我有一个Web服务的客户端,我是通过WSDL使用Visual Studio服务引用开发的。它被配置为使用证书对请求进行签名,并且可以向服务发送请求,但服务会回复400 - 错误请求错误,因为除了我想要的签名之外还有一个额外的签名,多个{{1} }标签,它使用HMAC-SHA1作为其签名方法。 Web服务不支持HMAC-SHA1,因此请求被拒绝。但是,我甚至不想要或不需要这个其他签名,我不确定它的来源。以下是我的绑定配置:
<Reference>我还将<customBinding>
<binding name="mainBinding">
<security authenticationMode="MutualCertificate"
allowSerializedSigningTokenOnReply="true"
requireDerivedKeys="false"
requireSignatureConfirmation="false"/>
<httpsTransport />
</binding>
</customBinding>
作为ProtectionLevel = System.Net.Security.ProtectionLevel.Sign的一部分。
我配置的哪一部分导致第二个签名?如何更改配置以便我的请求中有一个签名?
修改
以下是发送的请求。为了突出不可取的部分,我把它分成了几个部分,但实际上它们都是连续的。
ServiceContractAttribute部分的开头我不想
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_1">[removed]</a:Action>
<a:MessageID u:Id="_2">[removed]</a:MessageID>
<a:ReplyTo u:Id="_3">
<a:Address>[removed]</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_4">[removed]</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="[removed]">
<u:Created>2017-05-11T08:59:25.681Z</u:Created>
<u:Expires>2017-05-11T09:04:25.681Z</u:Expires>
</u:Timestamp>
<e:EncryptedKey Id="[removed]" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
[removed]
</e:EncryptedKey>
<o:BinarySecurityToken u:Id="[removed]" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">[removed]</o:BinarySecurityToken>
部分内容我不想
<Signature Id="_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="[removed]">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>[removed]</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="[removed]"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
编辑2:
经过一些挖掘和阅读后,我现在明白这两个签名是正文和标题的签名。我只想签署正文。我已相应更改了标题。