我有一个要求,我必须使用wcf客户端调用第三方Web服务。我必须调用的第三方服务是安全的Web服务,并使用https,例如。 https://kavyen.com/md。服务提供商为我提供了服务器和客户端证书。
我必须创建一个wcf客户端来签署SOAP请求但不加密,所以换句话说,我需要在SOAP Header中有签名信息,但不希望整个主体被加密。
下面是我必须从wcf客户端发送的SOAP信封样本。
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-639F96823FC161A915140921867132422">MIICmDCCAYACEGkpMaS8nUlq58nKTzVZubIwDQYJKoZIhvcNAQEFBQAwRjELMAkGA1UEBhMCSUUxHjAcBgNVBAoTFVJldmVudWUgQ29tbWlzc2lvbmVyczEXMBUGA1UEAxMOREVWUEtJMSBTdWIgQ0EwHhcNMTMwOTI0MDgwNTQxWhcNMTUwOTI0MDgwNTQxWjBTMQswCQYDVQQGEwJJRTEXMBUGA1UEChMOVEVTVCBDT01QQU5ZIDUxEjAQBgNVBAsTCTYxOTEyODc1NzEXMBUGA1UEAxMOVEVTVCBDT01QQU5ZIDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMiliAb+XYJpkEMkwPAG4IObXlwnMdnQ04jNWrholmjmY/PgiPV4/oe1opScyHxI26sq+u4U+aBKyx2mgRDLqn2rpgVsEsq60mzFwuYBYRHLUS0rrQki13jbvoOvPWlAMgR42iF0V3GKr34Zm6i4lw4vLJzju+Xwup9UJhP8NM1nAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEOrsjUXMgMUQlnsupvl3e07/SA6r7idXCXZ/cbIi6ZzyAkPZOsUJQ7nUIckUF04jJTNJWfVYzs7+sY1c67G7r1MjypyfVH4JIckDFmF2Q5MmyePTGICm2ZeNm+3sJI8ApfbMNYDfXSSY7UXJVt1jhE+M3d2JGXirG+XrZC29/dcqIYixTkiBfDEP16LUTPcHseA/DKzGP43O92r5VP1oa07HA1nHt7W2CbT4MMqEpurBMC0EWkc/LzK0LKGUomZSDUHTOKisHPG5AKrV71EFJnR46eq+Ro6C781dbztkuHj8HH+8CdFuknq2+B7XCVVJTv1F3PVrCC5x8gsoR79oAo=</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-762175305">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>WAtX3NtBp52Y5beBeL28QtPq6LE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
OibCc5mrk6noqbukfcxy8Tt/d8+/JlOm9Nmx3nrD1i00HWjqi3v55sbnUowCPGA+fztRcIXhuWYF
GlQyrRxxPLhnvM6vfk9zEZYbS/34dudp9H8gswPh+wsWa0/nowgSoo+eK5I0AbYNqCIHD3EUAfzG
/Br+gMqtRuZyZbhtKbg=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-639F96823FC161A915140921867132623">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-639F96823FC161A915140921867132624">
<wsse:Reference URI="#CertId-639F96823FC161A915140921867132422" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-762175305">
<TestMessage>This is a test.</TestMessage>
</soapenv:Body>
</soapenv:Envelope>
服务提供商
答案 0 :(得分:0)
使用此绑定:
<customBinding>
<binding name="NewBinding0">
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificate" includeTimestamp="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
还使用此属性修饰您的合同:
[System.ServiceModel.ServiceContractAttribute(ConfigurationName=..., ProtectionLevel=System.Net.Security.ProtectionLevel.Sign)]