使用UserNameOverTransport进行未签名请求后签名的响应

Question

我必须使用UserNameOverTransport发送一个未签名的请求。这部分按要求运作。

问题是已签名的回复。未设置mustUnderstand属性。因此不需要验证签名。我得到的错误仍然是：

Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.

我想验证签名或忽略它。也不例外。

我的约束力：

<binding name="MvpBinding">
          <security includeTimestamp="false"
                    authenticationMode="UserNameOverTransport"
                    defaultAlgorithmSuite="Basic256"
                    requireDerivedKeys="false"
                    allowSerializedSigningTokenOnReply="true"
                    messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
          </security>
          <textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
          <httpsTransport maxReceivedMessageSize="2000000000" />
        </binding>

肥皂标题：

<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:kd4="http://www.ibm.com/KD4Soap">
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsu:Timestamp wsu:Id="Timestamp-f2d068c8-87de-4dd0-9a3a-f11ce53d444b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsu:Created>2014-09-05T08:47:50Z</wsu:Created>
                <wsu:Expires>2014-09-05T08:52:50Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:BinarySecurityToken wsu:Id="SecurityToken-4e7c6de0-007d-4afc-9e28-c68de09368a6" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIE6zCCA9OgAwIBAgISESHYLw+ktfA+n3/v0Gmcvus...kf2qLDNUcKvLpW6pu11nFInk4P6ITfpzFvbwYLzwdEXpTr+Tp6FZEwRlOkfZqvFwCu/McnMebVWwB4RD+YdxLpJQz9kxivvLaNtHUkObNmkrtcGlJiLLaxyWron56+hEVNFqumhqBMIOfUHYCMlKkW1lmvxheHWTTz8uCpBYCEQvs7B2zsyqw</wsse:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#Timestamp-f2d068c8-87de-4dd0-9a3a-f11ce53d444b">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>zhzUEkYsK3HdX+J8/0Bv+By1W/A=</DigestValue>
                    </Reference>
                    <Reference URI="#Body-493e1e76-a11f-4c9c-8ef9-7231ff86354d">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>o0j1TY3Zd8mfs59Z4K2Vrlu9seQ=</DigestValue>
                    </Reference>
                </SignedInfo>
               <SignatureValue>...geofKdEYJH/TbpXjO8w==</SignatureValue>
                <KeyInfo>
                    <wsse:SecurityTokenReference xmlns="">
                        <wsse:Reference URI="#SecurityToken-4e7c6de0-007d-4afc-9e28-c68de09368a6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                    </wsse:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </wsse:Security>
    </soap:Header>