Question

我正在尝试在VB中向第三方Web服务编写SOAP请求。我添加了一个服务引用，它自动将以下内容添加到web.config：

<basicHttpBinding>
        <binding name="Soap11">
          <security mode="None">
            <transport clientCredentialType="None" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>

现在我必须写下面的请求：

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
       <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
           <wsse:UsernameToken>
               <wsse:Username>username</wsse:Username>
               <wsse:Password>password</wsse:Password>
           </wsse:UsernameToken>
       </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <sch:Request>
      </sch:Request>
   </soapenv:Body>
</soapenv:Envelope>

我不知道下一步该做什么。我不知道如何提供身份验证细节。我所做的就是以下几点：

    Dim myClient As New MyServiceReference.Client
    Dim myRequest As New MyServiceReference.Request
    Dim myResponse As New MyServiceReference.Response

    myClient.ClientCredentials.UserName.UserName = "Bob"
    myClient.ClientCredentials.UserName.Password = "Dole21"

    myResponse = myClient.Lookup(myRequest)

显然，不是很多。这产生了以下（根据小提琴手）。

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Lookup xmlns="http://example.com/schemas"/></s:Body></s:Envelope>

非常感谢任何帮助。如何将身份验证标头添加到SOAP请求中？我试过改变

安全模式=“运输”

但它会抛出“提供的URI方案'http'无效;预期'https'。”错误。

Answer 1

经过几周的反复试验，我成功完成了这项工作。它实际上得到了很好的回答here，除了它有点令人费解。

在我提供代码之前，我想对那些以.NET中的SOAP请求开始的人提出一些建议：

避免使用asmx和＆＃34;网络服务＆＃34;查找解决方案的解决方案。 asmx是传统技术。
下载SoapUI。它是一个开源肥皂测试工具。
让Fiddler记录您的计算机和计算机之间的HTTP（S）流量第三方网络服务。

好的，所以这里是代码：

    Dim myRequest As New ServiceReference1.LookupRequest
    Dim myResponse As New ServiceReference1.LookupResponse
    Dim address As New EndpointAddress("https://example.com/Service")

    Dim binding = New BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential)
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
    binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName

    Dim myClient As New ServiceReference1.Client(binding, address)
    myClient.ClientCredentials.UserName.UserName = "username"
    myClient.ClientCredentials.UserName.Password = "password"

    myResponse = myClient.Lookup(myRequest)

然后，您需要将web.config更改为包含

<client>
     <endpoint ...>
            <headers>
                <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <wsse:UsernameToken>
                        <wsse:Username>USERNAME</wsse:Username>
                        <wsse:Password>PASSWORD</wsse:Password>
                    </wsse:UsernameToken>
                </wsse:Security>
            </headers>
     </endpoint>
 </client>

当我运行客户端时，它生成了一个（更详细的）SOAP请求，其头部中的客户端凭据与Web服务进行通信：

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
      <a:MessageID>urn:uuid:979816ec-0f1e-4052-a4e6-2449805178e2</a:MessageID>
      <a:ReplyTo>
         <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
      </a:ReplyTo>
      <a:To s:mustUnderstand="1">https://example.com/Service</a:To>
      <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
         <u:Timestamp u:Id="_0">
            <u:Created>2014-04-24T14:44:59.601Z</u:Created>
            <u:Expires>2014-04-24T14:49:59.601Z</u:Expires>
         </u:Timestamp>
         <o:UsernameToken u:Id="uuid-7c02f0c6-107d-45ac-b682-f0462211da21-3">
            <o:Username>username</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
         </o:UsernameToken>
      </o:Security>
   </s:Header>
   <s:Body>
      <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
         <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
         <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
         <t:Entropy>
            <t:BinarySecret u:Id="uuid-45689ab6-30d3-4db6-a08e-99179e0dc65f-3" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">fQHEdTa+AGk8uAH5xbUkP+kfNkoTdEl5uwpWOf8QFug=</t:BinarySecret>
         </t:Entropy>
         <t:KeySize>256</t:KeySize>
      </t:RequestSecurityToken>
   </s:Body>
</s:Envelope>

Answer 2

如果您的服务客户端支持构造函数new ServiceReference.Client(endpointConfigurationByName As String) 然后你可以配置应用程序配置中的所有东西：

<client>
 <endpoint address="http://someserver", binding="Soap11", name="myService">
        <headers>
            <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <wsse:UsernameToken>
                    <wsse:Username>USERNAME</wsse:Username>
                    <wsse:Password>PASSWORD</wsse:Password>
                </wsse:UsernameToken>
            </wsse:Security>
        </headers>
 </endpoint>

完成此操作后，您可以创建一个提供配置名称的新Client客户端实例：

Dim myClient As New ServiceReference1.Client("myService")

每当myClient发送SOAP请求时，它都会发送配置的标头。

您的配置中可以有多个端点以支持多个实例/阶段

VB.NET中的SOAP请求认证

2 个答案: