SOAP标头中的WCF用户名和密码

Question

我正在尝试让WCF客户端使用请求的SOAP标头中提供的安全信息来调用Web服务，如下所示。

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
                    xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                    xmlns:ah_etas_order="http://types.defra.gov.uk/ahw/eartagging/order"
                    xmlns:ah_common="http://types.defra.gov.uk/ahw/common/complextypes" 
                    xmlns:ah_assettype="http://types.defra.gov.uk/ahw/asset"
                    xmlns:ah_ref_data_sets="http://types.defra.gov.uk/ahw/common/referencedatasets"
                    xmlns:ah_custtype="http://types.defra.gov.uk/ahw/customer" 
                    xmlns:m5="http://types.defra.gov.uk/bs7666" 
                    xmlns:m6="http://www.govtalk.gov.uk/people/bs7666" 
                    xmlns:m7="http://types.defra.gov.uk/ahw/common/derivedtypes" 
                    xmlns:ah_etas_type="http://types.defra.gov.uk/ahw/eartagging">
    <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:Security soap:role="system" soap:mustUnderstand="true">
            <wsse:UsernameToken>
                <wsse:Username>username here</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password here</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>...</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

我正在使用Visual Studio 2012和.NET 4.文档说用于CARA服务的SOAP消息传递版本是SOAP 1.2。

我添加了一个服务引用，添加了一个带端点的web.config文件和以下自定义绑定。

<customBinding>
    <binding name="ProcessOrderBinding">
        <textMessageEncoding messageVersion="Soap12" />
        <httpTransport />
    </binding>
</customBinding>

我尝试了很多不同的web.config选项，但似乎无法获得正确的soap标头。有人能指出我正确的方向吗？

更新

@Yaron，这是使用绑定的soap标头。我添加了一个includeTimestamp = false来删除时间戳。

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">
            uIDPoxqYDT0sMwVImscgqVaf7GYAAAAAjin6KftLjkaS2CW99IXxrnWGCjfQnzFFuf4zGaQpeqIACQAA
        </VsDebuggerCausalityData>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:UsernameToken u:Id="uuid-79885712-d6eb-451c-9483-4df2b68722bd-1">
                <o:Username>username here</o:Username>
                <o:Password>password here</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">...</s:Body>
</s:Envelope>

正如您所看到的，密码之前缺少以下内容。

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">

Answer 1

使用此绑定：

<customBinding>
    <binding name="NewBinding0">
        <textMessageEncoding messageVersion="Soap12" />
        <security authenticationMode="UserNameOverTransport">
            <secureConversationBootstrap />
        </security>
        <httpsTransport />
    </binding>
</customBinding>

当然，您还需要提供代理的用户/传递：

proxy.ClientCredentials.Username.Username = "user"
proxy.ClientCredentials.Username.Password = "pass"

所有这些假设您也使用SSL。如果您不这样做，请查看CUB。