我正在尝试与WCF中的Java服务集成。服务器需要OASIS WSSE安全标头才能进行用户名+密码验证。运行安全性由服务器端的SSL提供(没有用于相互身份验证的客户端证书)。请求正在运行,但在处理响应时WCF会失败......
使用Fiddler2,我看到从服务器返回的有效响应没有任何问题,但它看起来像wsse:UsernameToken上的WCF扼流圈,它在服务器的响应中得到回应。
有没有办法忽略服务器响应中返回的令牌的客户端身份验证?我想我需要一个虚拟验证器,并以某种方式将它附加到客户端的响应处理,但我不知道在哪里勾选到那个逻辑。
我不想使用WSE 3.0,所有客户端设置都在代码中(没有外部程序集或配置文件)。
代码
private static IEndPointClient NewProxy(string userName, string password)
{
//Basic SOAP over TLS/SSL with WSSE header for authentication
var baseBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
//Strip the TimeStamp element from the WSSE header - server does not expect it
var elements = baseBinding.CreateBindingElements();
var securityElem = elements.Find<SecurityBindingElement>();
securityElem.IncludeTimestamp = false;
var binding = new CustomBinding(elements);
var address = new EndpointAddress(UATSERVER);
var svc = new EndPointClient(binding, address);
svc.ClientCredentials.UserName.UserName = userName;
svc.ClientCredentials.UserName.Password = password;
}
MessageSecurityException消息和堆栈跟踪
找不到'System.IdentityModel.Tokens.UserNameSecurityToken'令牌类型的令牌身份验证器。根据当前的安全设置,不能接受该类型的标记。
Server stack trace:
at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList`1 allowedTokenAuthenticators, SecurityTokenAuthenticator& usedTokenAuthenticator)
at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
at System.ServiceModel.Security.StrictModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
答案 0 :(得分:2)
您有两种选择: