如何传递消息凭证-TransportWithMessageCredential-SOAP请求中没有凭证
[英]How to pass message credentials - TransportWithMessageCredential - No credentials in the SOAP request
问题描述
我使用带有“ TransportWithMessageCredential”的WSBinding来保护我的WCF Web服务,使用.NET客户端时我没有任何问题。
但是,当尝试从Android或非.Net客户端使用它时,我不知道在何处提供消息凭据!!
我已经截获了.NET客户端发送的SOAP消息,它不包含任何与凭据相关的信息,但是它工作正常,但是当对来自和Android客户端的SOAP请求使用相同的语法时,我们将面临这个错误:
无法处理该消息。 这很可能是因为操作“ http://tempuri.org/XXX/YYY ”不正确,或者是消息包含无效或过期的安全上下文令牌,或者是绑定之间不匹配。 如果服务由于不活动而中止通道,则安全上下文令牌将无效。 为防止服务中止空闲会话,请过早增加服务端点绑定上的接收超时。
.NET客户端正在发送并以拦截方式工作的SOAP请求:
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
<a:MessageID>urn:uuid:XX-XX-XX-XX-XX</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body>
<XXXXXX xmlns="http://tempuri.org/">
<request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<d4p1:Prop1 i:nil="true" />
<d4p1:Prop2 i:nil="true" />
<d4p1:Prop3 i:nil="true" />
</request>
</XXXXXX >
</s:Body>
</s:Envelope>
我的WCF对服务的认知:
<wsHttpBinding>
<binding name="wsHttpBindingExt" maxReceivedMessageSize="4096000">
<readerQuotas maxDepth="32" maxStringContentLength="409600" maxArrayLength="4096000" maxBytesPerRead="4096000" />
<security mode="TransportWithMessageCredential" >
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
对于工作的.NET客户端:
用于从.NET调用服务并正常工作的客户端代码:
XXXXXServiceClient client = new XXXXXServiceClient ();
client.ClientCredentials.UserName.UserName = "XXXX";
client.ClientCredentials.UserName.Password = "YYYY";
var res = client.DoXXXXX(a,b,c);
编辑
存在的是,拦截器并没有给我全部请求,但是我还有另一个问题。
使用提琴手,我发现有两个请求,第一个是请求安全令牌:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<a:MessageID>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://XXX.XXX.com/XXX.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:13.686Z</u:Created>
<u:Expires>2014-04-25T10:36:13.686Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-4d51d9cc-f621-48af-96a7-1fa541c18ea1-1">
<o:Username>XXX</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">YYY</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:Entropy>
<t:BinarySecret u:Id="uuid-c32043fe-d4fb-4802-b15a-ba2691c2b3d8-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">XXXXXXXXXXXXXXXXXXXXXXXXX</t:BinarySecret>
</t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
该请求的响应为:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</a:Action>
<a:RelatesTo>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:02.106Z</u:Created>
<u:Expires>2014-04-25T10:36:02.106Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestedSecurityToken>
<c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
</c:SecurityContextToken>
</t:RequestedSecurityToken>
<t:RequestedAttachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
</o:SecurityTokenReference>
</t:RequestedAttachedReference>
<t:RequestedUnattachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference URI="urn:uuid:e2562052-1de3-496d-b455-e36958692176" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</o:SecurityTokenReference>
</t:RequestedUnattachedReference>
<t:RequestedProofToken>
<t:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKey>
</t:RequestedProofToken>
<t:Entropy>
<t:BinarySecret u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-9" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">JrVuueyiE55P172GX97vM3KM/oo26pN71wQ4B4C5dbo=</t:BinarySecret>
</t:Entropy>
<t:Lifetime>
<u:Created>2014-04-25T10:31:02.106Z</u:Created>
<u:Expires>2014-04-26T01:31:02.106Z</u:Expires>
</t:Lifetime>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityTokenResponse>
</s:Body>
</s:Envelope>
然后,我可以在第二个主要请求的响应中使用这些信息:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
<a:MessageID>urn:uuid:e2ec7944-a6b8-46f1-b021-270cea67c205</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://XXXX.YYYY.com/ZZZZ.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:14.905Z</u:Created>
<u:Expires>2014-04-25T10:36:14.905Z</u:Expires>
</u:Timestamp>
<c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
</c:SecurityContextToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>YYYYYYYYYYYYYYYYYYYYYY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XXXXXXXXXXXXXXXXXXXXX=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
<XXXXXX xmlns="http://tempuri.org/">
<request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<d4p1:Prop1 i:nil="true" />
<d4p1:Prop2 i:nil="true" />
<d4p1:Prop3 i:nil="true" />
</request>
</XXXXXX >
</s:Body>
</s:Envelope>
这里最大的问题是在哪里找到:BinarySecret,DigestValue,SignatureValue! 以及其他大量的值和ID !!!
1 个解决方案
解决方案1
0 2014-04-25 21:54:04
您看到的消息交换方式是Ws-SecureConversation。 在这里,您可以找到这些消息的完整规范: http : //docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html
您很可能不想在Android客户端中实现或使用它,因此可以通过在message元素中将EstablishmentSecurityContext设置为false来禁用绑定。
更多信息: 如果我使用https,设置EstablishmentSecurityContext =“ False”有什么影响?
外部请求的身份验证 - 如何在 SOAP 标头中传递用户凭据?
[英]Authentication of external requests - how to pass user credentials in the SOAP header?
如何将凭据传递给httpwebrequest以访问SharePoint库
[英]How to pass credentials to httpwebrequest for accessing SharePoint Library
SOAP消息错误的C#安全凭证-WS-Security(WSS)
[英]C# Security Credentials to a SOAP Message ERROR - WS-Security (WSS)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.