如何在.net core中添加ws-security标头?

时间:2019-01-14 12:37:17

标签: c# wcf asp.net-core wcf-security ws-security

我正在尝试调用Web服务,并希望将ws-security标头手动添加到请求中,因为.net core 2.2当前不支持ws-security。

我创建了自定义安全标头类:

df[‘math_grade’] = df[‘grades’].apply(lambda x : x[2])

这是我调用SOAP服务的方法:

public class SoapSecurityHeader : MessageHeader
    {
        private readonly string _password, _username;

        public SoapSecurityHeader(string id, string username, string password)
        {
            _password = password;
            _username = username;
        }
        public override bool MustUnderstand => true;

        public override string Name
        {
            get { return "Security"; }
        }

        public override string Namespace
        {
            get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
        }

        protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
        {
            writer.WriteStartElement("wsse", Name, Namespace);
            writer.WriteAttributeString("s", "mustUnderstand", "http://schemas.xmlsoap.org/soap/envelope/", "1");
            writer.WriteXmlnsAttribute("wsse", Namespace);
        }

        protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
        {
            writer.WriteStartElement("wsse", "UsernameToken", Namespace);
            writer.WriteAttributeString("wsu", "Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "UsernameToken-32");
            // Username
            writer.WriteStartElement("wsse", "Username", Namespace);
            writer.WriteValue(_username);
            writer.WriteEndElement();
            // Password
            writer.WriteStartElement("wsse", "Password", Namespace);
            writer.WriteAttributeString("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            writer.WriteValue(_password);
            writer.WriteEndElement();
            writer.WriteEndElement();
        }
    }

如果在BeforeSendRequest的检查器中放置一个断点,我可以看到安全标头已添加到请求中:

public ActionResult<Ted_Result> Get(DateTime dateFrom, DateTime dateTo, int? pageFrom, int? pageTo)
        {
            BasicHttpBinding basicHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
            basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
            EndpointAddress endpointAddress = new EndpointAddress(new Uri("https://localhost/SomeService.svc"));
            ChannelFactory<IConnectPublicService> factory = new ChannelFactory<IConnectPublicService>(basicHttpBinding, endpointAddress);
            GetContractNoticesResponseMessage result = null;

            // Bypass SSL/TLS secure channel validation
#if DEBUG
            factory.Credentials.ServiceCertificate.SslCertificateAuthentication = new X509ServiceCertificateAuthentication
            {
                CertificateValidationMode = X509CertificateValidationMode.None,
                RevocationMode = X509RevocationMode.NoCheck
            };
#endif
            // Debugging inspector
            factory.Endpoint.EndpointBehaviors.Add(new InspectorBehavior());

            IConnectPublicService serviceProxy = factory.CreateChannel();
            ((ICommunicationObject)serviceProxy).Open();
            var opContext = new OperationContext((IClientChannel)serviceProxy);
            var soapSecurityHeader = new SoapSecurityHeader("UsernameToken-32", "sampleUsername", "samplePassword123");
            // Adding the security header
            opContext.OutgoingMessageHeaders.Add(soapSecurityHeader);
            var prevOpContext = OperationContext.Current; // Optional if there's no way this might already be set
            OperationContext.Current = opContext;

            var info = new ExternalIntegrationRequestMessageInfo
            {
                UserCode = "1000249",
                CompanyCode = "200000040"
            };
            var request = new GetContractNoticesRequestMessage
            {
                Info = info,
                DateFrom = dateFrom,
                DateTo = dateTo,
                PageFrom = pageFrom,
                PageTo = pageTo
            };
            result = serviceProxy.GetContractNoticesAsync(request).ConfigureAwait(false).GetAwaiter().GetResult();

            return Ok(result);
        }

然后在AfterReceiveReply的检查器中放置一个断点,我得到了正确的结果,但是仍然出现异常。 结果:

 <wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-32" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>sampleUsername</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">samplePassword123</wsse:Password>
      </wsse:UsernameToken>
    </wsse:Security>

例外:

<...>
  <s:Header>
  <...>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2019-01-11T19:42:53.606Z</u:Created>
        <u:Expires>2019-01-11T19:47:53.606Z</u:Expires>
      </u:Timestamp>
    </o:Security>
  </s:Header>
  <s:Body>
    <GetContractNoticesResponseMessage>
      <ContractNotices>....</ContractNotices>
    </GetContractNoticesResponseMessage>
  </s:Body>

为什么成功调用Web服务后仍然出现异常?

2 个答案:

答案 0 :(得分:2)

对于.net core 2.2,您需要手动传递Security标头。您需要做一些变通办法-WCF在.Net Core中尚未完全实现(由项目贡献者声明)。假设要求不是太复杂,那么您应该可以轻松完成工作。

public class SecurityHeader : MessageHeader
{
    public UsernameToken UsernameToken { get; set; }

    public override string Name => "Security";

    public override string Namespace => "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";

    public override bool MustUnderstand => true;

    protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
    {
        XmlSerializer serializer = new XmlSerializer(typeof(UsernameToken));
        serializer.Serialize(writer, this.UsernameToken);
    }
}

[XmlRoot(Namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")]
public class UsernameToken
{
    [XmlAttribute(Namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")]
    public string Id { get; set; }

    [XmlElement]
    public string Username { get; set; }
}

BeforeSendRequest 方法中添加以下代码

public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
        var soapSecurityHeader = new SecurityHeader()
        {
            UsernameToken = new UsernameToken()
            {
                Username = "User Name"
            }
        };
        request.Headers.Add(soapSecurityHeader);
}

答案 1 :(得分:0)

我做了一些挖掘工作,在AfterReceiveReply中,您可以这样做:

    public void AfterReceiveReply(ref Message reply, object correlationState)
    {
        var security = reply.Headers.Where(w => w.Namespace == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd").First();
        reply.Headers.UnderstoodHeaders.Add(security);
    }

我想在这一步中,如果DateTime.UtcNow在范围之内,您还可以检查时间戳记的值并对其采取行动...?

相关问题
最新问题