BizTalk SendPort WCF使用WS-Security调用.asmx Web服务

时间:2009-11-03 17:35:52

标签: wcf biztalk

到目前为止我发现的一切都说我应该能够使用WCF来调用使用WS-Security的.asmx Web服务。问题是如何配置WCF端口。我正在使用WCF-BasicHttp。首先,那可以吗?二,如何正确进入用户/传递。在安全选项卡上,我应该选择哪种“安全模式”?

似乎让我输入凭据的唯一一个是TransportWithMessageCredential,然后我可以通过用户名凭据单击“编辑”按钮并输入用户/通行证。

但是当我这样做时,我得到了这个:

<soap:Fault xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <faultcode xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">q0:Security</faultcode>
   <faultstring>Microsoft.Web.Services3.Security.SecurityFault: Security requirements are not satisfied because the security header is not present in the incoming message.
   at Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security)
   at MSB.RCTExpress.Presentation.Web.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security)
     in C:\projects\la1safe1\RCT Express\MSB.RCTExpress\3.10\Presentation.Web\UsernameOverTransportNoSendNone.cs:line 27
   at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
   at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
   at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
   at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
   at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
   at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
   at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean&amp; abortProcessing)</faultstring>
   <faultactor>http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx</faultactor>
</soap:Fault>

有什么想法吗?

谢谢,

Neal Walters

TomasR后期的后续行动 - 使用WS-HTTP绑定:

1)BizTalk“使用WCF向导”构建自定义绑定文件和WS-BasicHTTP绑定文件,因此我更改了SendPort,并手动复制了所有配置。

设定如下:
安全模式:消息
消息客户端凭据类型:UseName
算法套件:Basic256 [我不知道放在这里的内容]
我还检查了另外两个方框:
  a)谈判服务凭证[如果我不检查这个,它想要一个“指纹”]   b)建立安全背景[也尝试不检查这个]

2)跑了并得到了这个错误:

  

描述:
  适配器无法使用URL“http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx”发送发送到端口“WcfSendPort_ValuationServicePort_ValuationServicePortSoap”的消息。它将在为此发送端口指定的重试间隔后重新传输   详细信息:“System.NullReferenceException:对象引用未设置为对象的实例。   

服务器堆栈跟踪:

at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)  
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)  
at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)  
at System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(SecurityTokenProvider tokenProvider, TimeSpan timeout)  
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)  
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)  
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation,   
  EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)  
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)  
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)  
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)  
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)  
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)  
at System.ServiceModel.Channels.CommunicationObject.Open()

在[0]处重新抛出异常:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)  
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)  
at System.ServiceModel.ICommunicationObject.Open()  
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage,   
  ChannelFactory`1& cachedFactory)  
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)".  

现在尝试了自定义绑定,添加了用户/传递并获得此错误:

<soap:Fault xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Code>
    <soap:Value xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">q0:Security</soap:Value>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">Microsoft.Web.Services3.Security.SecurityFault: 
  Security requirements are not satisfied because the security header is not present in the incoming message.
  at Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, 
    Security security)
  at MSB.RCTExpress.Presentation.Web.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity
    (SoapEnvelope envelope, Security security) in 
    C:\projects\la1safe1\RCT Express\MSB.RCTExpress\3.10\Presentation.Web\UsernameOverTransportNoSendNone.cs:line 27
  at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
  at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
  at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
  at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
  at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
  at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
  at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean&amp; abortProcessing)</soap:Text>
</soap:Reason>
<soap:Node>http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx</soap:Node>
</soap:Fault>

我的下一次尝试回到了WS-HTTP,但是尝试将User / Pass放在消息分配而不是SendPort中:

msgRCTGetRequest(SOAP.Username) = "myuser"; 
msgRCTGetRequest(SOAP.Password) = "mypass"; 
//msgRCTGetRequest(SOAP.UseSoap12) = true; 

导致此错误:

