WCF安全上下文令牌-加密消息

时间:2018-12-12 10:59:40

标签: c# asp.net wcf soap

我想调用WCF服务操作(通过PHP)。概念是:我确实向正确的URI请求安全上下文令牌。然后我得到一个,因此我应该能够使用给定的令牌调用所需的服务操作。 我是这项技术的新手,所以我对此过程有几个疑问。 (每个XML的服务地址/凭证均已修改-假设-安全原因)

1。具有与RequestSecurityToken相关的以下XML:

<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
    <a:MessageID>urn:uuid:6b4f73e2-7d49-4ce5-bb4c-62a511244d0d</a:MessageID>
    <a:ReplyTo>
        <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1">https://some.service.com/WCFService/Service.svc</a:To>
    <o:Security s:mustUnderstand="1"
        xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <u:Timestamp u:Id="_0">
            <u:Created>2018-12-10T13:15:47.858Z</u:Created>
            <u:Expires>2018-12-10T13:20:47.858Z</u:Expires>
        </u:Timestamp>
        <o:UsernameToken u:Id="uuid-a26d97c6-ecd8-41f3-8e5a-71124a82ff74-1">
            <o:Username>username</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
        </o:UsernameToken>
    </o:Security>
</s:Header>
<s:Body>
    <t:RequestSecurityToken
        xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
        <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
        <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
        <t:Entropy>
            <t:BinarySecret u:Id="uuid-6cc77ca1-4d0b-4bee-b019-6d5e932a8e95-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">6qFS3ahYQ+B5Iu7WrVP37lsPWJ2U4kOUc7Qx/QNWqvc=</t:BinarySecret>
        </t:Entropy>
        <t:KeySize>256</t:KeySize>
    </t:RequestSecurityToken>
</s:Body>

在RequestSecurityToken元素处有一个BinarySecret-如何生成一个?

2。具有以下XML,它是对安全令牌请求的响应:

<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</a:Action>
    <a:RelatesTo>urn:uuid:6b4f73e2-7d49-4ce5-bb4c-62a511244d0d</a:RelatesTo>
    <o:Security s:mustUnderstand="1"
        xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <u:Timestamp u:Id="_0">
            <u:Created>2018-12-10T13:15:47.270Z</u:Created>
            <u:Expires>2018-12-10T13:20:47.270Z</u:Expires>
        </u:Timestamp>
    </o:Security>
</s:Header>
<s:Body>
    <t:RequestSecurityTokenResponse
        xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
        <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
        <t:RequestedSecurityToken>
            <c:SecurityContextToken u:Id="uuid-193d9634-81df-4bae-9472-bffc4fb3bb4e-2025"
                xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                <c:Identifier>urn:uuid:334ebcd5-b055-448f-8452-9d76e09273b3</c:Identifier>
            </c:SecurityContextToken>
        </t:RequestedSecurityToken>
        <t:RequestedAttachedReference>
            <o:SecurityTokenReference
                xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-193d9634-81df-4bae-9472-bffc4fb3bb4e-2025"></o:Reference>
            </o:SecurityTokenReference>
        </t:RequestedAttachedReference>
        <t:RequestedUnattachedReference>
            <o:SecurityTokenReference
                xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <o:Reference URI="urn:uuid:334ebcd5-b055-448f-8452-9d76e09273b3" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"></o:Reference>
            </o:SecurityTokenReference>
        </t:RequestedUnattachedReference>
        <t:RequestedProofToken>
            <t:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKey>
        </t:RequestedProofToken>
        <t:Entropy>
            <t:BinarySecret u:Id="uuid-193d9634-81df-4bae-9472-bffc4fb3bb4e-2026" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">F4Q0pSSYyvdHxDGB5Baobx/DUX/3LPAQUXooRbxGA/o=</t:BinarySecret>
        </t:Entropy>
        <t:Lifetime>
            <u:Created>2018-12-10T13:15:47.270Z</u:Created>
            <u:Expires>2018-12-11T04:15:47.270Z</u:Expires>
        </t:Lifetime>
        <t:KeySize>256</t:KeySize>
    </t:RequestSecurityTokenResponse>
</s:Body>

什么是实际令牌?我应该如何在第三个XML(服务操作请求)上使用它?据我所知应该是hmac_sha1-确实需要一个“秘密”-那应该是什么?我需要它来在第三个XML上生成SignatureValue。我试图用响应中返回的ID生成hmac_sha1。我试图生成的hmac_sha1的ID是:

  • uuid-193d9634-81df-4bae-9472-bffc4fb3bb4e-2025
  • ur:uuid:334ebcd5-b055-448f-8452-9d76e09273b3

第三个XML是:

<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
    <a:Action s:mustUnderstand="1">http://tempuri.org/IService/GetExampleResult</a:Action>
    <a:MessageID>urn:uuid:aa3bc39d-1490-4988-bc02-80df879f5067</a:MessageID>
    <a:ReplyTo>
        <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1">https://some.service.com/WCFService/Service.svc</a:To>
    <o:Security s:mustUnderstand="1"
        xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <u:Timestamp u:Id="_0">
            <u:Created>2018-12-10T13:15:49.319Z</u:Created>
            <u:Expires>2018-12-10T13:20:49.319Z</u:Expires>
        </u:Timestamp>
        <c:SecurityContextToken u:Id="uuid-193d9634-81df-4bae-9472-bffc4fb3bb4e-2025"
            xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
            <c:Identifier>urn:uuid:334ebcd5-b055-448f-8452-9d76e09273b3</c:Identifier>
        </c:SecurityContextToken>
        <Signature
            xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                <Reference URI="#_0">
                    <Transforms>
                        <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue>nfENmBIOw+RQCpus5RWWylpmnJ4=</DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>Pw2JCsRMzAVHpILNlY1IjZNwb2o=</SignatureValue>
            <KeyInfo>
                <o:SecurityTokenReference>
                    <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-193d9634-81df-4bae-9472-bffc4fb3bb4e-2025"/>
                </o:SecurityTokenReference>
            </KeyInfo>
        </Signature>
    </o:Security>
</s:Header>
<s:Body>
    <GetExampleResult
        xmlns="http://tempuri.org/"/>
    </s:Body>
</s:Envelope>

在通过Visual Studio调用服务时,Fiddler捕获了XML。对最后一个XML的响应(这是实际的服务操作请求)是正确的预期响应。 如果您知道如何使用WCF这一令人惊叹的技术帮助我,并且您知道答案,请告诉我。我将不胜感激。 非常感谢, 干杯。

0 个答案:

没有答案
相关问题
最新问题