我很难从PHP站点使用安全的WCF Web服务。我在PHP方面的知识是有限的,我在Web上找到了各种各样的例子,但没有成功使它们正常工作。
我有一个Silverlight应用程序也使用这个WebService,它工作正常。但是当我运行PHP站点时,我收到了这个错误:
MessageSecurityException:安全处理器无法在邮件中找到安全标头。这可能是因为消息是不安全的故障,或者因为通信方之间存在绑定不匹配。如果为安全性配置服务且客户端未使用安全性,则会发生这种情况。
我还尝试将customBinding更改为basicHttpBinding。当我这样做时,不再调用自定义用户名验证器。但是,使用basicHttpBinding并删除我的WCF服务上的凭据验证“工作”(除了它是不安全的事实)。所以这个问题似乎与安全信息有关。
有人可以给我一个可以帮助我使这个PHP页面有效的工作示例或教程吗?
这是我的PHP代码:
$options = array(
'soap_version' => SOAP_1_1,
'exceptions' => true,
'trace' => 1,
'cache_wsdl' => WSDL_CACHE_NONE,
'Username' => 'MyUserName',
'password' => 'MyPassword');
$client = new SoapClient('https://UrlToService/Service.svc?wsdl', $options);
try
{
$phpresponse = $client->Get();
print $phpresponse->GetResult->Version;
echo "</b><BR/><BR/>";
}
catch(Exception $e)
{
echo "<h2>Exception Error!</h2></b>";
echo $e->getMessage();
echo "<BR/><BR/>";
}
WCF配置
<behavior name="sslBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyNamespace.ServiceUserNameValidator, MyNamespace" />
</serviceCredentials>
<serviceSecurityAudit
auditLogLocation="Application"
serviceAuthorizationAuditLevel="Failure"
messageAuthenticationAuditLevel="Failure"
suppressAuditFailure="true" />
</behavior>
<customBinding>
<binding name="sslCustomBinding">
<security authenticationMode="UserNameOverTransport" includeTimestamp="true" allowInsecureTransport="true">
<localServiceSettings maxClockSkew="00:10:00" />
<localClientSettings maxClockSkew="00:10:00" />
<secureConversationBootstrap />
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
</customBinding>
<service behaviorConfiguration="sslBehavior" name="MyNamespace.Services.Service">
<endpoint address="" binding="customBinding"
bindingConfiguration="sslCustomBinding" contract="MyNamespace.ServiceContracts.IService" />
<host>
<baseAddresses>
<add baseAddress="https://UrlToService/Services/" />
</baseAddresses>
</host>
</service>
答案 0 :(得分:9)
我解决了这个问题。我不得不在PHP中扩展“SoapHeader”类,使其符合WS-Security标准。
以下是解决方案:
PHP标题类
class WsseAuthHeader extends SoapHeader
{
private $wss_ns = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';
function __construct($user, $pass, $ns = null)
{
if ($ns)
{
$this->wss_ns = $ns;
}
$auth = new stdClass();
$auth->Username = new SoapVar($user, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);
$auth->Password = new SoapVar($pass, XSD_STRING, NULL, $this->wss_ns, NULL, $this->wss_ns);
$username_token = new stdClass();
$username_token->UsernameToken = new SoapVar($auth, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns);
$security_sv = new SoapVar(
new SoapVar($username_token, SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'UsernameToken', $this->wss_ns),
SOAP_ENC_OBJECT, NULL, $this->wss_ns, 'Security', $this->wss_ns);
parent::__construct($this->wss_ns, 'Security', $security_sv, true);
}
}
PHP客户电话
$options = array(
'soap_version' => SOAP_1_1,
'exceptions' => true,
'trace' => 1,
'wdsl_local_copy' => true
);
$username = "MyUser";
$password = "MyPassword";
$wsse_header = new WsseAuthHeader($username, $password);
$client = new SoapClient('https://UrlToService/Service.svc?wsdl', $options);
$client->__setSoapHeaders(array($wsse_header));
try
{
$phpresponse = $client->Get();
print $phpresponse->GetResult->Version;
echo "</b><BR/><BR/>";
}
catch(Exception $e)
{
echo "<h2>Exception Error!</h2></b>";
echo $e->getMessage();
}
希望它会帮助别人!
感谢Chris:Connecting to WS-Security protected Web Service with PHP
答案 1 :(得分:0)
SOAP对于身份验证(或者可以)有点好笑,我使用了来自http://www.php.net/manual/en/soapclient.soapclient.php#101503的方法,来自faebu dot ch 21-Dec-2010 02:58的评论来做这几次......这可能会有所帮助
基本上使用CURL传递身份验证凭据......它可能/可能不适合您!