[英]WCF with basicHttpBinding, encryption, signing and usernameToken over HTTP
[英]WCF over HTTPS and Signing the body
我有一个我想连接的SOAP服务。 它需要通过https进行访问,并且需要通过证书对其进行签名。
我试过以下代码:
<basicHttpBinding>
<binding name="P4Binding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
按如下方式设置我的客户端:
P4_ServiceReference.P4PortTypeClient client = new P4_ServiceReference.P4PortTypeClient();
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(@"[..].cer");
client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"[..]", "somepass");
甚至更改了我的Reference.cs以在ServiceContractAttribute和OperationContractAttribute上包含ProtectionLevel=ProtectionLevel.Sign
。
会发生什么是创建了wse:security标头,但是主体没有被签名。 该服务返回Element http://schemas.xmlsoap.org/soap/envelope/Body must be signed
。
我错过了什么让身体得到正确的签名?
使用此customBinding
而不是basicHttpBinding
修复它。
//Setup custom binding with HTTPS + Body Signing + Soap1.1
CustomBinding binding = new CustomBinding();
//HTTPS Transport
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
//Body signing
AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
asec.SetKeyDerivation(false);
asec.AllowInsecureTransport = true;
asec.IncludeTimestamp = true;
//Setup for SOAP 11 and UTF8 Encoding
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
//Bind in order (Security layer, message layer, transport layer)
binding.Elements.Add(asec);
binding.Elements.Add(textMessageEncoding);
binding.Elements.Add(transport);
看起来TransportWithMessageCredential
仅使用Transport来保护安全并忽略其他所有内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.