WCF客户端安全标头错误“提供了无效的安全令牌”
[英]WCF client security header error “An invalid security token was provided”
问题描述
根据我们的提供商,我们需要发送这种标题:
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>string</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">string</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
但是当我与Fiddler结账时,我发送了这个标题:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo/HuqG5V/ExLj3CNfRenvjEAAAAA7YcLXCnGukqViuu2jfqDDp47VC4vVV1Omqf/X2lHIcsACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-5d0431d0-d951-4a22-91c1-a33d76ce41b3-1">
<o:Username>username</o:Username>
<o:Password>password</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
我正在使用自定义绑定,如下所示(我在另一个使用相同认证方法的webservice上使用它并且正常工作)
private static Binding CreateMultiFactorAuthenticationBinding()
{
HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement();
httpTransport.MaxReceivedMessageSize = int.MaxValue;
//AddressHeader addressHeader = AddressHeader.CreateAddressHeader("Security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", security, xmlObjectSerializer);
CustomBinding binding = new CustomBinding();
binding.Name = "myCustomBinding";
TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement();
messageSecurity.IncludeTimestamp = false;
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
messageSecurity.SetKeyDerivation(false);
TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8);
Quota.ReaderQuotas.MaxDepth = 32;
Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
Quota.ReaderQuotas.MaxArrayLength = 16384;
Quota.ReaderQuotas.MaxBytesPerRead = 4096;
Quota.ReaderQuotas.MaxNameTableCharCount = 16384;
binding.Elements.Add(Quota);
binding.Elements.Add(messageSecurity);
binding.Elements.Add(httpTransport);
return binding;
}
private WaybillManagementPOD GetClient()
{
CustomBinding customBinding = (CustomBinding)CreateMultiFactorAuthenticationBinding();
EndpointAddress endpointAddress = new EndpointAddress(this.EndPointAddr);
WaybillManagementPOD proxy = ChannelFactory<WaybillManagementPOD>.CreateChannel(customBinding, endpointAddress);
ServicePointManager.ServerCertificateValidationCallback = (obj, certificate, chain, errors) => true;
ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
ChannelFactory _bankChannel = new ChannelFactory<WaybillManagementPOD>(customBinding, this.EndPointAddr);
ChannelFactory<WaybillManagementPOD> channelFactory = null;
WaybillManagementPOD client = null;
channelFactory = new ChannelFactory<WaybillManagementPOD>(customBinding, endpointAddress);
channelFactory.Credentials.UserName.UserName = this.WsUser;
channelFactory.Credentials.UserName.Password = this.WsPass;
client = channelFactory.CreateChannel();
return client;
}
public registrarCartaDePorteResponse registrarCP(ParametrosRegistro reg)
{
WaybillManagementPOD cliente = GetClient();
try
{
registrarCartaDePorte req = new registrarCartaDePorte(reg);
registrarCartaDePorteResponse resp = cliente.registrarCartaDePorte(req);
return resp;
}
catch (Exception e)
{
throw e;
}
}
PS:我知道绕过SSL证书并不是一个好习惯,但现在仅用于测试。
我的提供者和我都无法弄清楚错误来自何处,或错误所在的位置,如果它是绑定类型或其他类型。
1 个解决方案
解决方案1
2 已采纳 2014-07-31 14:52:10
我最终按照这里的建议使用正确的方式为SOAP webservice传递WSSE Usernametoken
<endpoint ...>
<headers>
<wsse:UsernameToken xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bob</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>
1234
</wsse:Password>
</wsse:UsernameToken>
</headers>
</endpoint>
</client>
此外,我现在直接从WCF引用创建的类调用webservice,而不是使用上面的自定义类。
另外将信息从服务解决方案复制到UI解决方案,请参见此处: WCF错误 - 找不到引用合同“UserService.UserService”的默认端点元素
现在一切似乎都很好。
WCF客户端错误:“未指定安全令牌发行者的地址”
[英]WCF Client error: “The address of the security token issuer is not specified”
WCF客户端错误:“未指定安全令牌颁发者的地址”
[英]WCF Client error: “The address of the security token issuer is not specified”
WCF错误 - 安全处理器无法在消息中找到安全标头
[英]WCF Error - Security processor was unable to find a security header in the message
将WCF与负载平衡(AWS)一起使用时无效的安全上下文令牌
[英]Invalid security context token when using WCF with a Load Balance (AWS)
如何将安全令牌添加到对WCF服务发出的请求的标头中?
[英]How to add a security token to the header of a request made to WCF service?
WCF安全配置不起作用:抛出安全令牌请求包含无效或格式错误的元素
[英]WCF Configuration for Security Not Working: Throwing The request for security token has invalid or malformed elements
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.