我有一个具有经典用户名 - 密码消息安全性的wcf服务。 在传输级别,此服务具有https
绑定是典型的
<bindings>
<wsHttpBinding>
<binding name="RgiServiceBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
但是。现在我们应该在此交换中添加客户端签名。我们决定为此签名使用标准的wsse标头。 例如:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/IRgiService/RegisterAuction</a:Action>
<a:MessageID>urn:uuid:054cd820-1e0c-4643-881d-48d8c7682080</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://ws.test.rosim.ru:8443/RGI_ETP/RgiService.svc</a:To>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<UsernameToken b:Id="urn:uuid:bc811ecb-4313-44f4-a627-9237d147294e" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:b="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<Username>login</Username>
<Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</Password>
</UsernameToken>
</Security>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:actor="http://esugi.rosim.ru/pibi/actors/etp">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411" />
<Reference URI="#body8d018149d5ea441a817ea018da2c8ce1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411" />
<DigestValue>0pgHWuhnDlw/s8aHBxbk2FrHc072go1xXE/JnUBboRk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>aL6ag12120eSmz6CQYQY8HjgZ+Gdz6UfaRZdV9qXY21ccxVfCkme1zsSw9Vy4jh2ofK/QYsebomEnWd51xIq1w==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#cert9c65aba5ea814fc5a27137859c9c3df2" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="cert9c65aba5ea814fc5a27137859c9c3df2">therewascertificateinbase64</wsse:BinarySecurityToken>
</wsse:Security>
</s:Header>
<s:Body>
<RegisterAuction xmlns="http://tempuri.org/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance" wsu:Id="body8d018149d5ea441a817ea018da2c8ce1">
<auctionInfo xmlns:b="http://schemas.datacontract.org/2004/07/Rgi.Etp.Service.Contract.DataContracts">
<b:AuctionNumber>1112233</b:AuctionNumber>
<b:Note>Новый аукцион создан</b:Note>
</auctionInfo>
<tradeRequestInfo xmlns:b="http://schemas.datacontract.org/2004/07/Rgi.Etp.Service.Contract.DataContracts">
<b:TradeRequestDate>2015-03-11T00:00:00</b:TradeRequestDate>
<b:TradeRequestNumber>111</b:TradeRequestNumber>
</tradeRequestInfo>
</RegisterAuction>
</s:Body>
</s:Envelope>
但是WCF不想使用多个wsse头。它说“验证邮件的安全性时出错”。没有任何其他信息,它在我自己的代码之前。
我可以做些什么来在服务器端获取我的签名并且我的用户名验证有效吗?