我尝试ti签名时复制BinarySecurityToken

时间:2018-09-03 08:42:45

标签: c# .net wcf soap wss

我需要使用C#使用Web服务,其中Soap Request必须具有以下格式

<wsse:Security mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        ...
        <ds:Reference URI="#id-71a64e41-a0da-491b-b9ae-9b36b5a13b2d">
            ...
        </ds:Reference>
    </ds:SignedInfo>
    <ds:KeyInfo>
        <wsse:SecurityTokenReference>
            <wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile1.0#X509v3" URI="#id-71a64e41-a0da-491b-b9ae-9b36b5a13b2d"/>
        </wsse:SecurityTokenReference>
    </ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken wsu:Id="id-71a64e41-a0da-491b-b9ae9b36b5a13b2d">MIIEJzCCAw...</wsse:BinarySecurityToken>

BinarySecurityToken仅表示一次,并且有两个由“ Id”引用。 但是,如果我签名,则我有两个相同的BinarySecurityToken,但具有不同的“ Id”。我可以防止这种重复吗?

<wsse:Security mustUnderstand="true">
...
<wsse:BinarySecurityToken u:Id="uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-3">MIIEJzCCAw...</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken u:Id="uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-1">MIIEJzCCAw...</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>...
        <Reference URI="#uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-1">
        ...
        </Reference>
    </SignedInfo>
    <SignatureValue>...base64string...</SignatureValue>
    <KeyInfo>
        <o:SecurityTokenReference>
            <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-8ae8c9cb-b6b7-4175-915d-818ea792fcef-3"/>
        </o:SecurityTokenReference>
    </KeyInfo>
</Signature>

我的绑定:

AsymmetricSecurityBindingElement asbe = new AsymmetricSecurityBindingElement
        {
            MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,

            InitiatorTokenParameters = new X509SecurityTokenParameters
            {
                InclusionMode = SecurityTokenInclusionMode.Once,
                ReferenceStyle = SecurityTokenReferenceStyle.Internal,
            },
            RecipientTokenParameters = new X509SecurityTokenParameters
            {
                InclusionMode = SecurityTokenInclusionMode.Once,
                ReferenceStyle = SecurityTokenReferenceStyle.Internal
            },

            MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt,

            SecurityHeaderLayout = SecurityHeaderLayout.Strict,
            EnableUnsecuredResponse = true,
            IncludeTimestamp = true,
            ProtectTokens = true,
            DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256,
            AllowInsecureTransport = true
        };

        asbe.LocalServiceSettings.TimestampValidityDuration = TimeSpan.FromMinutes( 1 );
        asbe.SetKeyDerivation( false );

        asbe.EndpointSupportingTokenParameters.Signed.Add( asbe.InitiatorTokenParameters );
        HttpsTransportBindingElement transport = new HttpsTransportBindingElement()
        {
            RequireClientCertificate = true
        };

        var textMessageEncoding = new TextMessageEncodingBindingElement( MessageVersion.Soap11, Encoding.UTF8 );

        return new CustomBinding( asbe, textMessageEncoding, transport );

我在其他问题注释中发现了相同的问题,但找不到解决方法。

0 个答案:

没有答案