Question

我正在尝试使用.NET中的wcf来使用Java SOAP服务。虽然我可以向webservice发送请求并得到响应，但我的代码会在每次响应时抛出以下异常：

System.ServiceModel.Security.MessageSecurityException：不安全或从另一方收到了错误的安全故障。

在调查问题之后，事实证明，在我的配置中，de request中的SOAP标头以及正文都已签名，但它们未在响应中签名。我似乎应该告诉wcf标题不应该被签名，但我无法做到这一点。任何帮助将不胜感激。

这是我使用的绑定：

var binding = new CustomBinding();

var initiator = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);
var recipient = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);

var securityBindingElement = new AsymmetricSecurityBindingElement(initiator, recipient);
securityBindingElement.IncludeTimestamp = false;
securityBindingElement.EnableUnsecuredResponse = true;
binding.Elements.Add(securityBindingElement);

var textMessageEncoding = new TextMessageEncodingBindingElement
{
    MessageVersion = MessageVersion.Soap11WSAddressing10,
    WriteEncoding = Encoding.UTF8
};
binding.Elements.Add(textMessageEncoding);

var transportBindingElement = new HttpsTransportBindingElement
{
    UseDefaultWebProxy = true,
    RequireClientCertificate = true
};
binding.Elements.Add(transportBindingElement);

return binding;

这是我发送的请求：

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <a:Action s:mustUnderstand="1" u:Id="_3">urn:etoegang:1.9:bsn-koppelregister:DeassociateBSNRequest</a:Action>
    <a:MessageID u:Id="_4">urn:uuid:258bd34d-a1ed-42c8-8bf0-039256b55cb6</a:MessageID>
    <ActivityId CorrelationId="8c6addd4-7cde-4afd-a112-0634180beabb" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">067c1704-3428-4891-a0d8-54ca0960e356</ActivityId>
    <a:ReplyTo u:Id="_5">
        <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1" u:Id="_6">https://simulator.eherkenning.nl/kr-simulator-1.9/services/BSNKRAssociation</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <Reference URI="#_2">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>wA5kpZvDRk+cc5Y5QJa4/ZkbvnI=</DigestValue>
                </Reference>
                <Reference URI="#_3">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>AtLNdwQtOpB+939+mECbmToeIpI=</DigestValue>
                </Reference>
                <Reference URI="#_4">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>08OvHoskB2j9qq0IjG6oOG+yziw=</DigestValue>
                </Reference>
                <Reference URI="#_5">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue>
                </Reference>
                <Reference URI="#_6">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>DGryA9qhfi+NZyoILEH/V94d0ho=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue><!-- REMOVED ---></SignatureValue>
            <KeyInfo>
                <o:SecurityTokenReference>
                    <X509Data>
                        <X509IssuerSerial>
                            <X509IssuerName><!-- REMOVED ---></X509IssuerName>
                            <X509SerialNumber><!-- REMOVED ---></X509SerialNumber>
                        </X509IssuerSerial>
                    </X509Data>
                </o:SecurityTokenReference>
            </KeyInfo>
        </Signature>
    </o:Security>
</s:Header>
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <!-- REMOVED -->
</s:Body>

这是我得到的回应：

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-9f731bee-4c9d-4077-9be7-3ff5e2859d03">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/>
                </ds:CanonicalizationMethod>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#id-1e140697-4c68-4117-90d6-daf8758ab99a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>Uwk+AbgFqCSZT6M+4D3deIgwBeMi0EOOXN8bJTFWIG4=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue><!-- REMOVED --></ds:SignatureValue>
            <ds:KeyInfo Id="KI-013c2040-dc4d-4ae9-bf6a-cbaa9f144e90">
                <wsse:SecurityTokenReference wsu:Id="STR-4eb51680-c51f-4fa8-b33a-8a10531dd830">
                    <ds:X509Data>
                        <ds:X509IssuerSerial>
                            <ds:X509IssuerName><!-- REMOVED --></ds:X509IssuerName>
                            <ds:X509SerialNumber><!-- REMOVED --></ds:X509SerialNumber>
                        </ds:X509IssuerSerial>
                    </ds:X509Data>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
        </ds:Signature>
    </wsse:Security>
    <Action xmlns="http://www.w3.org/2005/08/addressing">urn:etoegang:1.9:bsn-koppelregister:BSNKR_Association_Port:BSNKR_DeassociateBSN:Fault:DeassociateBSNFault</Action>
    <MessageID xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:fdc4f1b4-9e35-459a-ad45-e05fb6fc83c8</MessageID>
    <To xmlns="http://www.w3.org/2005/08/addressing">http://www.w3.org/2005/08/addressing/anonymous</To>
    <RelatesTo xmlns="http://www.w3.org/2005/08/addressing">urn:uuid:258bd34d-a1ed-42c8-8bf0-039256b55cb6</RelatesTo>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1e140697-4c68-4117-90d6-daf8758ab99a">
    <!-- REMOVED -->
</soap:Body>

Answer 1

我通过不使用wcf但通过自己生成soap消息并根据我的需要实现签名来解决它。

将WCF配置为不在SOAP消息中对标头进行签名

1 个答案: