WCF服务 - SOAP标头中的安全性

时间:2011-07-30 10:14:05

标签: wcf soap wcf-security

我正在尝试使用带有UserNameOverTransport绑定的wcf服务。我希望我的Soap标题看起来像这样:

<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> 
<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-        
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-14430313" xmlns:wsu="http://docs.oasis-   
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<wsse:Username>USERNAME</wsse:Username> 
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-    token-profile-1.0#PasswordText">PASSWORD</wsse:Password> 
<wsse:Nonce>OquGazmuMMHFrdeRQZGpkA==</wsse:Nonce> 
<wsu:Created>2009-08-25T19:17:07.369Z</wsu:Created> 
</wsse:UsernameToken> 
</wsse:Security>

我的SOAP看起来像这样:

<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-    200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="_0"><u:Created>2011-07-  
29T10:38:58.452Z</u:Created><u:Expires>2011-07-
29T10:43:58.452Z</u:Expires></u:Timestamp><o:UsernameToken u:Id="uuid-63332174-a7b4-  
4833-bd2e-32d0c0820f42-1"><o:Username>USERNAME</o:Username><o:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile- 
1.0#PasswordText">PASSWORD</o:Password></o:UsernameToken></o:Security>

我用过

proxyclient.ClientCredentials.UserName.UserName =“USERNAME” proxyclient.ClientCredentials.UserName.Password =“PASSWORD”

将用户名和密码插入SOAP标头,但我还需要插入wsse:Nonce和wsu:已创建,我该怎么做?使用.ClientCredentials.UserName.UserName和ChannelFactory.Credentials.UserName.UserName?

之间的区别是什么?

我怎样才能使标签正确,wsse而不是o?

我正在使用VS 2010和VB.NET,以及UserNameOverTransport绑定。我必须安装wse 3.0吗?

我的app.config文件如下所示:

<customBinding>
            <binding name="CustomBinding_IIntermediaryInboundExternal">
              <security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport" 
                  requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true"
                  keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                <localClientSettings cacheCookies="true" detectReplays="false"
                        replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
                        replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
                        sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
                        timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
                    <localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00"
                        maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
                        negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
                        sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
                        reconnectTransportOnFailure="true" maxPendingSessions="128"
                        maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
                    <secureConversationBootstrap />
                </security>
                <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
                    messageVersion="Default" writeEncoding="utf-8">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                </textMessageEncoding>
                <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
                    maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
                    bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
                    keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
                    realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                    useDefaultWebProxy="true" />
            </binding>


<endpoint address="https://myendpointadress.svc"
            binding="customBinding" bindingConfiguration="CustomBinding_mysevice"
            contract="myendpoint"
            name="CustomBinding_myendpoint" />

我希望有人可以帮助我!非常感谢!!

1 个答案:

答案 0 :(得分:5)

WCF中的标准WCF UserNameToken配置文件实现不使用NonceCreated =无法强制WCF包含它们。前缀无关紧要,这只是在包装器元素中定义的符号名称,并且所有正确的XML解析实现都应该与wsseo一起使用。

WCF不使用NonceCreated元素的原因是因为这些元素应该与#PasswordDigest类型一起使用(WCF不支持)。将它们与#PasswordText一起使用并没有多大意义。

如果您的服务需要NonceCreated,则必须实现自己的令牌,而不是使用标准WCF的用户名实现。 Here is example构建全新的UserNameToken配置文件实现以支持#PasswordDigest。它还添加了NonceCreated元素。

相关问题
最新问题