我们需要使用运行SSL和WS-Security的DataPower Web服务。
我已经设置了一个运行HTTP和自定义用户名密码身份验证的WCF Web服务,可以在我们的网络中访问。此Web服务来自我们的Oracle数据库(Oracle无法与WS-Security直接连接)。
调用我们的本地Web服务时,它会调用外部Web服务,添加所有WS-Security标头和证书。
外部Web服务需要在Transport上进行证书身份验证,x509证书用于对邮件进行歌唱和加密。
我在客户端app.config中设置了一个CustomBinding(Web服务是作为Windows服务自托管的),并且能够连接到外部Web服务。维护外部Web服务的人说他们正在成功接收我的消息,处理数据并发送响应。
问题是当我的客户端尝试处理响应时,我得到一个“EncryptedKey子句没有包含所需的加密令牌'System.IdentityModel.Tokens.X509SecurityToken'。”错误。
通过WCF日志记录,我可以看到收到的消息,并查看HTTP OK状态。
<?xml version="1.0"?>
<configuration>
<system.web><compilation debug="true" /></system.web>
<system.serviceModel>
<client>
<endpoint address="https://xxx.fff.eee/Service"
behaviorConfiguration="WSSecBehavior" binding="customBinding"
bindingConfiguration="Soap11_Secure" contract="xxx.yyy"
name="ddddddd" />
</client>
<behaviors>
<serviceBehaviors>
<behavior name="TEST_Service_Behavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Test_Proxy.PasswordValidator, Test_Proxy" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WSSecBehavior">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindByThumbprint"
findValue="dfgasdfgsdgsgfds" />
<issuedToken defaultKeyEntropyMode="CombinedEntropy" cacheIssuedTokens="True" />
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
<scopedCertificates >
<add targetUri="https://xxx.fff.eee/Service"
storeLocation="LocalMachine"
storeName="TrustedPeople" x509FindType="FindByThumbprint" findValue="sdfgsdfgsdfgsfdg" />
</scopedCertificates>
<defaultCertificate storeLocation="LocalMachine"
storeName="TrustedPeople" x509FindType="FindByThumbprint" findValue="sdfgsdfgsdfgsdfgsdfg" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="TEST_Service_Behavior" name="Test_Proxy.TEST_Service">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="soap11Binding"
name="Soap11" bindingName="Soap11" contract="Test_Proxy.ITEST_Service" />
<endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8449/GCOS_WebService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="soap11Binding" maxBufferPoolSize="2147483647"
maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="Soap11_Secure">
<textMessageEncoding messageVersion="Soap11" />
<security defaultAlgorithmSuite="Basic128Rsa15" allowSerializedSigningTokenOnReply="False"
enableUnsecuredResponse="false" authenticationMode="MutualCertificate" messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
securityHeaderLayout="Strict" requireDerivedKeys="False">
</security>
<httpsTransport maxReceivedMessageSize="5000000" authenticationScheme="Negotiate"
maxBufferSize="5000000" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<diagnostics performanceCounters="All" wmiProviderEnabled="True">
<messageLogging
logEntireMessage="True"
logMalformedMessages="True"
logMessagesAtServiceLevel="True"
logMessagesAtTransportLevel="True"
maxMessagesToLog="5000"
maxSizeOfMessageToLog="50000" logKnownPii="True"/>
</diagnostics>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
<system.diagnostics>
<trace autoflush="true"/>
<sharedListeners>
<add name="sharedListener"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="Test_Service_Proxy.svclog" />
</sharedListeners>
<sources>
<source name="System.ServiceModel" switchValue="Verbose, ActivityTracing" >
<listeners>
<add name="sharedListener" />
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging" switchValue="Verbose" >
<listeners>
<add name="sharedListener" />
</listeners>
</source>
</sources>
</system.diagnostics>
</configuration>
请帮助或指示。
发送请求:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-1717e10e-8265-4ada-9dee-d01782ed03a9-1">
<u:Created>2013-10-27T18:14:45.248Z</u:Created>
<u:Expires>2013-10-27T18:19:45.248Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken>
<!-- Removed-->
</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">5ldE9AdwhGZ/xckWL9rimuji1eY=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>HPG3N2VwCSqS3ImLrKLzodnK/I23oPFk097vp8Iru2ZVmR7EotdnL9tU61C6/b8fUU36ntkDVnsECdp0nYqSSbgu9Hoo6LUIEXVLEySqjcj7M3YNeutHwuY1SK5FKdcfFcTuT7a5drxXHzkpJAEyiW7PAxF4c7BF/iVNYXhgcm0lZDpAct2cGhzdSx6gq+K4SMUVq44Vg6Z89yUVyQsERN3nY++DuJC4yn0Z718fD1+tiNlNXNuX2d1JAP1kh9UO0sYIb06lgg5lXmHAzU2XC5MFcPoK6w0HmKH3cyVThFDfnCMeB//xtVcUS7lgDo81o6YF2sstpH+aLHUemuhQTg==</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
<c:DerivedKeyToken u:Id="_1" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<o:SecurityTokenReference>
<o:Reference URI="#_0"/>
</o:SecurityTokenReference>
<c:Offset>0</c:Offset>
<c:Length>16</c:Length>
<c:Nonce>
<!-- Removed-->
</c:Nonce>
</c:DerivedKeyToken>
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:DataReference URI="#_3"/>
</e:ReferenceList>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>eBkrZ4r7IEHLDZANylfLVRCNnrc=</DigestValue>
</Reference>
<Reference URI="#uuid-1717e10e-8265-4ada-9dee-d01782ed03a9-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>EqW8YFzg8XMFLjUNfDlxY6fQR5k=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>CGzogpiUa6jTUmLdd9EiqQdd7VeV3naM59raFqjtjtEf5pPk1a4uwk0ihuzWR7RZTXCa+oieqEE/oEQgEdXzjvDxXUUrmEcIV+be5HSBRw0GPj52Cp55kBHV5hfOCUfsmXcgGQ2mxFNyFQchbKQ20sAGgse+z/GzLnkFnGy/RWQ=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-1bb3eb61-bd9e-42a9-9d0d-81de76cbbe73-3"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" URI="#_1"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>OC8ylIHfJ/QZs9HRTD+SMuYAsGdNTtn6iS/2Lo4GLzxqaOqfOl4dxqCM/0Vp2lwkOldDW3zZR90yiVbK58bdMrRwjJ5HeJop/NtM9e7ysrOeJjroyuVXtMdhRj5bUkz+scM+KsUgSLLCasm0NzWqFRK60CrqZFhTApQN5+EMlQm4HAUGkhW4Fg9C4bYodxR25FTqiTI3VEuAAB3mx1AAvhqnxttI2ghEl9D9Yvm70bl+Z5VfQxQ4DZbFipnSxpZCp3+29rgH4aa6yCYzc2qd630BYJ8ikzZM1YcWQCBsCxU5RB6Y8TF6G9f2Oi97glPeOIXjRaSzj0Vp7f42aappL1dmO6tNpogYOrh9GUsJdNr2CeNzxNGbpYNXmWi/CSOxNjKv8BvpLa12k22va0iHZt0NoOYwzsvY2mhbScUO0rkgLtYuRR4Hvf/rDwjdCjjusNodIEkQXmGxh9tg2vRGZaWounm8DFDlVcscGxeli8wFN1u8jpNeVy4k95sSKzvixqfvNDRZbL3hah7oiWaSYdwbyGl21xGqhuo8yI2T2iax7BZ2v/a02bqF9uj5sjvAnjxCpJK8iADPbbNrzCmL2i2Mo2yjgYyqCx3Jr3VylsymxBCVZqVO8pU8yoU/fYJJJtYQ0FMQs5VoD+yUhXcC5mxqOeMAVUPSntNJ/NhzOtZvMz7FGMR2EitPZ69a9utQfyOzfQzUW3xyE+iJcXxnBLzRAfQoguM0Tj8rBCqNvGTkyljz4URJnVe+a8diaO1YanZAq8K/u/Ei0I7GXDWl3hlE3aBP3wLPHce4eQZxRbZnlezF78H9XDlb3vqLsJ0ynFaS0oLcQ1SRhf1vV0XzTvNdphNRoaAH7EBQvUdj5z6zYjoP1ubndMtFKw+d/WVF7bc72NLR9vHHHiYQ3VN4dsFmH4R2G7mcD44LQgx0UKgwlbF5uixUXW/I4VHzHwehM4DdH8P/euy+KrmjFPrSyhMqPbaKwjIJswJjavUYdKkYJpLpCp8hfb0FvwGNC9Zyzafko5zuRheX/+f7P4kB1ZjXWC9QVb5Q8YaqIYTPXG53W+9usdxeQvPXXwx1lN7odz7OVrGGlvSN1TRybHDn9ysM+zhSwhggeoGkKtWsRoO6RKT9G3lVVuo7tcCXDJHXbPFE0gor1G5mh0iZZtwKagvNZr+TRp9WCh+nXTwU/GZh+utBl49euPA7hNVuunf/RE4ZDvnop0IVe+2f8CkM6ABy7R+T47w51r9NCMuSG7BnPHDfVFZc/ZhRee2eEyEyu4T+HnbRRyd3YJnU6+Y1wu9YTKFrbMLFjq3byZxBJgs70lW7PDXbFk1jegwg0CckjU+oTOyt9RK8iHUgniFEkAd6Z5NgCysoT0PZgOBn7wCeopTyA5ZRp9dFbeOn4vBEUcnP9iegg7nB27Pqi8HY3rgtOrIf0d8Ix2z5J1FRNZY=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
收到回复:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">y1cWMPtJ5ta+ZXxOOHKhkAwG5zM=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
<xenc:CipherData xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:CipherValue>T1TGYnixXqFJcR82RDV9t43jzD6w31zg8uV3Yv84ZG2+wXms2ajayviZ9Ps7+ak4nPVd8uP4u/zYl2jLCpCwEquA2mJ13P6guqcLQt4091ndJAjnBv1EljANCUB7sE4+W6VLZ6zZLhU7kzdH8dF1SUiDS4soSv8/hfWjK3OOrS4=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#body"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsu:Timestamp wsu:Id="Timestamp-3c6a0000-8873-44a3-a1ce-7020c285baed" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2013-10-27T18:14:55Z</wsu:Created>
<wsu:Expires>2013-10-27T18:19:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken>
<!-- Removed-->
</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Id-9c1b48c4-0bde-48af-9086-f8ce71eb74dd">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>F3pP+zcm2Iq8GewW/A4GX5kK8aU=</DigestValue>
</Reference>
<Reference URI="#Timestamp-3c6a0000-8873-44a3-a1ce-7020c285baed">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>MiDu5ZphIhMIAb9ISBj1EKOIfOY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>gEjjen88BeWVuTD7t2txOCFXfEOE2g2bvDbWnxS24tSJYpvywl+PEzif5Is/AXTzgmL/McU8/GOgxt8ZKTLe1k3Ux4ZlGCFQiuEyk/1rmEJ1UYt4wn6O0k3PU34HOgCJDjC/0CYjdNFEgG9rwFk6+H8nldCcbI8ZMsM+6OwvECthB5CNgwM3FZcIIZJmTUkEQLEsszw08xaao7kyZCMbs5HBvUr5kNrIiim0pbYO0o5eFF2A59NBfNugo8EYwvC9mkcy8/RJv7aDflxoLxPNgyV7HCFTyt5lwApo1yzOQFVFduGxCyQACBJdR5kevkmfiqBWTYWk6+/YcqaacNXKPg==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-1e313a32-f22f-43bf-a2d7-a2a24b98a3ef" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soapenv:Body