带有认证的WCF消息安全性

时间:2013-09-03 09:03:35

标签: wcf security digital-certificate

我需要调用SSL加密的Web服务,并且必须对SOPA消息进行数字签名

我是WCF的新手,这是我到目前为止所做的,但我仍然可以做对。

E.g。 SOAP消息

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://model.bxd.fi"  xmlns:cor="http://bxd.fi/CorporateFileService">
<soapenv:Header>
   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="CertId-9502902" ValueType="http://docs.oasis-pen.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message- security-1.0#Base64Binary">
       S..=
    </wsse:BinarySecurityToken>
    <ds:Signature Id="Signature-22310861" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
           <ds:Reference URI="#id-23633426">
              <ds:Transforms>
                   <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>yM2…TE=</ds:DigestValue>
           </ds:Reference>
     </ds:SignedInfo>
     <ds:SignatureValue>nc…brQ=</ds:SignatureValue>
     <ds:KeyInfo Id="KeyId-7..8">
         <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-00401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-2471808">
             <wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-x509-token-profile-1.0#X509v3" URI="#CertId-2902"/>
         </wsse:SecurityTokenReference>
      </ds:KeyInfo>
   </ds:Signature>
  </wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-    utility-1.0.xsd" wsu:Id="id426">
   <cor:getUserInfoin>
       <mod:RequestHeader>…..<mod:RequestHeader>
       <mod:ApplicationRequest>ASD..<mod:ApplicationRequest>
   </cor:getUserInfoin>
</soapenv:Body>
</soapenv:Envelope>

客户代码

var cfs = new ServiceClient();

var data = new XmlDocument();
data.Load("C:\\Temp\\testxml2.xml");

var requestHeader = new RequestHeader
{
    Timestamp = DateTime.Now,
    SenderId = "1",
    RequestId = "2",
    UserAgent = "3",
    ReceiverId = "4",
};

var uploadFileRequest = new UploadFileRequest
{
    ApplicationRequest = Encoding.Unicode.GetBytes(data.OuterXml),
    RequestHeader = requestHeader
};

var userResp = cfs.uploadFile(uploadFileRequest);

的App.config

<system.serviceModel>
   <behaviors>
     <endpointBehaviors>
       <behavior name="endpointCredentialsBehavior">
         <clientCredentials>
           <clientCertificate findValue="b7 ......... 99"
                           storeLocation="CurrentUser"
                           x509FindType="FindByThumbprint" />
         </clientCredentials>
       </behavior>
       </endpointBehaviors>
   </behaviors>
   <bindings>
     <wsHttpBinding>
       <binding name="WSHttpBinding" >
         <security mode="TransportWithMessageCredential" >
         <transport clientCredentialType="Certificate" />
         <message clientCredentialType ="Certificate"/>
         </security>
       </binding>
     </wsHttpBinding>
   </bindings>
   <client>
     <endpoint address="https://..../Service"
            behaviorConfiguration="endpointCredentialsBehavior"
            binding="wsHttpBinding"
            bindingConfiguration="WSHttpBinding"
            contract="FileServices"
            name="WSHttpBindingEndPoint">
     </endpoint>
   </client>
 </system.serviceModel>

我猜问题是绑定(?)

security mode =“Transport”=标题中没有安全元素。

安全模式=“消息”= https无效,预计为http。

security mode =“TransportWithMessageCredential”=标题中的安全元素但是正文部分没有消息。

或者我需要使用WSE吗?

感谢任何帮助

修改 新的配置文件

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
  </startup>
  <system.serviceModel>
    <behaviors>
      <endpointBehaviors>
        <behavior name="endpointCredentialsBehavior">
          <clientCredentials>
            <clientCertificate findValue="b7 ... 99"
                               storeLocation="CurrentUser"
                               x509FindType="FindByThumbprint" />
          </clientCredentials>
        </behavior>
       </endpointBehaviors>
    </behaviors>
    <bindings>
      <customBinding>
        <binding name="NewBinding0">
          <textMessageEncoding messageVersion="Soap11" />
          <security authenticationMode="MutualCertificate"  messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
          </security>
          <httpsTransport/>
        </binding>
      </customBinding>
    </bindings>
    <client>
      <endpoint address="https://..Services"
                behaviorConfiguration="endpointCredentialsBehavior"
                binding="wsHttpBinding"
                bindingConfiguration="NewBinding0"
                contract="FileServices"
                name="WSHttpBindingEndPoint">
      </endpoint>
    </client>
  </system.serviceModel>
  <system.diagnostics>
   ..
   </diagnostics>
  </system.serviceModel>
</configuration>

1 个答案:

答案 0 :(得分:0)

您需要的大部分详细信息都在此WCF security post中。 使用此绑定:

<customBinding>
  <binding name="NewBinding0">
    <textMessageEncoding messageVersion="Soap11" />
    <security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
    </security>
    <httpTransport />
  </binding>
</customBinding>

并将此属性添加到数据协定中:

[System.ServiceModel.ServiceContractAttribute(ConfigurationName="ServiceReference1.SimpleServiceSoap",     ProtectionLevel=System.Net.Security.ProtectionLevel.Sign)]

该帖子还指定了如何轻松解除您可能遇到的一些错误。