[英]Remove timestamp element from ws-security headers created by WCF
我正在使用來自WCF的舊Java Web服務,該服務需要以下形式的請求:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<wsse:Security mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="xxx" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ssecurity-utility-1.0.xsd">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
...
</s:Body>
</s:Envelope>
使用以下配置hack“工作”但我不希望在config中公開用戶名和密碼:
<binding name="bindingName">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
...
<endpoint address="https://endpoint address"
binding="basicHttpBinding" bindingConfiguration="bindingName"
contract="contract"
name="bindingName">
<headers>
<wsse:Security mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-8293453" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ssecurity-utility-1.0.xsd">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
我想要使用的是以下內容:
<binding name="bindingName">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="UserName" />
</security>
</binding>
但是這會在安全元素中生成timestamp元素,java webservice會將其生成。
我需要做的是從它生成的XML中刪除時間戳,或者為我做一些自定義綁定。
我嘗試創建自定義憑據,但這只更改了usernameToken元素。
我已經看過許多很多SO問題(許多來自2007年及之前的問題),其中包括以下內容並沒有任何樂趣:
刪除timestamp元素的最佳,最簡單和最優雅的方法是什么。
提前致謝
在Kristian Kristensen的博客文章中找到了關於他在集成到Java AXIS 1.X和WSS4J Web服務方面的困境的答案。 。 比我之前嘗試的黑客更簡單,更容易。
您可以使用App.config中的簡單自定義綁定解決此問題,如下所示:
BUGFIX - 以前的版本中有一個錯誤 - 忘了在httpTransport中添加證書
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBindingName">
<security authenticationMode="UserNameOverTransport" includeTimestamp="false">
<secureConversationBootstrap />
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport useDefaultWebProxy="false" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="<endpoint address>"
binding="customBinding"
bindingConfiguration="CustomBindingName"
contract="<contract goes here>"
name="EndpointName" />
</client>
</system.serviceModel>
這提供了正確的SOAP ws-security標頭,而沒有通過調用此代碼使Java服務器混淆的時間戳
var client = new [clientType]();
client.ClientCredentials.ClientCertificate.Certificate = [certificate];
client.ClientCredentials.UserName.UserName = [UserName];
client.ClientCredentials.UserName.Password = [Password];
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
// TODO wrap in try catch
client.Open();
var result = client.[action](new [RequestType] { ... });
進一步閱讀:
WCF客戶端 - 為WS-Security時間戳簽名指定簽名算法
[英]WCF Client - Specifying the signature algorithm for WS-Security Timestamp signature
如何在 WCF 客戶端服務中實現 WS-security(時間戳、用戶名令牌、簽名)
[英]How do I implement WS-security in WCF client service (timestamp, usernametoken, signature)
用於Web服務的WCF客戶端,具有WS-Security,簽名的標頭,身份驗證令牌和主體加密
[英]WCF Client for web service with WS-Security, signed headers, authentication tokens and encryption of body
從WSE 3.0客戶端請求中刪除WS-Addressing / WS-Security部分
[英]Remove WS-Addressing/WS-Security sections from WSE 3.0 Client request
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.