<soap:Fault xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
</soap:Code><soap:Reason>
<soap:Text xml:lang="en">System.Web.Services.Protocols.SoapHeaderException: WSE012: The input was not a valid SOAP message because the following information is missing: action.
   at Microsoft.Web.Services3.Utilities.AspNetHelper.SetDefaultAddressingProperties(SoapContext context, HttpContext httpContext)
   at Microsoft.Web.Services3.WseProtocol.CreateRequestSoapContext(SoapEnvelope requestEnvelope)
   at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
   at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
   at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
   at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
   at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean&amp; abortProcessing)</soap:Text>
</soap:Reason>
</soap:Fault>

第五次尝试,即将放弃并开启微软门票:

msgRCTGetRequest(WCF.UserName) = "myuser";
msgRCTGetRequest(WCF.Password) = "mypass";
msgRCTGetRequest(WCF.Action)      = "GetPropertyInfoSourceRecordPolicyNum"; 
msgRCTGetRequest(SOAP.MethodName) = "GetPropertyInfoSourceRecordPolicyNum"; 
msgRCTGetRequest(SOAP.Username) = "myuser"; 
msgRCTGetRequest(SOAP.Password) = "mypass"; 

与第四次尝试相同的错误。


根据提供Web服务的供应商的文档,我应该将用户放入W-Security UsernameToken元素,WS-Security密码中的密码,并将元素的属性设置为“PasswordDigest”。它还说“应该将此标记添加到Web方法的SOAP请求中”。我不确定这是如何从旧的WSE3日转换到新的WCF日。

3 个答案:

答案 0 :(得分:2)

Neal,对于WS-Security,您需要使用WCF-WsHttp绑定/适配器。 WCF-BasicHttp仅适用于不需要WS- *协议的更简单场景。

答案 1 :(得分:1)

带有修补程序971831的.NET 4.0和.NET 3.5 SP1允许通过http传输进行WS-Security。尝试使用此样本绑定:

       <customBinding>
        <binding name="httpAndWSSecurity">
          <security authenticationMode="UserNameOverTransport" 
                    allowInsecureTransport="true"/> 
          <textMessageEncoding messageVersion="Soap11WSAddressingAugust2004"  />
          <httpTransport/>
        </binding>

另见this MSDN article on SecurityBindingElement.AllowInsecureTransport

答案 2 :(得分:0)

使用自定义绑定,然后从BizTalk发送端口单击“配置”,然后转到最右侧的“导入/导出”选项卡。将以下XML粘贴到文件(sample.config)中,然后将其导入配置端口。这基本上节省了在绑定选项卡上手动输入大量内容的时间。

<configuration>
  <system.serviceModel>
    <client>
      <endpoint
       address="http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx"
       binding="customBinding"
       bindingConfiguration="ValuationServicePortSoap12"
       contract="BizTalk"
       name="WcfSendPort_ValuationServicePort_ValuationServicePortSoap12"/>
    </client>
    <bindings>
     <customBinding>
      <binding name="ValuationServicePortSoap12">
       <security authenticationMode="UserNameOverTransport"
        messageProtectionOrder="SignBeforeEncrypt"
        includeTimestamp="true"
        messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
        requireDerivedKeys="false"
        requireSignatureConfirmation="false"/>
       <textMessageEncoding messageVersion="Soap11WSAddressingAugust2004"/>
       <httpsTransport />
      </binding>
     </customBinding>
    </bindings>
   </system.serviceModel>
</configuration>

以上内容不是非常直观(我还在等待微软的链接,其中描述了更多细节)。

然后您仍然在凭据选项卡上指定用户/传递。

但是,这对我们造成了问题,因为我们调用的供应商的.asmx Web服务没有将IIS设置为“需要SSL”。显然,这是与WCF一起使用的要求。换句话说,它适用于WSE3调用.NET到.NET,但在尝试将WCF调用到.asmx时,WCF的要求稍微严格一些。

Neal Walters