如何签署和加密我的WCF客户端服务调用(来自规范:所有消息都应根据WS-Security X.509令牌配置文件进行签名和加密。规范可以找到here)。
我必须使用SOAP 1.1和WS-Security,该服务由第三方提供,我很确定他们是用Java(IBM DataPower)编写的(不管是WCf)。
我尝试过以下方法,但我认为这是一个错误问题的情况,因为我读过的大部分内容都说客户端不会决定加密内容,而是由服务保护级别定义的( SignAndEncrypt)。我也看到了我应该用来加密的X509SecurityToken的引用,但我认为这是旧的.net。
无论如何,这是我到目前为止所做的:
' Create the binding.
Dim myBinding As New BasicHttpBinding() ' FOR SOAP 1.1
myBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential
myBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate
' Create the endpoint address.
Dim ea As New EndpointAddress("https://removed")
' Create the client.
Dim starClientProxy As New wcfStarServiceProxy.starTransportPortTypesClient(myBinding, ea)
' Specify a certificate to use for authenticating the client.
starClientProxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "removed")
'Cert used for encryption
starClientProxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.AddressBook, X509FindType.FindBySubjectName, "removed")
所以它现在应该自动加密吗?我找不到任何需要设置的内容
'call the service
Dim response As wcfStarServiceProxy.AcknowledgeRepairOrderPayload = starClientProxy.ProcessMessage(payload)
所以,我认为我已经成功签署了请求,但是,正文未加密。我该如何加密身体?
答案 0 :(得分:1)
我创建了一个自定义绑定来实现2级安全性 - 证书和用户名密码。我是这样做的(代码摘录):
CustomBinding customBinding = new CustomBinding();
// ...
HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
httpsBindingElement.AllowCookies = false;
httpsBindingElement.BypassProxyOnLocal = false;
httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpsBindingElement.MaxBufferPoolSize = 20480000;
httpsBindingElement.MaxBufferSize = 20480000;
httpsBindingElement.MaxReceivedMessageSize = 20480000;
httpsBindingElement.RequireClientCertificate = true;
httpsBindingElement.UseDefaultWebProxy = true;
TransportSecurityBindingElement transportSecurityElement = new TransportSecurityBindingElement();
transportSecurityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());
transportSecurityElement.EndpointSupportingTokenParameters.SetKeyDerivation(false);
// ...
customBinding.Elements.Add(transportSecurityElement);
customBinding.Elements.Add(httpsBindingElement);
这样,客户端使用用户名和密码对邮件进行签名和加密,但是您可以修改此示例并完成所需的操作。
答案 1 :(得分:1)
Private Function GetCustomBinding2() As Channels.Binding
Dim httpsBindingElement As New HttpsTransportBindingElement()
httpsBindingElement.AllowCookies = False
httpsBindingElement.BypassProxyOnLocal = False
httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard
httpsBindingElement.MaxBufferPoolSize = 524288
httpsBindingElement.MaxBufferSize = 65536
httpsBindingElement.MaxReceivedMessageSize = 65536
httpsBindingElement.RequireClientCertificate = True
httpsBindingElement.UseDefaultWebProxy = True
Dim asbe As New Channels.AsymmetricSecurityBindingElement
asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11
asbe.InitiatorTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
asbe.RecipientTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict
asbe.DefaultAlgorithmSuite = Security.SecurityAlgorithmSuite.Basic128Sha256
asbe.IncludeTimestamp = True
asbe.SetKeyDerivation(False)
'asbe.OnlySignEntireHeadersAndBody = True
'asbe.EndpointSupportingTokenParameters.SignedEncrypted.Add(New ServiceModel.Security.Tokens.X509SecurityTokenParameters)
'asbe.EndpointSupportingTokenParameters.SetKeyDerivation(False)
Dim myBinding As New CustomBinding
myBinding.Elements.Add(asbe)
myBinding.Elements.Add(New TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8))
'myBinding3.Elements.Add(New HttpsTransportBindingElement())
myBinding.Elements.Add(httpsBindingElement)
Return myBinding
End Function