[英]How do I implement WS-security in WCF client service (timestamp, usernametoken, signature)
我需要使用 WS-Security 實現 WCF 請求。 header 必須具有此標簽(簽名、用戶名令牌和時間戳),如下所示:
<soapenv:Header>
<wsse:Security>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...
<wsse:UsernameToken wsu:Id="UsernameToken-DCF9C511">...
<wsu:Timestamp wsu:Id="TS-DCF9C5119CC59E9AE2159888852210410">...
</wsse:Security>
</soapenv:Header>
我已經嘗試使用此代碼,並且在 header 中獲得了“Signature”和“TimeStamp”標簽,但“UsernameToken”標簽不存在:
System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
Servicio.RecaudoWSPortClient client = new Servicio.RecaudoWSPortClient();
//Configuration certificate
X509Certificate2 cert = new X509Certificate2();
cert.Import(@"C:\Users\jdduitama\Desktop\SCRIPTS\bis\Certificado\PKCS C#\PRUEBA.pfx", "PRUEBA", X509KeyStorageFlags.DefaultKeySet);
X509Certificate2 cert2 = new X509Certificate2();
cert2.Import(@"C:\Users\jdduitama\Desktop\SCRIPTS\bis\Certificado\Certificado.cer", "", X509KeyStorageFlags.DefaultKeySet);
//Configuration Custom Binding
TextMessageEncodingBindingElement textEncoding = new TextMessageEncodingBindingElement { MessageVersion = MessageVersion.Soap11 };
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement { RequireClientCertificate = true };
TransportSecurityBindingElement sec = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
sec.EnableUnsecuredResponse = true;
CustomBinding customBinding = new CustomBinding(sec, textEncoding, httpsTransport);
client.Endpoint.Binding = myBinding;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
client.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.Offline;
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert2;
client.ClientCredentials.ClientCertificate.Certificate = cert;
client.Endpoint.Address = new System.ServiceModel.EndpointAddress("https://myservice.com/service");
client.Endpoint.Binding.SendTimeout = new TimeSpan(0, 0, 30);
client.ClientCredentials.UserName.UserName = "USERNAME";
client.ClientCredentials.UserName.Password = "PASSWORD";
responseConsulta = client.ConsultaPorValidacion(requestConsulta);
我認為解決方案應該在綁定安全配置中,因為如果我在配置中使用安全模式“TransportWithMessageCredential”,我會在 Header 中獲得 usernameToken,但我會丟失“Signature”和“TimeStamp”
<binding name="RecaudoWSPortSoap11">
<security mode="TransportWithMessageCredential" />
</binding>
如果安全模式設置為TransportWithMessageCredential,它會覆蓋自定義綁定中的安全模式,所以我認為這不是一個解決方案。
WCF為自定義綁定提供了18種認證方式,或許你可以試試UserNameOverTransport:
TransportSecurityBindingElement sec = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
您也可以嘗試其他身份驗證方案。 更多其他認證方案可以參考這個鏈接:
WCF客戶端 - 為WS-Security時間戳簽名指定簽名算法
[英]WCF Client - Specifying the signature algorithm for WS-Security Timestamp signature
使用 WS-Security UsernameToken PasswordDigest 身份驗證方案使用 Axis 2 Web 服務的 WCF 客戶端出錯
[英]Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme
如何使WCF客戶端符合特定的WS-Security - 簽署UsernameToken和SecurityTokenReference
[英]How to make WCF Client conform to specific WS-Security - sign UsernameToken and SecurityTokenReference
如何使用ASMX Web服務中的WS-Security和Access UsernameToken?
[英]How to use WS-Security and Access UsernameToken from an ASMX Web Service?
如何使用c#來使用受WS-Security保護的Web服務?
[英]How do I consume a web service protected with WS-Security in mono using c#?
從WCF創建的ws-security標頭中刪除timestamp元素
[英]Remove timestamp element from ws-security headers created by WCF
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.