我必须使用Web服务,其中Soap Request必须具有已签名的BinarySecurityToken且KeyInfo必须采用以下格式
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
URI="#pfxb65d8fe8-185a-4edc-6589-3a08270deca3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
这是我的customBinding
AsymmetricSecurityBindingElement sec =
(AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
sec.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
sec.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
sec.ProtectTokens = false;
sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
sec.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
sec.EnableUnsecuredResponse = true;
sec.IncludeTimestamp = false;
sec.SetKeyDerivation(false);
sec.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic256Sha256;
//sign BST
sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
cb.Elements.Add(sec);
//Message
cb.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
HttpsTransportBindingElement trans = new HttpsTransportBindingElement();
trans.RequireClientCertificate = true;
cb.Elements.Add(trans);
return cb;
这个绑定让我几乎得到了soap消息的请求格式。 只有KeyInfo与请求的格式不同。 它给了我
< KeyInfo>
<o:SecurityTokenReference>
<o:KeyIdentifier
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-x509-token-profile#X509SubjectKeyIdentifier"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-soap-message-security-
1.0#Base64Binary">STRIPPED
</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
,遗憾的是服务器不接受这一点。
问题是。我如何签署BST并拥有所需的KeyInfo?
也许WCF大师的某个人可以帮助我吗?