我正在尝试使用证书签名的soap请求,但我无法在soap消息中获取“Security”标记。
这是设置连接的代码
//Create binding element for security
var secBE = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
secBE.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
secBE.EnableUnsecuredResponse = true;
secBE.SetKeyDerivation(false);
secBE.MessageProtectionOrder = MessageProtectionOrder.EncryptBeforeSign;
secBE.IncludeTimestamp = true; //dit zorgt voor de tijd in de ws security header
secBE.DefaultAlgorithmSuite = SecurityAlgorithmSuite.TripleDesRsa15;
secBE.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampFirst;
if (secBE.InitiatorTokenParameters is X509SecurityTokenParameters istp)
{
istp.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
istp.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
istp.ReferenceStyle = SecurityTokenReferenceStyle.Internal;
istp.X509ReferenceStyle = X509KeyIdentifierClauseType.SubjectKeyIdentifier;
}
if (secBE.RecipientTokenParameters is X509SecurityTokenParameters rstp)
{
rstp.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
}
secBE.EndpointSupportingTokenParameters.Signed.Add(secBE.InitiatorTokenParameters);
secBE.EndpointSupportingTokenParameters.Signed.Add(secBE.RecipientTokenParameters);
//Explicit accept secured answers from endpoint
secBE.AllowSerializedSigningTokenOnReply = true;
//Create binding element for encoding
var textBE = new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8);
//Create binding element for transport
var httpsBE = new HttpsTransportBindingElement
{
RequireClientCertificate = true,
AuthenticationScheme = System.Net.AuthenticationSchemes.Anonymous,
};
var cbinding = new CustomBinding();
cbinding.Elements.Add(secBE);
cbinding.Elements.Add(textBE);
cbinding.Elements.Add(httpsBE);
var endpointIdentity = new DnsEndpointIdentity("mydns");
var addressHeaderColl = new AddressHeaderCollection();
var address = new EndpointAddress(new Uri("myuri), endpointIdentity, addressHeaderColl);
var factory = new ChannelFactory<MyType>(cbinding, address);
var certClient = new X509Certificate2("locationofcertificate", "password");
var certService = new X509Certificate2("locationofcertificate");
//var certificate = _certificateLogic.GetCertificate(_certificateLogic.GetStore());
//Explicit prevent check on chain of trust
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
factory.Credentials.ClientCertificate.Certificate = certClient;
factory.Credentials.ServiceCertificate.DefaultCertificate = certService;
var behavior = new EndpointBehavior();
factory.Endpoint.Behaviors.Add(behavior);
return factory.CreateChannel();
这是我在日志文件中看到的内容(我删除了正文,因为我认为这与我的问题无关)
<!-- language: lang-xml -->
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<a:Action s:mustUnderstand="1">http://logius.nl/digipoort/wus/2.0/aanleverservice/1.2/AanleverService_V1_2/aanleverenRequest</a:Action>
<a:MessageID>urn:uuid:16728029-676f-4624-adef-f7dbd2a594fd</a:MessageID>
<ActivityId CorrelationId="9009d10b-6bee-48b8-899a-dd7e32b58bd7" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">7269acd3-5479-40e0-ad1f-6d307cd1d134</ActivityId>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo1YlPqhyBVFHif6ypLRU1jsAAAAA4lHfJiPKVUyGQJn81YotjnnW2XDdmrVBskb2185qHkwACQAA</VsDebuggerCausalityData>
</s:Header>
</s:Envelope>
我认为'secBE'绑定负责保护soap请求,但我无法让它工作。