从安全性中删除Timestamp元素

时间:2013-06-20 20:27:08

标签: wse3.0

所有的极客都会说WSE已经过时了。现在对我好了..只是想找到解决我问题的方法 尝试使用WSE使用Java Web服务。 在传出的soap请求中,安全性具有附加的时间戳节点。 我的外发肥皂请求看起来像这样

 <soap:Header>
    <wsa:Action wsu:Id="Id-6209d12b-20bf-407e-ac72-533d0f671a2c"></wsa:Action>
    <wsa:MessageID wsu:Id="Id-280fe225-2f80-4f37-b5d4-120146fc7dec">urn:uuid:a427b687-6f52-4689-9df2-c2e3c6d9ea1a</wsa:MessageID><
    wsa:ReplyTo wsu:Id="Id-bc623f16-761c-4e03-a23e-aa70bd9b8d34"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo>
    <wsa:To wsu:Id="Id-b8607eed-cb9e-426b-a5dc-51d7855c32e1">https://service100.emedny.org:9047/MHService</wsa:To>
   <wsse:Security soap:mustUnderstand="1">
   <wsu:Timestamp wsu:Id="Timestamp-cbeb0310-93bf-4f39-a44d-3516b32b40e6"><wsu:Created>2013-06-20T20:19:47Z</wsu:Created><wsu:Expires>2013-06-20T20:24:47Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType></BinarySecurityToken>....</soap:Header>

.. 我试图删除动作,messageid,replyto,timestamp元素

所以传出应该是

   <soap:Header>
    <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:BinarySecurityToken........>
</soap:header>

如何从安全性中删除4个元素+时间戳节点。我正在使用WSE3.0。对不起,现在不是Wcf rt 这就是我的尝试。

Step1

Create a custom policy assertion by deriving from Microsoft.Web.Services3.Design.PolicyAssertion.

        namespace UsernameAssertionLibrary
    {
        public class UsernameClientAssertion : SecurityPolicyAssertion, PolicyAssertion
        {
            private string username;
            private string password;

            public UsernameClientAssertion(string username, string password)
            {
                this.username = username;
                this.password = password;
            }

            public override SoapFilter CreateClientOutputFilter(FilterCreationContext context)
            {
                return new ClientOutputFilter(this, context);
            }

            public override SoapFilter CreateClientInputFilter(FilterCreationContext context)
            {
                // we don't provide ClientInputFilter
                return null;
            }

            public override SoapFilter CreateServiceInputFilter(FilterCreationContext context)
            {
                // we don't provide any processing for web service side
                return null;
            }

            public override SoapFilter CreateServiceOutputFilter(FilterCreationContext context)
            {
                // we don't provide any processing for web service side
                return null;
            }
            public override System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<string, Type>> GetExtensions()
            {
                return new KeyValuePair<string, Type>[] { new KeyValuePair<string, Type>("UsernameClientAssertion", this.GetType()) };
            }

            public override void ReadXml(XmlReader reader, IDictionary<string, Type> extensions)
            {
                reader.ReadStartElement("UsernameClientAssertion");
            }


            #region ClientOutputFilter
            class ClientOutputFilter : SendSecurityFilter
            {
                UsernameClientAssertion parentAssertion;
                FilterCreationContext filterContext;

                public ClientOutputFilter(UsernameClientAssertion parentAssertion, FilterCreationContext filterContext)
                    : base(parentAssertion.ServiceActor, false, parentAssertion.ClientActor)
                {
                    this.parentAssertion = parentAssertion;
                    this.filterContext = filterContext;
                }

                public override void SecureMessage(SoapEnvelope envelope, Security security)
                {
                    X509SecurityTokenManager objCertTokenManager = (X509SecurityTokenManager)SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
                    objCertTokenManager.DefaultKeyAlgorithm = "RSA15";
                    objCertTokenManager.DefaultSessionKeyAlgorithm = "TripleDES";

                    X509Certificate2 cert = GetCertificateFromStore("LMWARD");
                    X509SecurityToken x5091 = new X509SecurityToken(cert);

                    X509Certificate2 cert2 = GetCertificateFromStore("DPMedsHistory");
                    X509SecurityToken x5092 = new X509SecurityToken(cert2);
                    UsernameToken userToken = new UsernameToken(
                        parentAssertion.username,
                        parentAssertion.password,
                        PasswordOption.SendNone); // we don't send password over network
                                                  // but we just use username/password to sign/encrypt message

                    // Add the token to the SOAP header.
                    security.Tokens.Add(x5091);
                    security.Tokens.Add(x5092);
                    security.Tokens.Add(userToken);


                    // Sign the SOAP message by using the UsernameToken.
                    MessageSignature sig = new MessageSignature(x5091);
                    security.Elements.Add(sig);

                    // encrypt BODY
                    EncryptedData data = new EncryptedData(x5092);
                    // add ancrypted data to the security context
                    security.Elements.Add(data);
                }
                private static X509Certificate2 GetCertificateFromStore(string certName)
                {

                    // Get the certificate store for the current user.
                    X509Store store = new X509Store(StoreLocation.LocalMachine);
                    try
                    {
                        store.Open(OpenFlags.ReadOnly);

                        // Place all certificates in an X509Certificate2Collection object.
                        X509Certificate2Collection certCollection = store.Certificates;
                        X509Certificate2Collection signingCert = certCollection.Find(X509FindType.FindBySubjectName, certName, true);

                        if (signingCert.Count == 0)
                            return null;
                        // Return the first certificate in the collection, has the right name and is current. 
                        return signingCert[0];
                    }
                    finally
                    {
                        store.Close();
                    }

                }
            }
            #endregion
        }
    }

Step2
This is my wse3Policy.Config 

    <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
      <extensions>
        <extension name="usernameAssertion" 
          type="UsernameAssertionLibrary.UsernameServiceAssertion, 
                                         UsernameAssertionLibrary" />
      </extensions>
      <policy name="ServerPolicy">
        <usernameAssertion />
      </policy>
    </policies>

 Step3

     namespace.Service1 MHs = new Service1();
            UsernameClientAssertion assert = new UsernameClientAssertion("user", "pwd");

            // create policy
            Policy policy = new Policy();
            policy.Assertions.Add(assert);

            // and set it to web service
            MHs.SetPolicy(policy);
        Mhs.Method();

我没有收到任何错误。它在策略文件中有一个警告 元素策略有一个无效的子元素usernameassertion。可能的元素列表是....... 安全时间戳元素,ActionId,mesageId,replyTo,wsa元素仍然出现在传出soap中。 我在这里错过了什么..

0 个答案:

没有答案