Question

我需要从.net客户端使用Apache CXF 2.6 Web服务的Web服务。我在我的请求中发送的标题是这样的（用fiddler捕获）：

<soap:Header>
        <wsse:Security>
            <wsse:BinarySecurityToken></wsse:BinarySecurityToken>
            <ds:Signature ></ds:Signature>

和服务回复：

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header/>
<soap:Body>
    <soap:Fault>
        <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode>
        <faultstring>The security token could not be authenticated or authorized</faultstring>
    </soap:Fault>
</soap:Body>

这是我的.config：

  <system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="myCustomBinding">
          <security allowSerializedSigningTokenOnReply="true" enableUnsecuredResponse="true"
            authenticationMode="MutualCertificate" securityHeaderLayout="Strict"
            includeTimestamp="false" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
            requireSignatureConfirmation="true" />
          <textMessageEncoding maxReadPoolSize="2147483647" messageVersion="Soap11">
            <readerQuotas maxDepth="32" maxStringContentLength="2147483647"
              maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          </textMessageEncoding>
          <httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
            maxBufferSize="2147483647" requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>    
  </system.serviceModel>

这是我到目前为止在我的代码中所做的，我实现了我的代理对象：

    public ConfigureProxy()
{

    try {


        CustomBinding customBinding = new CustomBinding("myCustomBinding");
        DnsEndpointIdentity oDNSEndPoint = new DnsEndpointIdentity(DNS);    
        EndpointAddress oEndPoint = new EndpointAddress(new Uri("Service"), oDNSEndPoint, new AddressHeaderCollection());   
        StoreLocation oStore = StoreLocation.LocalMachine;

        this.p_CanalProxy = new WSREACXFServiceClient(customBinding, oEndPoint);

        ClientCredentials oCred = this.p_CanalProxy.ClientCredentials;

        oCred.ClientCertificate.SetCertificate(oStore, StoreName.My, X509FindType.FindByThumbprint, "thumpr");

        if (oCred.ClientCertificate == null)
            throw new InvalidOperationException("client cert ");

        oCred.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "thumpr sever cert");

        if (oCred.ServiceCertificate == null)
            throw new InvalidOperationException("cert server ");

        oCred.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        oCred.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;


    } catch (Exception ex) {
        p_CanalProxy = null;


    } finally {

    }
}

但根据我得到的样本并假设它可以工作，它需要像这样：

<soap:Header>
    <wsse:Security>
        <wsse:BinarySecurityToken></wsse:BinarySecurityToken>
        <ds:Signature ></ds:Signature>                                      
        <wsse:BinarySecurityToken></wsse:BinarySecurityToken>   <!-- repeated -->
        <xenc:EncryptedKey></xenc:EncryptedKey>

请有人帮助我吗？提前谢谢！

Answer 1

根据回复，您的证书看起来有问题。您可以检查证书是否可以由服务端进行身份验证。

如果您无法与服务托管服务器交互，请尝试使用具有相同证书的某些SOAP客户端（例如SoapUI）来查看响应的内容。并检查工作SOAP客户端请求和原始请求消息之间的区别。

无法对安全令牌进行身份验证或授权

1 个答案: