MS Dynamics SOAP端点调用（Active Directory身份验证）

Question

我有一个使用HTTP和AD身份验证的onPremise Dynamics CRM实例设置，没有任何ADFS。

我愿意做一个基本的网络服务电话（使用NTLM）：

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:con="http://schemas.microsoft.com/xrm/2011/Contracts" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
   <soap:Header/>
   <soap:Body>
      <ser:Retrieve>
         <!--Optional:-->
         <ser:entityName>?</ser:entityName>
         <!--Optional:-->
         <ser:id>?</ser:id>
         <!--Optional:-->
         <ser:columnSet>
            <!--Optional:-->
            <con:AllColumns>?</con:AllColumns>
            <!--Optional:-->
            <con:Columns>
               <!--Zero or more repetitions:-->
               <arr:string>?</arr:string>
            </con:Columns>
         </ser:columnSet>
      </ser:Retrieve>
   </soap:Body>
</soap:Envelope>

......但是，自从我收到回复后，我似乎错过了一些东西：

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
   </s:Header>
   <s:Body>
      <s:Fault>
         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-US">An error occurred when verifying security for the message.</s:Text>
         </s:Reason>
      </s:Fault>
   </s:Body>
</s:Envelope>

到目前为止，我的猜测是我在SOAP标题中遗漏了一些东西，但我不知道为什么，或许服务器方面有什么问题？ 也许有人会有线索？

[2016-03-01 11:12:02.248] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread:  146 |Category: Platform.Sdk |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId: a9210b00-7f84-43dc-a794-d8f9697c8b53 | ServiceModelTraceRedirector.TraceData  ilOffset = 0x45
><TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing an exception.</Description><AppDomain>/LM/W3SVC/2/ROOT-2-131012583114393978</AppDomain><Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security.</Message><StackTrace>   at System.ServiceModel.Security.SecurityStandardsManager.CreateReceiveSecurityHeader(Message message, String actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
>   at System.ServiceModel.Security.MessageSecurityProtocol.CreateSecurityHeader(Message message, String actor, MessageDirection transferDirection, SecurityStandardsManager standardsManager)
>   at System.ServiceModel.Security.MessageSecurityProtocol.ConfigureReceiveSecurityHeader(Message message, String actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, IList`1&amp;amp; supportingAuthenticators)
>   at System.ServiceModel.Security.SymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp;amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
>   at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
>   at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
>   at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
>   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
>   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
>   at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
>   at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
>   at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
>   at System.Runtime.InputQueue`1.Dispatch()
>   at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
>   at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
>   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
>

这意味着传入的消息应该有一个安全标头，它不在SOAP请求中，这是真的。

然后我不知道我应该在SOAP请求中添加哪种安全标头。

Answer 1

我建议使用SoapClient捕获您的SOAP调用，如此处所述 - https://msdn.microsoft.com/en-us/library/gg594434(v=crm.7).aspx#BKMK_CaptureHTTPTraffic