[英]WCF client to WSE 3.0 service
我尝试创建WCF客户端到WSE 3.0服务。 我已经将WSE3.0客户端用于同一服务。 这是它的配置:
<microsoft.web.services3>
<security>
<timeToleranceInSeconds value="10000"/>
<x509 allowTestRoot="true" verifyTrust="true" storeLocation="CurrentUser"/>
<binarySecurityTokenManager>
<add valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<keyAlgorithm name="RSA15"/>
</add>
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>
以这种方式创建服务客户端的策略:
MutualCertificate10Assertion assertion = new MutualCertificate10Assertion()
{
EstablishSecurityContext = false,
RenewExpiredSecurityContext = true,
RequireSignatureConfirmation = false,
MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt,
RequireDerivedKeys = false,
TtlInSeconds = 300
};
assertion.ClientX509TokenProvider = new X509TokenProvider(StoreLocation.LocalMachine, StoreName.My, "ClientCerfiticateName", X509FindType.FindBySubjectName);
assertion.ServiceX509TokenProvider = new X509TokenProvider(StoreLocation.LocalMachine, StoreName.My, "ServiceCerfiticateName", X509FindType.FindBySubjectName);
//protection
assertion.Protection.Request.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody;
assertion.Protection.Request.EncryptBody = true;
assertion.Protection.Response.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody;
assertion.Protection.Response.EncryptBody = true;
assertion.Protection.Fault.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody;
assertion.Protection.Fault.EncryptBody = false;
this.Policy = new Policy(new TraceAssertion(serviceUri), assertion, new RequireActionHeaderAssertion());
现在我尝试使用它来创建WCF客户端。 我使用了这些建议( http://msdn.microsoft.com/en-us/library/ms730299.aspx )。 我从服务和客户端契约生成类型,然后创建从Binding派生的WseHttpBinding类,之后我尝试创建这个自定义绑定并初始化客户端和服务证书:
string clientCertificateName = "ClientCertificateName";
string serviceCertificateName = "ServiceCertificateName";
Uri uri = new Uri("http://WantedService.asmx"));
EndpointAddress address = new EndpointAddress(uri,
EndpointIdentity.CreateDnsIdentity(serviceCertificateName ));
WseHttpBinding binding = new WseHttpBinding()
{
SecurityAssertion = WseSecurityAssertion.MutualCertificate10,
EstablishSecurityContext = false,
RequireSignatureConfirmation = false,
MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt,
RequireDerivedKeys = false
};
WantedServiceClient client = new CreativeGroupCurrencyServiceClient(binding, address);
// Set up certificates
client.ClientCredentials.ServiceCertificate.SetScopedCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
serviceCertificateName ,
uri);
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
clientCertificateName);
WantedMethodResponse response = client.WantedMethod(new GetCurrenciesRequest());
但发生了一个例外:
System.Xml.XmlException:无法使用BinarySecretSecurityToken的' http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd '命名空间从'SignatureConfirmation'元素读取令牌, ''ValueType。 如果预期此元素有效,请确保将安全性配置为使用指定了名称,名称空间和值类型的标记。
为什么不起作用? 为什么该计划是1.1? 我应该在MessageSecurityVersion中使用WS Secure 1.1来获取安全绑定元素吗? 哪一个? 我试过这个:
WseHttpBinding binding = new WseHttpBinding()
{
SecurityAssertion = WseSecurityAssertion.MutualCertificate11,
...
};
哪一个使用WS Security 1.1 - MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11
(在WseHttpBinding中配置时)但它也失败了:
System.ServiceModel.Security.MessageSecurityException:安全标头中不需要签名确认。
我不知道我现在甚至可以做什么! 看来我尝试了一切!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.