WCF服务不了解安全标头

时间:2019-06-19 12:16:37

标签: wcf https

当尝试通过https访问WCF服务时,出现一条错误消息,提示该服务不理解消息中的安全标头。 现在,这是我第一次使用WCF和HTTPS,可用选项的数量非常庞大。

无论如何,这就是我所拥有的以及发生的事情。

服务绑定:

<binding name="Soap11AddressingBindingTls">
          <textMessageEncoding messageVersion="Soap11WSAddressing10"/>
          <sslStreamSecurity requireClientCertificate="true"/>
          <security authenticationMode="CertificateOverTransport" 
                    includeTimestamp="true"/>
          <httpsTransport maxBufferPoolSize="52428800" 
                          maxReceivedMessageSize="52428800" 
                          maxBufferSize="52428800" 
                          transferMode="Streamed"/>
        </binding>

发送消息的客户端执行以下操作:

MessageVersion messageVersion;
messageVersion = MessageVersion.Soap11WSAddressing10; 
CustomBinding customBinding = new CustomBinding();
customBinding.CloseTimeout = new TimeSpan(0, 1, 0);
customBinding.OpenTimeout = new TimeSpan(0, 1, 0);
customBinding.ReceiveTimeout = new TimeSpan(0, 1, 0);
customBinding.SendTimeout = new TimeSpan(0, 1, 0);
customBinding.Elements.Add(new TextMessageEncodingBindingElement() { MessageVersion = messageVersion });

TransportSecurityBindingElement transportSecurityBindingElement = TransportSecurityBindingElement.CreateCertificateOverTransportBindingElement();
transportSecurityBindingElement.ProtectTokens = true;
transportSecurityBindingElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
transportSecurityBindingElement.IncludeTimestamp = true;
transportSecurityBindingElement.KeyEntropyMode = SecurityKeyEntropyMode.ServerEntropy;
transportSecurityBindingElement.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampFirst;
customBinding.Elements.Add(transportSecurityBindingElement);

HttpsTransportBindingElement httpsTransportBindingElement;
httpsTransportBindingElement = new HttpsTransportBindingElement(); // <httpsTransport />
httpsTransportBindingElement.TransferMode = TransferMode.Streamed;
httpsTransportBindingElement.MaxBufferSize = bufSize;
httpsTransportBindingElement.MaxBufferPoolSize = bufSize;
httpsTransportBindingElement.MaxReceivedMessageSize = bufSize;
httpsTransportBindingElement.RequireClientCertificate = true;
customBinding.Elements.Add(httpsTransportBindingElement); 

ChannelFactory<IRequestChannel> channelFactory = new ChannelFactory<IRequestChannel>(customBinding, address);

X509Certificate2 cert = Settings.VindCertificaat();
channelFactory.Credentials.ClientCertificate.Certificate = cert;
requestChannel = channelFactory.CreateChannel();  
requestChannel.Open();
Message request = Message.CreateMessage(messageVersion, action, xmlReader);
Message reply = requestChannel.Request(request);

在WCF跟踪中,我可以找到消息:

<MessageLogTraceRecord Time="2019-06-19T13:49:11.7502942+02:00" Source="ServiceLevelReceiveRequest" Type="System.ServiceModel.Security.SecurityVerifiedMessage" xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
    <HttpRequest>
        <Method>POST</Method>
        <QueryString/>
        <WebHeaders>
            <SOAPAction>"http://www.egem.nl/StUF/sector/bg/0310/gmlDi01"</SOAPAction>
            <Connection>Keep-Alive</Connection>
            <Transfer-Encoding>chunked</Transfer-Encoding>
            <Content-Type>text/xml; charset=utf-8</Content-Type>
            <Accept-Encoding>gzip, deflate</Accept-Encoding>
            <Expect>100-continue</Expect>
            <Host>rwe-pc01:8443</Host>
        </WebHeaders>
    </HttpRequest>
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <s:Header>
            <a:Action s:mustUnderstand="1">http://www.egem.nl/StUF/sector/bg/0310/gmlDi01</a:Action>
            <a:MessageID>urn:uuid:b0b91114-ca8c-4071-9447-d79b89e33ac4</a:MessageID>
            <ActivityId CorrelationId="16b262bc-6612-4a11-b970-013d1f5e3d86" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">98da4a7a-3e0d-4095-8aa9-ca1e2cbacd76</ActivityId>
            <a:ReplyTo>
                <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
            </a:ReplyTo>
            <a:To s:mustUnderstand="1" u:Id="_1">https://rwe-pc01:8443/GeoBagService/OntvangAsynchroonTls</a:To>
            <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <u:Timestamp u:Id="_0">
                    <u:Created>2019-06-19T11:49:11.197Z</u:Created>
                    <u:Expires>2019-06-19T11:54:11.197Z</u:Expires>
                </u:Timestamp>
                <o:BinarySecurityToken>
                    <!-- Removed-->
                </o:BinarySecurityToken>
                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <SignedInfo>
                        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                        <Reference URI="#_0">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <DigestValue>jmA1yGgHZMittmTdrQU+b1rjFMI=</DigestValue>
                        </Reference>
                        <Reference URI="#_1">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <DigestValue>EWwqZG3et822TKoDoGsWRKq+oxo=</DigestValue>
                        </Reference>
                    </SignedInfo>
                    <SignatureValue>i+4XVel8SBoNdOelTZaGNJeBqKgfLT5rzfDQKnrAynwWKA3rrPwYpmtgfsW2Yo4iJCgpa5lBn46R2qW80Mt2/jnJ8JORQ+NeIfkoc2etLBSuEFjB1JwfT9ZX0kwLad2l6NDFaQp2oh+MF9q7FOVRmpBxj82EuoE+uoILQcbKrhF/6KmpHSb3TwZfYJ33b10Re0D9HQNu3V5LKZtc1vkQklr25sHF93AIn/qBrwiJREIzca9ys4+IwGyBo0ReHkepYDHORg5Sy9SC7qBOSr7XAexbW4vdPIK4CWkINX6MaA1d1MDA2NRRz4Cl1brfrodxgOBvI6vLGD5CJQ7N66wh1g==</SignatureValue>
                    <KeyInfo>
                        <o:SecurityTokenReference>
                            <o:Reference URI="#uuid-52a8e4ec-0a9f-4347-bf65-ae604971c715-1"/>
                        </o:SecurityTokenReference>
                    </KeyInfo>
                </Signature>
            </o:Security>
        </s:Header>
        <s:Body>... stroom ...</s:Body>
    </s:Envelope>
</MessageLogTraceRecord>

