wcf wss1.1客户端的BindarySecurityToken UsernameToken配置

Question

我想要使用证书对邮件进行签名并包含用户名/密码。我可以让WCF同时执行其中任何一项，但不能同时执行这两项工作。

我正在尝试设置客户端以连接到使用WCF使用x509证书和用户名/密码的SOAP服务（WS-Security 2004）。

我有服务器和客户端的证书以及服务端点的SSL URI（https：//）。客户端消息需要签名：

<wsse:BinarySecurityToken 
   EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
   ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
   wsu:Id="CertId-1317568">
MIICejCCAeOgAwIBAgIRAKxcIy5wGNq2XWsruqtiXY4wDQYJKoZIhvcNAQEF
...
</wsse:BinarySecurityToken>

并且标题还需要包含UsernameToken：

<wsse:UsernameToken>
   <wsse:Username>VendorName0001</wsse:Username>
   <wsse:Password 
      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
      password
   </wsse:Password>
</wsse:UsernameToken>

我尝试Rick Strahl's solution但我不需要NONCE，我仍然需要x509签名。

我的代码（我知道这不太对），因为BasicHttpSecurityMode.TransportWithMessageCredential似乎覆盖了邮件的用户名设置。

var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

var uri = "https://company.com/service.svc";
var client = new ServiceNamespace.ServiceWrapperClient(binding, new EndpointAddress(uri));
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";

client.ClientCredentials.ClientCertificate.SetCertificate(
    StoreLocation.LocalMachine,
    StoreName.My,
    X509FindType.FindByThumbprint,
    "1946c826c9bfb0b25b437da763a7c637eb19f963");

client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
    StoreLocation.LocalMachine,
    StoreName.TrustedPublisher,
    X509FindType.FindBySubjectName,
    "TEST subject name");

Answer 1

这对我有用：

更新Web引用

上的基类

//public partial class FooServiceWrapper : System.Web.Services.Protocols.SoapHttpClientProtocol {
public partial class FooServiceWrapper : Microsoft.Web.Services3.WebServicesClientProtocol {

使用Soap Context Security添加我需要的令牌

client.Url = ServiceUrl;
client.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap11;
client.RequestSoapContext.Security.Tokens.Add(
            new UsernameToken("username", "password", PasswordOption.SendPlainText));
client.RequestSoapContext.Security.MustUnderstand = false;

var certToken = new X509SecurityToken(new X509Certificate2(clientCert));
client.RequestSoapContext.Security.Tokens.Add(certToken);
client.RequestSoapContext.Security.Elements.Add(new MessageSignature(certToken));