WCF客户端使用WS-Security连接到Java SOAP Web服务
[英]WCF client connecting to Java SOAP web service using WS-Security
问题描述
I'm having a problem with a .NET WCF client connecting to a Java web service using SOAP 1.1. 
.NET WCF客户端使用SOAP 1.1连接到Java Web服务时遇到问题。 The service requires both transport level encryption over SSL and SOAP security using the WS-Security protocol, both using the same certificate. 该服务既需要使用SSL的传输层加密,又需要使用WS-Security协议(均使用相同的证书)的SOAP安全性。 I have the certificate installed and I can connect to the server however, I get a HTTP 500 response when I post the request. 我已经安装了证书,并且可以连接到服务器,但是在发布请求时收到HTTP 500响应。
I have been able to compare the SOAP produced by WCF with a working example from the developers of the web service. 我已经能够将WCF产生的SOAP与Web服务开发人员的工作示例进行比较。 The WCF SOAP message has additional Timestamp and BinarySecurityToken elements which don't occur in the supplied example. WCF SOAP消息具有附加的Timestamp和BinarySecurityToken元素,这些元素在提供的示例中没有出现。 I know almost nothing about WS-Security and very little about WCF and so I'm hoping that someone can point me in the correct direction. 我对WS-Security几乎一无所知,而对WCF却一无所知,所以我希望有人能指出我正确的方向。
Here is the configuration section for my application: 这是我的应用程序的配置部分:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="JavaServiceSoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://service/endpoint"
binding="basicHttpBinding" bindingConfiguration="JavaServiceSoapBinding"
contract="MyCode.MyService" name="MyServicePort" behaviorConfiguration="endpointBehavior">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine" storeName="My" findValue="A1A1A1A1" x509FindType="FindBySerialNumber"/>
<serviceCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And this is the example SOAP header I have from the parter responsible for the service: 这是我从负责该服务的合作伙伴处获得的示例SOAP标头:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservice.connector.speechanalytics.ept.avaya.com/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ds:Signature Id="Signature-5" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>blablabla=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
blablabla=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-blablabla">
<wsse:SecurityTokenReference wsu:Id="STRId-blablabla" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Dept,OU=Product,O=Company,L=Location,ST=BLA,C=BLA</ds:X509IssuerName>
<ds:X509SerialNumber>1319578157</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
and this is the SOAP message that WCF is producing: 这是WCF正在生成的SOAP消息:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2012-05-21T15:02:36.448Z</u:Created>
<u:Expires>2012-05-21T15:07:36.448Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-abd451ed-9bff-4cd0-b9a6-38fcd6bf9e8b-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">blablabla==</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>+blablabla=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>blablabla=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-abd451ed-9bff-4cd0-b9a6-38fcd6bf9e8b-1"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
1 个解决方案
解决方案1
1 已采纳 2012-05-21 17:39:24
do you have any details on why the server fails? 您是否了解服务器为什么会发生故障的详细信息? messages do not have to be exactly the same. 消息不必完全相同。 try to see if the http 500 body contains something, or if the vendor can tell you from the logs. 尝试查看http 500正文是否包含某些内容,或者供应商是否可以从日志中告诉您。
next revert to a custombinding instead of a basichttpbinding (do this online automatically ) and on the security element binding add attribute includeTimestamp="false". 接下来,将其还原为custombinding而不是basichttpbinding( 自动在线执行此操作),并在安全元素绑定上添加add属性includeTimestamp =“ false”。
try with this first (and get message). 首先尝试一下(并获取消息)。 workign w/o BinarySecurityToken is also possible but slightly more complex at this stage. 也可以不使用BinarySecurityToken进行工作,但是在此阶段稍微复杂一些。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.