WFS的MessageSecurityException用于WSSE的customBinding UsernameOverTransport

时间:2015-06-16 20:29:53

标签: wcf soap ws-security wsse

我需要实现符合Phase II CORE 270 Connectivity Rule规定的规范的WCF服务。 我使用svcutil.exe和提供的wsdl生成了服务。

鉴于我们选择通过SSL上的用户名/密码处理安全性以及SOAP 1.2寻址的要求,我将服务配置为

customBinding:

  <customBinding>
    <binding name="ServiceBinding">
      <security 
        authenticationMode="UserNameOverTransport"
        messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
      </security>
      <textMessageEncoding messageVersion="Soap12" />
      <httpsTransport />
    </binding>
  </customBinding>

生成的WSDL与规范提供的WSDL匹配。使用提供的肥皂消息:

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
  <soapenv:Header>
    <wsse:Security
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
      <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-21621663">
      <wsse:Username>bob</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordText">bobPW</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <ns1:COREEnvelopeRealTimeRequest
    xmlns:ns1="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd">
      <PayloadType> X12_270_Request_005010X279A1004010X092A1</PayloadType>
      <ProcessingMode>RealTime</ProcessingMode>
      <PayloadID>f81d4fae-7dec-11d0-a765-00a0c91e6bf6</PayloadID>
      <TimeStamp>2007-08-30T10:20:34Z</TimeStamp>
      <SenderID>HospitalA</SenderID>
      <ReceiverID>PayerB</ReceiverID>
      <CORERuleVersion>2.2.0</CORERuleVersion>
      <Payload><![CDATA[ISA*00* *00* *ZZ*NEHEN780 *ZZ*NEHEN003 ...IEA*1*000000031]]></Payload>
    </ns1:COREEnvelopeRealTimeRequest>
  </soapenv:Body>
</soapenv:Envelope>

SoapUI,我收到了

  

System.ServiceModel.Security.MessageSecurityExceptionSystem.ServiceModel,   安全处理器无法在消息中找到安全标头。这可能是因为消息是不安全的故障,或者因为通信方之间存在绑定不匹配。如果为安全性配置服务且客户端未使用安全性,则会发生这种情况。

似乎该服务不理解wsse名称空间前缀,就好像我将名称空间前缀翻转为o服务没有请求的问题。

修改

我似乎无法找到绑定中的不匹配或其消息的问题,表明我正在追逐错误的树。任何其他潜在的线索都会有所帮助。有没有办法使用SOAP 1.2解决与提供的SOAP消息互操作的自定义绑定?

0 个答案:

没有答案