wsu:Id="Id-9c1b48c4-0bde-48af-9086-f8ce71eb74dd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<xenc:EncryptedData Id="body" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>5kvgGglS7ayNXv9LvFILgJjsw8IZ1wCkEZUPCAUakHuxEOpt/gsQ3KNdFkcwZr2rYrnZmrjKctbpAYpBbIXt1HJSAXu6AQQalMkn5B9o28uRfyvRt3Lvkt/lFcBdxGgIufGGPCJPvQlQ8WKmJ2jdolWKeufr/9UfV9m/zpkbycUdUQVfs0h9GQ4TML65ll+HKX2oQuMuHS1TjR6EgXvZThk3TDKf+GuyGkULH8ce60vrGi7qvMMDsfyh20YvJIUmnwHt9HxzMEK5IulM09czz90iyY1jet3GxCkB4x0l8mOO7IGJhQWTzyyD+Kh+rCnc67B+oRf/rgpOQbfcW8P3xnPwmoErGEscDoUa8LPcDBejd6vyKXIPZdNVtccqqarKkKyuhpF9g4uHD810VPcPQe7oKo84yk8YcaejavkKp7/svtAC6nCUJpszZDvhXBml1Qh8pzBMUbg+fnsMY/PRdpCYRvUYfBGx7NymCYTfY5jOaSEYUmHXPTYR1f1f9FckDoTMhMsVk/0TsPJyl8PbRExo91qrBpcJPZRBAUWUwU7Unx6gOqhzYadQ5d/0tp6C5gmBdg1b007TooPUOtGMJygc78lbXFPRxQaV81+hpMRbr4pJyTWpbHdu9dGx+XO+8edR78feB16N4XvxZtqX+HoxjWCE0tlYT8woFVYw8S0OW31XczzW/HuDVBqhTaozKny8CqUW/MU/NoR0jMGqhuK8S5vWHFl2Hv8YttaXlhRUy8aepKPtdNK8GOrjHtShKdkg30fpheFBSi4bjIbnv7VK2xpKgOklfTs14minc28kKxEbvrzQ56d9hKPgOydjU273GmWwudtSRVfuhUWpDkYDxAviaDYfnslSEY5GbPMW0dIXwr8miUZ7HFe4nHv397GAESCELlJ2cjDFwwcmKxnq5sPo7YYFaVqBZAnbdT0bpCsgieK6Vq8Ih/tm9BSXYod2q8NTaIzmhqDFgirgsyt4leEJy0zkGy7Cdd1PYVWOr9JJVsWFnl1laxhoaVDYzjrioP7k2Nk6gPCHjyOEK8LgqOecy6h4bJ2/Ui0Ce2nO1pvl4Za4ehvK5bQrZ6GxrvEa7gS5Mde2B+8BPZCDgehRt3SUy16ha1LxlTNFHRB5Ybzo+AMytAaNSF9zwSy71U5NOhsUdNUslKb7aj7VyOoUvayKMnHfESQIYIj57sH0AOqJzRzbDOpTV3BqXyYX2OIT2hkoSft1JuO0rSJd3mCRKwVDRbS+HufM3dmIn98VAsfYlsWLyd7zbRc7WsqlUzIhD5tVRkqeDS0R8cBR35mv4LV4NbvhvVK6CuI6i4ZL2UgyNQto3HQ5RMqohZFOtA1Lfl4W6WILSF51D1TNRZtbLwCmNAAWJFS/22BiGNN9TyOneFyrmalLYcRUeJ0bN9OZG7oG808noOUxtIIx9zPlHnjUO83/q573GmPK7nrtZJss4U7jeeLef1g08Iq9t6dyh1VViLeX6aCdMKTdmZ+HyQmR5IDe2gQ7N6bosnmZZURezvJUjpeulsJ6u5SVYP9tyGTZjPOwuO3mAxMtPWcuVfotT5qqE6Z6QJziRfIIEh4xp3m46mEalLKLphmm4uRGXmqMWHXWtitgFE2L9qDJoRVW++4ext6/q3cmWhj0qX97g/nHTU0bg42RJ2441Oj1rZtkbMcnwT0Wp3sn1dhkiPbax7XhmHA/l9wNYRE29sJP/M3jxOq8s/RWFTgZJAYtWjDK+uRncyvaSpNfeAlO53Flt25yFSoB1ybC1y+0Mdrd9xrhgh2GlzHmOnlQG0kKGjuc4mzvpgPIuTmM2kgduUXBpUh/gPV2JrFIxNxjkIp6gGG0Yq3mUpfL02ulWrdzhcvvPvAAvintHE3vjC7G9vmcw5T2/jU14LhF5/jLtP31hx3k+G4Re7NKMww9kbjOM/SC8w+tsNLEyVsDOLB2GMWzswkU8EER8Hqxm4ZIqYfDQOu5o+zxmOW9wtE8x43lk7Rt10BSbCPBIjLMGPomZBhVGh2R5HKINHwS/Vz0VDiq9O1MbO2lVKE02IC4</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soap:Envelope>
答案 0 :(得分:1)
原来它与证书有关。一旦我们获得了带有数字签名和密钥加密的有效证书,一切都开始有效了。
不要认为我的自签名(自行生成)证书具有所有必要的用法。
@Yaron - 谢谢你的帮助。
答案 1 :(得分:0)
我建议您使用相同的设置设置WCF服务并验证它是否与客户端一起使用,然后将其响应结构与失败的响应进行比较。
假设它们是相同的结构(否则需要更改绑定),一个选项是响应使用的加密证书与您在请求中用于签名的加密证书不同。验证响应keyInfo中的值确实是您用于签名的证书的subjectKeyIdentifier。
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">y1cWMPtJ5ta+ZXxOOHKhkAwG5zM=</wsse:KeyIdentifier>
答案 2 :(得分:0)
有类似的问题。原来它是由于生成的自签名证书而没有主题密钥标识符(SKI)。检查这个答案: