带有wcf的BinarySecurityToken

时间:2015-06-29 12:25:11

标签: c# wcf soap

我已成功测试使用SoapUI(5.1.2)连接到SOAP服务,现在我需要从C#应用程序生成soap请求。

我在存储证书的SoapUI中添加了一个密钥库,SoapUI的安全配置非常简单......

SoapUI Screencap showing simple security settings

这是一个工作样本请求(已删除详细信息)

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:typ="url.removed">
  <soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
               xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
                            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" 
                            wsu:Id="X509-08AC5A2756F38141D814355761534501">    <!-- data removed --></wsse:BinarySecurityToken>
      <ds:Signature Id="SIG-08AC5A2756F38141D814355761534824" 
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces PrefixList="soap typ" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
        </ds:SignedInfo>
        <ds:SignatureValue><!-- data removed --></ds:SignatureValue>
        <ds:KeyInfo Id="KI-08AC5A2756F38141D814355761534752">
          <wsse:SecurityTokenReference 
        wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" 
        wsu:Id="STR-08AC5A2756F38141D814355761534763" 
        xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
            <wsse:Reference URI="#X509-08AC5A2756F38141D814355761534501" 
                        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>

  </soap:Header>
  <soap:Body  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <typ:SoapDataRequest>
      <header>
        <dataremoved />
      </header>
      <bodyremoved />
    </typ:SoapDataRequest>
  </soap:Body>
</soap:Envelope>

我正在尝试以编程方式创建所需的绑定/配置,我已经将web引用导入到我的项目中,只需要从wcf中的无数选项中选择正确的组合即可实现此功能。如果我不提供所需的SSL证书,那么这是一个明显的错误,所以我知道我正在从证书存储中正确地获取证书(而不是来自soupUI的* .pfx文件),但是其他一些因“违反政策而失败” “,就我所见,这是一种安全不匹配。

1 个答案:

答案 0 :(得分:0)

我按照这里的说明让它为我工作:

http://www.codeproject.com/Tips/672063/Calling-a-service-with-oasis-header-in-Csharp

使用Soap 1.2而不是Soap 1.1