在WCF中使用X509证书签署SOAP正文和时间戳

时间:2018-09-26 11:22:04

标签: c# .net wcf soap x509certificate

我正在尝试连接到具有以下功能的SOAP WS:

  • HTTPS
  • 签名时间戳
  • 签名正文
  • 未加密的请求

这是我想要的Soap Request的示例:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-c1cf1e29">
        <wsu:Created>2018-08-29T10:20:58Z</wsu:Created>
        <wsu:Expires>2018-08-29T10:25:58Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-2e4f8773" 
                                EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
                                ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
        [...]
      </wsse:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <Reference URI="#Timestamp-c1cf1e29">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>........</DigestValue>
          </Reference>
          <Reference URI="#Body-d96b5e74">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>........</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>
          [...]
        </SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference xmlns="">
            <wsse:Reference URI="#SecurityToken-2e4f8773" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-d96b5e74">
    [...]
  </soapenv:Body>
</soapenv:Envelope>

我想起WCF,并且我创建了一个可通过HTTPS使用的自定义绑定,给了我签名的时间戳记,并且没有加密,但是我无法对正文进行签名。 我使用X509证书签名时间戳。

这就是我正在使用的绑定:

<binding name="customBind">
      <security allowInsecureTransport="true" includeTimestamp="true" 
                requireDerivedKeys="false" authenticationMode="CertificateOverTransport" />
      <textMessageEncoding messageVersion="Soap11" writeEncoding="UTF-8"/>
      <httpsTransport />
</binding>

我尝试了不同的绑定,例如wsHttpBinding,ws2007HttpBinding,basicHttpBinding,wsHttpContextBinding…,但配置不同,但没有成功。

有什么主意吗?

谢谢!

0 个答案:

没有答案
相关问题
最新问题