我是使用WCF和安全服务的新手。
我正在尝试使用安全HTTPS传输连接到java webservice,它使用WS-Security UsernamePassword令牌身份验证。
我尝试使用以下绑定与WCF客户端连接,但没有运气。
<bindings>
<wsHttpBinding>
<binding name="OperationsEndpoint1Binding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="1015536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
是否有人有解决方案连接到java webservice HTTPS传输并使用WS-Security UsernamePassword令牌认证非常感谢。
答案 0 :(得分:0)
解决方案是不使用WCF。相反,我创建了一个与Http request to web service in java一致的Web请求。
我仍然没有在WCF中找到任何支持此类请求的内容。
答案 1 :(得分:0)
我是用wcf做的。 这有助于我使用WS-Security用户名令牌认证连接到WebSphere ssl soap Web服务。
如果您可以使用.NET4.5 +,并且服务器支持它,请务必避免使用默认的tls1.0并使用tls.1.1或1.2。
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress,
String userName,
X509Certificate2 clientCertificate,
X509Certificate2 serviceCertificate,
Int32 sendTimeoutMinutes){
// Custom Binding
var myBinding = new CustomBinding
{
SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0),
};
myBinding.Elements.Clear();
// asymmetric security
var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
mutual.AllowInsecureTransport = true;
mutual.AllowSerializedSigningTokenOnReply = true;
mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
mutual.EnableUnsecuredResponse = true;
mutual.IncludeTimestamp = false;
mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator};
mutual.RequireSignatureConfirmation = false;
mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
mutual.SetKeyDerivation(false);
// Sets in header the certificate that signs the Username
mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
myBinding.Elements.Add(mutual);
var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true };
httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
myBinding.Elements.Add(httpsBindingElement);
var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress);
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
factory.Endpoint.Behaviors.Remove(defaultCredentials);
var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = userName;
clientCredentials.ClientCertificate.Certificate = clientCertificate;
clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
factory.Endpoint.Behaviors.Add(clientCredentials);
return factory;}