我试过这段代码使用wsse enable SAOP请求,但它不起作用。我可以得到一些帮助吗?
wsResponseWrapper res = new wsResponseWrapper();
NetworkCredential myCredentials = new NetworkCredential(username, password);
this.srv.Credentials = myCredentials;
this.srv.Timeout = 100000;
res = this.srv.getPlacesList(req);
这是我的app.config
<PullAPSRTC.Properties.Settings>
<setting name="PullAPSRTC_APSRTCService_BookingWSService" serializeAs="String">
<value>http://182.72.148.98:9091/apsrtc-oprs/ws/api/booking</value>
</setting>
</PullAPSRTC.Properties.Settings>
我使用过SOAP,但这是我第一次增加安全性。
答案 0 :(得分:1)
将标题添加到请求中,如下所示:
string tokennamespace = "o";
DateTime created = DateTime.UtcNow;
string createdStr = created.ToString("yyyy-MM-ddTHH:mm:ss.fffZ");
string phrase = Guid.NewGuid().ToString();
var nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(GetSHA1String(phrase)));
this.srv.Headers.Add(string.Format(
"<{0}:UsernameToken u:Id=\"" + Guid.NewGuid() +
"\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
"<{0}:Username>" + myCredentials.UserName + "</{0}:Username>" +
"<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" +
myCredentials.Password + "</{0}:Password>" +
"<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" +
nonce + "</{0}:Nonce>" +
"<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace));
这是GetSHA1String方法代码:
public string GetSHA1String(string phrase)
{
SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider();
byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase));
return Convert.ToBase64String(hashedDataBytes);
}
我们将此用于WCF,以下是一些参考,以防您需要自定义您的请求:
http://www.codeproject.com/Articles/19339/WSSE-Authentication-for-WebRequest-Response
http://weblog.west-wind.com/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication