如何在c＃中使用第三方https wsdl web服务

Question

在SoapUI工具中我配置了具有传出WS-Security配置的.Jks文件签名是BinarySecurityToken，算法是CanonicalizationMethod和SignatureMethod它工作正常。

现在我尝试使用C＃代码，如下所示：

SprintApiService.QueryCsaPortTypeClient client = new QueryCsaPortTypeClient();

ClientCredentials ce = new ClientCredentials();
string fileName = Server.MapPath("");
fileName = fileName + "/test-01.pfx";
ce.ClientCertificate.Certificate = new X509Certificate2(fileName, "tag123");
var val = ce.ClientCertificate.Certificate.GetSerialNumber();
ce.ClientCertificate.SetCertificate("CN=jaitest-01, OU=TPA, OU=BMP, OU=Projects, O=Sprint, C=us", StoreLocation.CurrentUser, StoreName.TrustedPeople);

System.IdentityModel.Selectors.SecurityTokenManager sTokenMgr = ce.CreateSecurityTokenManager();
//var sTokenMgr = ce.CreateSecurityTokenManager();

但我无法成功。我总是得到“拒绝客户（政策）”请帮助我。

这是在SoapUI工具中创建的示例请求：

<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp wsu:Id="Timestamp-c55ce328-af36-4b0f-97d8-3bab57ee6a46" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2014-02-18T12:27:52Z</wsu:Created>
            <wsu:Expires>2014-02-18T12:32:52Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:BinarySecurityToken wsu:Id="SecurityToken-1da2e6b0-3a0d-4943-bcae-de0805d9c4c5" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDmTCCAwKgAwIBAgIERxqCLDANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGU3ByaW50MB4XDTExMDgwMjIwMDc0OVoXDTE4MDgwNDA0MDAwMFowYjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBlNwcmludDERMA8GA1UECxMIUHJvamVjdHMxDDAKBgNVBAsTA0JNUDEMMAoGA1UECxMDVFBBMRMwEQYDVQQDEwpzcHJpbnQtbXNvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG2yDWPQBNG9bjt+sVMzlaooX3jON7tOoqtIxPkXl7XCEvbzZpXL2tYtHXqxVfPo9h1weulbj0dE4LlVjlTjzW4upBI92StqDVYdzTLvZWie1fEslIThHDoX7paQpnrSew3TZ6fk4qVnF4h44J/rLnFt3jLEO6IyRhddganpoOowIDAQABo4IBnjCCAZowCwYDVR0PBAQDAgWgMCsGA1UdEAQkMCKADzIwMTEwODAyMjAwNzQ5WoEPMjAxODA4MDQwNDAwMDBaMBEGCWCGSAGG+EIBAQQEAwIFoDCB5AYDVR0fBIHcMIHZMDagNKAypDAwLjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBlNwcmludDEOMAwGA1UEAxMFQ1JMMjkwgZ6ggZuggZiGSmxkYXA6Ly9jYXg1MDAxLnNwcmludC5jb206Mzg5L289U3ByaW50LGM9VVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlhkpsZGFwOi8vY2F4NTAwMi5zcHJpbnQuY29tOjM4OS9vPVNwcmludCxjPVVTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTAfBgNVHSMEGDAWgBRFTY2yujBdccYEb58W/Dt7VY3NHzAdBgNVHQ4EFgQUzUEoNuQ9ummaIU8K6h28izpV2YUwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIDKDANBgkqhkiG9w0BAQUFAAOBgQCTDjwpnYdx9JZpBrIwm4qIF4tZmXCCUIBEcoER1oUw/NSdgbbRjpU5AxUR/aK1K3taa27HS+WBQYTeMw+Y/LFhp8m+UjHBx/O1kfk4JAz201Kk0HeGgFvt9sscLfK8YD0aavdDJ6Z0rMpHBlcv8VQ7P+1zqJLay3TY+atl9wuD/Q==</wsse:BinarySecurityToken>
         <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
               <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <Reference URI="#Timestamp-c55ce328-af36-4b0f-97d8-3bab57ee6a46">
                  <Transforms>
                     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <DigestValue>8H8usvOvRYPwOKHVHdOXO6Y3Cz4=</DigestValue>
               </Reference>
               <Reference URI="#Body-db900962-5b93-4a49-a70a-a1745bed8255">
                  <Transforms>
                     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <DigestValue>54u/0PxaY+S7RigxrisF2Chnplc=</DigestValue>
               </Reference>
            </SignedInfo>
            <SignatureValue>HC10RHq8lweC1KLGAzw1pxjju5LbWASn5GUCxane36DqUxaXQQnBrF0fyBkpI70H+ncrYaO00sxVd1QWnLfYxzl/YEWfHus/qObmFckRnNsEnx9MV5ejHhntbXdzIc9RFbXoFGPcoEGAsKoUbeOi7UWKbofzATG6VMlKhLFz01k=</SignatureValue>
            <KeyInfo>
               <wsse:SecurityTokenReference xmlns="">
                  <wsse:Reference URI="#SecurityToken-1da2e6b0-3a0d-4943-bcae-de0805d9c4c5" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </KeyInfo>
         </Signature>
</wsse:Security>      

...谢谢

Answer 1

  

感谢上帝，经过长时间的研究，我终于找到了解决方案，   谷歌搜索/ binging和努力工作。 Just Recap：第三方Web服务   （用Java编码）使用X509 SecurityToken Https证书   .NET。

     

是的，我们可以使用WSE使用旧技术来使用上述服务   2.0 / WSE 3.0（Web服务增强）和最新使用WCF。我刚刚尝试使用WSE 2.0它按预期工作，但有错误代码   “ WSE464：找不到此消息的策略”仍然可以在try..catch块中看到响应，并使用适当的解密XML响应消息。

遵循的步骤

• 安装客户端给定证书（.pfx）

• 在运行命令类型mmc→Enter中打开Microsoft管理控制台（MMC） 一个。文件→添加/删除管理单元→在列表框中选择证书→单击添加→选择我的
             当前用户→完成 - ＆gt;单击“确定”。

       b. Select Trusted Root Certification → Expand it → Select Certificate → Right click on           
           Certificate → Select All Tasks → Import → Select your Certificate location and finish the  
            wizard process
  

• 对本地计算机（本地计算机）重复步骤2

• 安装Microsoft WSE（Web服务增强功能）2.0 SP3 / WSE 3.0注意。 WSE 2.0 / 3.0仅支持.Net Framework 2.0。 http://www.microsoft.com/en-in/download/details.aspx?id=23689

• 在Visual Studio中创建新的Web应用程序项目 展开项目→右键单击参考→添加服务参考→高级→添加Web参考→在URL文本框中粘贴服务WSDL链接→单击转到按钮（指向右箭头）→由于它是https，它将显示弹出窗口并显示警告消息是，直到停止→输入Web引用名称，然后单击添加引用按钮 右键单击→参考→添加参考→单击浏览→\ Program Files \ Microsoft WSE \ v2.0 \→选择“Microsoft.Web.Services2.dll”→单击“添加” 现在生成代理/存根类→在Web Reference文件夹下查找Reference.cs文件（如果不可见）单击“在解决方案资源管理器中显示所有文件”。 →打开Reference.cs文件并将“System.Web.Services.Protocols.SoapHttpClientProtocol”替换为“WebServicesClientProtocol”

      protected void Page_Load(object sender, EventArgs e)
      {
          private static string ClientBase64KeyId = "XPaTfx6Lx8dV/oh6ebOeOo4Xdummy";
          MyService myClient = new MyService();
          try
          {
             SecurityToken signingToken = GetClientToken(false);
             //Get the SoapContext for the SOAP request.
             SoapContext requestContext = client.RequestSoapContext;
  
             // Expire this message one minute after it is sent.
             requestContext.Security.Timestamp.TtlInSeconds = 3600;
  
              // Add the X509 certificate to the WS-Security header.
              requestContext.Security.Tokens.Add(signingToken);
  
              MessageSignature sig = new MessageSignature(signingToken);
  
              requestContext.Security.Elements.Add(sig);
  
              RequestClass request = new RequestClass();
              request.Name =””;
              ResponceClass  responce  = myClient.QueryCsa(request);
          }
          catch(Exception ex)
          {
             lblResultMessage.Text = ex.Message;
          }
  
  
      public static X509SecurityToken GetClientToken(bool selectFromList)
      {
          X509SecurityToken token = null;
  
          // Open the CurrentUser Certificate Store and try MyStore only
          X509CertificateStore store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
          if (selectFromList)
          {
              //token = RetrieveTokenFromDialog(store);
          }
          else
          {
              token = RetrieveTokenFromStore(store, ClientBase64KeyId);
          }
  
          return token;
      }
  
     private static X509SecurityToken RetrieveTokenFromStore(X509CertificateStore store, string keyIdentifier)
      {
          if (store == null)
              throw new ArgumentNullException("store");
  
          X509SecurityToken token = null;
  
          try
          {
              if (store.OpenRead())
              {
                  // Place the key ID of the certificate in a byte array
                  // This KeyID represents the Wse2Quickstart certificate included with the WSE 2.0 Quickstarts
                  // ClientBase64KeyId is defined in the ClientBase.AppBase class
                  Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(keyIdentifier));
  
                  if (certs.Count > 0)
                  {
  
                      if (!certs[0].SupportsDigitalSignature ||
                  (certs[0].Key == null))
                      {
                          //MessageBox.Show(
                          //    "The certificate must support digital " +
                          //    "signatures and have a private key available.");
                          //securityToken = null;
                      }
                      // Get the first certificate in the collection
                      token = new X509SecurityToken(((Microsoft.Web.Services2.Security.X509.X509Certificate)certs[0]));
                  }
              }
          }
          finally
          {
              if (store != null)
                  store.Close();
          }
  
          return token;
      }
  

  }

• 在您的页面中添加以下代码，并从X509 Certficate Tool获取ClientBase64KeyId值。

• 开始→程序文件→Microsoft WSE 2.0→X509证书工具→选择证书位置是本地计算机→疼痛名称是个人→单击打开证书按钮，列出证书并选择使用MMC安装的适当项目。现在从Key Identifier（Based64 Encoded）值中选择值并在代码下面使用它。如果您的应用程序是Asp.Net Web应用程序，则可能无法访问它，因此请单击“查看私钥文件属性”按钮并在同一工具中指定适当的安全权限。

• 我们几乎完成了70％的工作。现在，这是非常关键的部分......我们将要应用政策细节。这是关于X509证书的安全政策，它定义了签署（签名），加密，完整性，保密性的哪个部分等等。不要惊慌我们有一个名为WSE 2.0 Tool的助手， 是的chumma :)试试吧开始→程序文件→Microsoft WSE 2.0→配置编辑器→文件→打开→从您的应用程序指向Web.config

• 一般=＆gt;检查两个复选框

• 安全性，路由和自定义过滤器=＆gt;他们不叫我:) 离开吧。

• 政策=＆gt;很重要。 1.选中启用策略2.单击添加→名称
  它/输入任何名称→下一步→保留默认值（安全客户端
  应用程序）→（默认）下一步→下一步→（默认：X509证书）→ 下一步→选择证书→从中选择适当的证书 list→确定→下一步→完成

• TokenIssuing =＆gt;留下

• 诊断=＆gt;检查相应的复选框是否有跟踪和
  记录目的

• 文件→保存→关闭它：）

• 现在可以创建在Web.config文件中引用的policyCache.config。这里我们添加了我们的HTTPS服务URL。完成

这是通过WSE 2.0实现的。是的，我知道这是旧技术。我是 尝试使用WCF作为客户端...我将在下一个会话中发布它....

:)快乐编程:) JaiSankar