WSE2到WCF：签署SOAP消息

Question

我需要将代码从WSE2转换为WCF，并且需要一些关于如何使用X509Certificate2对象实现SOAP消息签名的技巧。

WSE2代码：

<ve-iframe video="item"></ve-iframe>

app.directive('veIframe', function($compile, $sce){
        var linker = function(scope, element, attr) {
            var youtubeUrl= 'http://www.youtube.com/embed/';
            var embed = youtubeUrl+scope.video.id.videoId;
            console.log(embed);
            var template = '<iframe id="player" type="text/html" width="520" height="300" ng-src="{{embed}}" frameborder="0"></iframe>';
            element.html(template).show();

            $compile(element.contents())(scope);
        }
        return {
            restrict: 'E',
            link: linker,
            scope: {
                video: '='
            }
        }
    });

＆＃34;证书＆＃34;是我的X509Certificate2对象和＆＃34; cfs＆＃34;是我的Web服务客户端对象。

如何在没有WSE2的情况下完成此工作，如何在WCF中执行相同操作？

Answer 1

您可以使用自定义绑定，但首先必须确定需要哪种绑定。看here和here。在自定义绑定上，您可以添加安全令牌以进行签名我的不对称绑定看起来像这样:(但你也可以使用对称绑定）

AsymmetricSecurityBindingElement asymmetricBinding = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(
                MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
        asymmetricBinding.InitiatorTokenParameters = new X509SecurityTokenParameters
        {
            InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient
        };
        asymmetricBinding.RecipientTokenParameters = new X509SecurityTokenParameters
        {
            InclusionMode = SecurityTokenInclusionMode.Never
        };
        asymmetricBinding.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters
        {
            InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient
        });
        asymmetricBinding.IncludeTimestamp = true;
        asymmetricBinding.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
        asymmetricBinding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;

        var textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
        var httpsTransport = new HttpsTransportBindingElement();

        CustomBinding b = new CustomBinding(asymmetricBinding, textMessageEncoding, httpsTransport);

然后，您可以在EndpointClient的ClientCredentials上设置证书

var wsClient = new YourEndpointClient(b, new EndpointAddress(yourWsEndPointAddress));
wsClient.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(cert);
wsClient.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(cert);