[英]Calling a WS-Security Java Web service with C# Client
I'm new at using WCF with secure services. 我是将WCF与安全服务结合使用的新手。
I'm trying to connect to a java webservice with secure HTTPS transport and it uses WS-Security UsernamePassword Token Authentication. 我正在尝试使用安全的HTTPS传输连接到Java Web服务,并且它使用WS-Security UsernamePassword令牌认证。
I've trying to connect with WCF client using the following binding with no luck. 我试图使用以下绑定与WCF客户端进行连接,但没有运气。
<bindings>
<wsHttpBinding>
<binding name="OperationsEndpoint1Binding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="1015536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
Does anyone have a solution to connecting to java webservice HTTPS transport and use WS-Security UsernamePassword Token Authentication much appreciated. 是否有人有解决方案来连接到Java Web服务HTTPS传输并使用WS-Security UsernamePassword令牌认证,因此倍受赞赏。
I did it using wcf. 我用wcf做到了。 This worked for me to connect to a WebSphere ssl soap web service with WS-Security Username Token Authentication.
这对我来说很有效,可以使用WS-Security用户名令牌认证连接到WebSphere ssl soap Web服务。
If you can use .NET4.5+, and server supports it, be sure to avoid the default tls1.0 and use tls.1.1 or 1.2. 如果可以使用.NET4.5 +,并且服务器支持它,请确保避免使用默认的tls1.0,并使用tls.1.1或1.2。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress,
String userName,
X509Certificate2 clientCertificate,
X509Certificate2 serviceCertificate,
Int32 sendTimeoutMinutes){
// Custom Binding
var myBinding = new CustomBinding
{
SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0),
};
myBinding.Elements.Clear();
// asymmetric security
var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
mutual.AllowInsecureTransport = true;
mutual.AllowSerializedSigningTokenOnReply = true;
mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
mutual.EnableUnsecuredResponse = true;
mutual.IncludeTimestamp = false;
mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator};
mutual.RequireSignatureConfirmation = false;
mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
mutual.SetKeyDerivation(false);
// Sets in header the certificate that signs the Username
mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
myBinding.Elements.Add(mutual);
var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true };
httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
myBinding.Elements.Add(httpsBindingElement);
var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress);
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
factory.Endpoint.Behaviors.Remove(defaultCredentials);
var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = userName;
clientCredentials.ClientCertificate.Certificate = clientCertificate;
clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
factory.Endpoint.Behaviors.Add(clientCredentials);
return factory;}
The solution was not to use WCF. 解决方案是不使用WCF。 Instead I created a web request something along the lines of Http request to web service in java which worked.
相反,我按照对Web服务的Http请求的要求创建了一个Web请求,它可以正常工作。
I still haven't found anything in WCF which supports this kinda request. 我仍然没有在WCF中找到任何支持这种请求的东西。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.