我需要使用C#使用Web服务,其中Soap Request必须具有以下格式
<wsse:Security mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
...
<ds:Reference URI="#id-71a64e41-a0da-491b-b9ae-9b36b5a13b2d">
...
</ds:Reference>
</ds:SignedInfo>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile1.0#X509v3" URI="#id-71a64e41-a0da-491b-b9ae-9b36b5a13b2d"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken wsu:Id="id-71a64e41-a0da-491b-b9ae9b36b5a13b2d">MIIEJzCCAw...</wsse:BinarySecurityToken>
BinarySecurityToken仅表示一次,并且有两个由“ Id”引用。 但是,如果我签名,则我有两个相同的BinarySecurityToken,但具有不同的“ Id”。我可以防止这种重复吗?
<wsse:Security mustUnderstand="true">
...
<wsse:BinarySecurityToken u:Id="uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-3">MIIEJzCCAw...</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken u:Id="uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-1">MIIEJzCCAw...</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>...
<Reference URI="#uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-1">
...
</Reference>
</SignedInfo>
<SignatureValue>...base64string...</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-3"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
我的绑定:
AsymmetricSecurityBindingElement asbe = new AsymmetricSecurityBindingElement
{
MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
InitiatorTokenParameters = new X509SecurityTokenParameters
{
InclusionMode = SecurityTokenInclusionMode.Once,
ReferenceStyle = SecurityTokenReferenceStyle.Internal,
},
RecipientTokenParameters = new X509SecurityTokenParameters
{
InclusionMode = SecurityTokenInclusionMode.Once,
ReferenceStyle = SecurityTokenReferenceStyle.Internal
},
MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt,
SecurityHeaderLayout = SecurityHeaderLayout.Strict,
EnableUnsecuredResponse = true,
IncludeTimestamp = true,
ProtectTokens = true,
DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256,
AllowInsecureTransport = true
};
asbe.LocalServiceSettings.TimestampValidityDuration = TimeSpan.FromMinutes( 1 );
asbe.SetKeyDerivation( false );
asbe.EndpointSupportingTokenParameters.Signed.Add( asbe.InitiatorTokenParameters );
HttpsTransportBindingElement transport = new HttpsTransportBindingElement()
{
RequireClientCertificate = true
};
var textMessageEncoding = new TextMessageEncodingBindingElement( MessageVersion.Soap11, Encoding.UTF8 );
return new CustomBinding( asbe, textMessageEncoding, transport );
我在其他问题注释中发现了相同的问题,但找不到解决方法。