错误:

<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
    <TraceIdentifier>http://msdn.microsoft.com/nl-NL/library/System.ServiceModel.DidNotUnderstandMessageHeader.aspx</TraceIdentifier>
    <Description>De koptekst van het bericht is niet begrepen.</Description>
    <AppDomain>GeoBagHostingService.exe</AppDomain>
    <ExtendedData xmlns="http://schemas.microsoft.com/2006/08/ServiceModel/MessageHeaderInfoTraceRecord">
        <MessageHeaderInfo>
            <MustUnderstand>True</MustUnderstand>
            <Name>Security</Name>
            <Relay>False</Relay>
            <Namespace>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</Namespace>
        </MessageHeaderInfo>
    </ExtendedData>
</TraceRecord>


<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error">
<TraceIdentifier>http://msdn.microsoft.com/nl-NL/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier>
<Description>Uitzondering opgetreden.</Description>
<AppDomain>GeoBagHostingService.exe</AppDomain>
<Exception>
<ExceptionType>System.ServiceModel.MustUnderstandSoapException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>Systeemfout.</Message>
<StackTrace>
bij System.ServiceModel.Dispatcher.DispatchOperationRuntime.ValidateMustUnderstand(MessageRpc&amp; rpc)
bij System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
bij System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
bij System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc&amp; rpc)
bij System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
bij System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
bij System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
bij System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
bij System.ServiceModel.Dispatcher.ChannelHandler.OnAsyncReceiveComplete(IAsyncResult result)
bij System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
bij System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
bij System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
bij System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
bij System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
bij System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
bij System.Runtime.InputQueue`1.EnqueueAndDispatch(Item item, Boolean canDispatchOnThisThread)
bij System.Runtime.InputQueue`1.EnqueueAndDispatch(T item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
bij System.ServiceModel.Channels.SingletonChannelAcceptor`3.Enqueue(QueueItemType item, Action dequeuedCallback, Boolean canDispatchOnThisThread)
bij System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.CompleteParseAndEnqueue(IAsyncResult result)
bij System.ServiceModel.Channels.HttpPipeline.EnqueueMessageAsyncResult.HandleParseIncomingMessage(IAsyncResult result)
bij System.Runtime.AsyncResult.SyncContinue(IAsyncResult result)
bij System.ServiceModel.Channels.HttpPipeline.EmptyHttpPipeline.BeginProcessInboundRequest(ReplyChannelAcceptor replyChannelAcceptor, Action dequeuedCallback, AsyncCallback callback, Object state)
bij System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceivedAsyncResult`1.ProcessHttpContextAsync()
bij System.ServiceModel.Channels.HttpChannelListener`1.BeginHttpContextReceived(HttpRequestContext context, Action acceptorCallback, AsyncCallback callback, Object state)
bij System.ServiceModel.Channels.SharedHttpTransportManager.EnqueueContext(IAsyncResult listenerContextResult)
bij System.ServiceModel.Channels.SharedHttpTransportManager.OnGetContextCore(IAsyncResult listenerContextResult)
bij System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
bij System.Net.LazyAsyncResult.Complete(IntPtr userToken)
bij System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
bij System.Net.ListenerAsyncResult.IOCompleted(ListenerAsyncResult asyncResult, UInt32 errorCode, UInt32 numBytes)
bij System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
</StackTrace>
<ExceptionString>System.ServiceModel.MustUnderstandSoapException: Systeemfout.</ExceptionString>
</Exception>
</TraceRecord>

使用SoapUI将消息发送到此服务时,可能会产生完全相同的错误。但是,在SoapUI中,可以选择在传出的WS-Security配置上切换“必须理解”。

服务为什么不理解生成的标头?

0 个答案:

没有答案
相关问题
最新问题