WCF Siebel服務認證

Question

我正在開發與Siebel EAI Web服務的集成，我無法弄清楚認證的工作原理

以下請求在SoapUi上正常工作：

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:cus="http://siebel.com/CustomUI">
   <soapenv:Header>
  <UsernameToken xmlns="http://siebel.com/webservices">BRBD</UsernameToken>
  <PasswordText xmlns="http://siebel.com/webservices">2015</PasswordText>
  </soapenv:Header>
   <soapenv:Body>
      <cus:GetTransactionForDays_Input>
         <cus:Program_spcName>Loyalty Program – Agroservice</cus:Program_spcName>
         <cus:Days>10</cus:Days>
      </cus:GetTransactionForDays_Input>
   </soapenv:Body>
</soapenv:Envelope>

我需要將這個請求重現為WCF客戶端。 我的代碼如下所示：

            PartnersWs.BCS_spcLOY_spcPeriod_spcTransactionClient tran = 
                new BCS_spcLOY_spcPeriod_spcTransactionClient("myCustomBinding", 
                    "http://[server]/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&WSSOAP=1");

            GetTransactionForDays_Input inp = new GetTransactionForDays_Input();
            inp.Days = "1";
            inp.Program_spcName = "Loyalty Program - Puntos Poderosos";

            GetTransactionForDaysRequest req = new GetTransactionForDaysRequest(inp);
            tran.ClientCredentials.UserName.UserName = "BRBD";
            tran.ClientCredentials.UserName.Password = "2015";

            tran.GetTransactionForDays(inp);

我的自定義綁定配置（因為我不想使用https，所以我需要指定allowInsecure）：

  <customBinding>
    <binding name="myCustomBinding">
      <transactionFlow />
      <security
          authenticationMode="SecureConversation"
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
          allowInsecureTransport="true" allowSerializedSigningTokenOnReply="true" >
        <secureConversationBootstrap
          authenticationMode="UserNameForSslNegotiated"
          messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
      </security>
      <textMessageEncoding />
      <httpTransport decompressionEnabled="true" useDefaultWebProxy="true"/>
    </binding>
  </customBinding>

服務器的響應是：

The content type text/xml;charset=utf-8 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 756 bytes of the response were: '<?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Client</faultcode>**<faultstring>
  Error Code: 10944642 Error Message: Error: Inbound SOAP Message - Session Token is missing or invalid or has expired</faultstring>**<detail><siebelf:errorstack xmlns:siebelf="http://www.siebel.com/ws/fault"><siebelf:error><siebelf:errorsymbol /><siebelf:errormsg>Error: Inbound SOAP Message - Session Token is missing or invalid or has expired</siebelf:errormsg></siebelf:error></siebelf:errorstack></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'.

有任何想法嗎？ ks

Answer 1

根據Siebel Bookshelf的 WS-Security（將在綁定中實現），Siebel SOAP Web服務中使用的安全標頭是兩件完全不同的事情。

請更正您的綁定以不包括WS-Security模型-而是將標頭字段與其他任何字段一樣對待（但要包含正確的名稱空間）。

驗證Siebel的方式也有不同（您可能也想研究一下）：

• 匿名池（完全不需要身份驗證）
• Web服務端點URL中提供的用戶名和密碼