使用消息安全性将WebClient的SOAP请求发送到WCF服务

时间:2016-06-24 06:15:11

标签: wcf soap webclient

我想从WebClient向WCF服务发送SOAP请求。设置安全模式=“无”,它可以正常工作。 但如果我使用Message安全模式,它失败了,我试图在WebClient中添加用户名和密码,但它没有用。当WCF使用消息安全性时,我可以将web从webclient发送到wcf服务吗? 这是web.config

<wsHttpBinding>
    <binding name="wsConfigSection">          
      <security mode="None"></security>         
    </binding>        

这是webclient。

WebClient myWebClient = new WebClient();
myWebClient.Headers.Add("Content-Type", "application/soap+xml; charset=utf-8");
//myWebClient.UseDefaultCredentials = true;
myWebClient.Credentials = new NetworkCredential(@"domain\username","password");            
myWebClient.Headers.Add("SOAPAction", "\"http://tempuri.org/ICalculator/Add\"");
var response = myWebClient.UploadString(endpoint, payload);
Console.WriteLine(response);

最诚挚的问候,

爱德华

1 个答案:

答案 0 :(得分:0)

安全信息通常包含在请求正文的标题中。标头不是HTTP HEADER,它是SOAP请求标头,它是HTTP BODY的一部分。

根据您使用的实际安全绑定,您应该使用正确的值设置安全标头,并在HTTP BODY中将SOAP HEADER与SOAP BODY一起发送。

这是一个示例soap请求(无效,仅作为示例):

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-11465961">xxx</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
          <ds:Reference URI="#id-533766178">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
            <ds:DigestValue>xxx</ds:DigestValue>
          </ds:Reference>
          <ds:Reference >
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
            <ds:DigestValue>xxx</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-944359288">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
            <ds:DigestValue>xxx</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>xxx
        </ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-1977405101">
          <wsse:SecurityTokenReference>
            <wsse:Reference></wsse:Reference>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
  </soap:Body>
</soap:Envelope>

你可以看到肥皂:标题,这应该是你放东西的地方。并在HTTP正文中发送。