Question

Java客户端希望将SOAP请求发送到我的WCF服务。 SOAP标头包含签名和证书信息，例如：

<soapenv:Header>
 <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <ds:Signature Id="SIG-3767FCEC48BA3FC46A141268453194033" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
   <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
     <ec:InclusiveNamespaces PrefixList="myg soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </ds:CanonicalizationMethod>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="#id-3767FCEC48BA3FC46A14126804973444">
     <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
       <ec:InclusiveNamespaces PrefixList="myg" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </ds:Transform>
     </ds:Transforms>
     <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
     <ds:DigestValue>fsN0Bl7FcJhPTZFFOCvyIrLkcg/Oo9JhOpbv23VnnDI=</ds:DigestValue>
    </ds:Reference>
   </ds:SignedInfo>
   <ds:SignatureValue>gVdpmh...0b/1FHPatVA==</ds:SignatureValue>
   <ds:KeyInfo Id="KI-3767FCEC48BA3FC46A141268453193931">
    <wsse:SecurityTokenReference wsu:Id="STR-3767FCEC48BA3FC46A141268453193932">
     <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDnjCCA...7Of</wsse:KeyIdentifier>
    </wsse:SecurityTokenReference>
   </ds:KeyInfo>
  </ds:Signature>
 </wsse:Security>
</soapenv:Header>

应该如何查看我的WCF服务的web.config绑定，以便在SOAP标头中针对签名验证SOAP正文？

谢谢

Answer 1

试试这个：

<customBinding>
        <binding name="NewBinding0">
            <textMessageEncoding messageVersion="Soap11" />
            <security authenticationMode="MutualCertificate" includeTimestamp="false"
                messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                <secureConversationBootstrap />
            </security>
            <httpTransport />
        </binding>
</customBinding>

请务必将您的合约装饰成仅签名：

[System.ServiceModel.ServiceContractAttribute(ConfigurationName=..., ProtectionLevel=System.Net.Security.ProtectionLevel.Sign)]

纠正WCF服务绑定以进行签名验证

1 个答案: