝试使用此代码,并且在 header 中获得了“Signature”和“TimeStamp”标签,但“UsernameToken”标签不存在:
System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Servicio.RecaudoWSPortClient client = new Servicio.RecaudoWSPortClient();
//Configuration certificate
X509Certificate2 cert = new X509Certificate2();
cert.Import(@"C:\Users\jdduitama\Desktop\SCRIPTS\bis\Certificado\PKCS C#\PRUEBA.pfx", "PRUEBA", X509KeyStorageFlags.DefaultKeySet);
X509Certificate2 cert2 = new X509Certificate2();
cert2.Import(@"C:\Users\jdduitama\Desktop\SCRIPTS\bis\Certificado\Certificado.cer", "", X509KeyStorageFlags.DefaultKeySet);
//Configuration Custom Binding
TextMessageEncodingBindingElement textEncoding = new TextMessageEncodingBindingElement { MessageVersion = MessageVersion.Soap11 };
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement { RequireClientCertificate = true };
TransportSecurityBindingElement sec = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
sec.EnableUnsecuredResponse = true;
CustomBinding customBinding = new CustomBinding(sec, textEncoding, httpsTransport);
client.Endpoint.Binding = myBinding;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
client.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.Offline;
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert2;
client.ClientCredentials.ClientCertificate.Certificate = cert;
client.Endpoint.Address = new System.ServiceModel.EndpointAddress("https://myservice.com/service");
client.Endpoint.Binding.SendTimeout = new TimeSpan(0, 0, 30);
client.ClientCredentials.UserName.UserName = "USERNAME";
client.ClientCredentials.UserName.Password = "PASSWORD";
responseConsulta = client.ConsultaPorValidacion(requestConsulta);
I think the solution should be in the binding security configuration, Because if I use security mode "TransportWithMessageCredential" in config i get the usernameToken in the Header but I lose "Signature" and "TimeStamp"我认为解决方案应该在绑定安全配置中,因为如果我在配置中使用安全模式“TransportWithMessageCredential”,我会在 Header 中获得 usernameToken,但我会丢失“Signature”和“TimeStamp”
<binding name="RecaudoWSPortSoap11">
<security mode="TransportWithMessageCredential" />
</binding>
1 个解决方案
解决方案1
0 2020-09-02 03:15:35
If the security mode is set to TransportWithMessageCredential, it will override the security mode in the custom binding, so I think this is not a solution.如果安全模式设置为TransportWithMessageCredential,它会覆盖自定义绑定中的安全模式,所以我认为这不是一个解决方案。
WCF provides 18 authentication modes for custom binding, maybe you can try UserNameOverTransport: WCF为自定义绑定提供了18种认证方式,或许你可以试试UserNameOverTransport:
TransportSecurityBindingElement sec = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
You can also try other authentication schemes.您也可以尝试其他身份验证方案。 For more information about other authentication schemes, you can refer to this link:更多其他认证方案可以参考这个链接:
https://learn.microsoft.com/en-us/do.net/framework/wcf/feature-details/securitybindingelement-authentication-modes https://learn.microsoft.com/en-us/do.net/framework/wcf/feature-details/securitybindingelement-authentication-modes
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.