从WSSE安全标头C＃ASMX / WCF服务中删除时间戳

Question

我在项目中添加了一个Java WSDL作为Web Reference。我正在使用它来调用端点上的服务。我在ASMX文件中添加了WebMethod并在那里调用服务。要求是使用WSE Security并使用X509证书签署请求。

不幸的是，时间戳正在创建问题，我收到响应“发现处理标题时出错”。如果从中删除TimeStamp元素，则相同的请求可以从SoapUI中运行。 This is how the request look like

以下是创建安全元素的代码

  //Set WSSE Security
  svc.RequestSoapContext.Security.Timestamp.TtlInSeconds = 300;
  svc.RequestSoapContext.Security.MustUnderstand = true;
  svc.RequestSoapContext.Security.Tokens.Add(newtoken);
  Microsoft.Web.Services3.Security.MessageSignature signature = new Microsoft.Web.Services3.Security.MessageSignature(newtoken);
  signature.SignatureOptions = Microsoft.Web.Services3.Security.SignatureOptions.IncludeSoapBody;            
  svc.RequestSoapContext.Security.Elements.Add(signature);

===============

使用WCF

即使我使用WCF，问题仍然存在。只要我添加IncludeTimestamp = false;请求未被发送，将其设置为true可以创建请求。

这是WCF代码 -

        //Create Endpoint
        EndpointAddress address = new EndpointAddress((istest == true ? CHORUS_UFB_EMMA : CHORUS_UFB_PROD));

        //Add Certificate to EndPoint Service
        X509Certificate2 cert = new X509Certificate2(@"Certificate Path", "Password", X509KeyStorageFlags.PersistKeySet);

        //Setup custom binding with HTTPS + Body Signing + Soap1.1
        CustomBinding binding = new CustomBinding();

        //HTTPS Transport
        HttpsTransportBindingElement transport = new HttpsTransportBindingElement();

        //Set Security Binding as Transport
        TransportSecurityBindingElement tsec = SecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConvers‌​ation13WSSecurityPol‌​icy12BasicSecurityPr‌​ofile10);
        tsec.EnableUnsecuredResponse = true;
        tsec.AllowInsecureTransport = true;
        tsec.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
        tsec.LocalServiceSettings.DetectReplays = false;
        tsec.LocalClientSettings.DetectReplays = false;
        tsec.IncludeTimestamp = false;
        tsec.SetKeyDerivation(false);
        tsec.EndpointSupportingTokenParameters.Signed.Add(new SecureConversationSecurityTokenParameters());

        //Setup for SOAP 11 and UTF8 Encoding
        TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);

        //Bind in order (Security layer, message layer, transport layer)
        binding.Elements.Add(tsec);
        binding.Elements.Add(textMessageEncoding);
        binding.Elements.Add(transport);

Here is the generated request using above code 任何有关这方面的帮助将不胜感激。

Answer 1

这可能是由客户端与托管服务的Web服务器之间的时差造成的。

仔细检查两台服务器上的时间是否匹配且同步。时间可能需要在5分钟之内。