使用weblogic webservice ws-security 1.2的自定义绑定

时间:2012-03-30 12:49:06

标签: wcf weblogic ws-security

我正在尝试使用ws-security 1.2来使用WebLogic Web服务。

在WSDL中,安全性部分如下:

<wsp:UsingPolicy wssutil:Required="true"/>
<wsp1_2:Policy wssutil:Id="Wssp1.2-2007-SignBody.xml">
<ns1:SignedParts xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<ns1:Body/>
</ns1:SignedParts>
</wsp1_2:Policy>
<wsp1_2:Policy wssutil:Id="Wssp1.2-2007-Wss1.0-X509-Basic256.xml">
<ns2:AsymmetricBinding xmlns:ns2="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp1_2:Policy>
<ns2:InitiatorToken>
<wsp1_2:Policy>
<ns2:X509Token ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp1_2:Policy>
<ns2:WssX509V3Token10/>
</wsp1_2:Policy>
</ns2:X509Token>
</wsp1_2:Policy>
</ns2:InitiatorToken>
<ns2:RecipientToken>
<wsp1_2:Policy>
<ns2:X509Token ns2:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp1_2:Policy>
<ns2:WssX509V3Token10/>
</wsp1_2:Policy>
</ns2:X509Token>
</wsp1_2:Policy>
</ns2:RecipientToken>
<ns2:AlgorithmSuite>
<wsp1_2:Policy>
<ns2:Basic256/>
</wsp1_2:Policy>
</ns2:AlgorithmSuite>
<ns2:Layout>
<wsp1_2:Policy>
<ns2:Lax/>
</wsp1_2:Policy>
</ns2:Layout>
<ns2:IncludeTimestamp/>
<ns2:ProtectTokens/>
<ns2:OnlySignEntireHeadersAndBody/>
</wsp1_2:Policy>
</ns2:AsymmetricBinding>
<ns3:Wss10 xmlns:ns3="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp1_2:Policy>
<ns3:MustSupportRefKeyIdentifier/>
<ns3:MustSupportRefIssuerSerial/>
</wsp1_2:Policy>
</ns3:Wss10>
</wsp1_2:Policy>
<wsp:Policy wssutil:Id="Wssp1.2-2007-Wsp1.5-EncryptBody.xml">
<ns4:EncryptedParts xmlns:ns4="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<ns4:Body/>
</ns4:EncryptedParts>
</wsp:Policy>

经过大量搜索,因为我是wcf的新手,我最终进入了以下配置:

<system.serviceModel>
<client>
    <endpoint name="wssMutualCert_Client"
     address="https://..."
     binding="customBinding"
     bindingConfiguration="custom1"
     contract="MyWebService.WebServicesMainMethod"
     behaviorConfiguration="MutualCertBehavior">
    </endpoint>
</client>
<bindings>
    <customBinding>
        <binding name="custom1" closeTimeout="00:01:00"
  openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">

            <textMessageEncoding messageVersion="Soap11" writeEncoding="UTF-8" />
            <security defaultAlgorithmSuite="Basic256"
                      authenticationMode="MutualCertificateDuplex"
                      includeTimestamp="True" 
                      messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" 
                      securityHeaderLayout="LaxTimestampLast" messageProtectionOrder="SignBeforeEncrypt">
                <localClientSettings maxClockSkew="00:07:00" />
                <localServiceSettings maxClockSkew="00:07:00" />
                <secureConversationBootstrap>
                    <localClientSettings maxClockSkew="00:07:00" />
                    <localServiceSettings maxClockSkew="00:07:00" />
                </secureConversationBootstrap>
            </security>
            <context protectionLevel="EncryptAndSign"/>
            <httpsTransport requireClientCertificate="true" maxBufferPoolSize="20000000" maxBufferSize="20000000" maxReceivedMessageSize="20000000"/>
        </binding>

    </customBinding>
    <ws2007HttpBinding>
        <binding name="wssMutualCertBinding">
            <security mode="TransportWithMessageCredential">
                <message clientCredentialType="Certificate"/>
                <transport clientCredentialType="Certificate"/>
            </security>
        </binding>
    </ws2007HttpBinding>
</bindings>
<behaviors>
    <endpointBehaviors>
        <behavior name="MutualCertBehavior">
            <clientCredentials>
                <serviceCertificate>
                    <defaultCertificate
                      findValue="XXXXX"
                      storeLocation="LocalMachine"
                      storeName="TrustedPeople" x509FindType="FindByThumbprint"/>
                </serviceCertificate>
                <clientCertificate
                    findValue="YYYYY"
                    storeLocation="LocalMachine"
                    storeName="TrustedPeople" x509FindType="FindByThumbprint"/>
            </clientCredentials>
        </behavior>
    </endpointBehaviors>
</behaviors>
<system.serviceModel>

我的测试应用程序如下所示:

static void Main(string[] args)
{
    MyWebService.WebServicesMainMethodClient client = new WebServicesMainMethodClient("wssMutualCert_Client");
    MyWebService.webRequest request = new webRequest();
    ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallback;

    try
    {
        webResponse response = client.retrieve(request);
    }
    catch (Exception e)
    {
        throw e;
    }
}
public static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    return true;
}

在我的配置中尝试改变之后我收到以下内容:

An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. 

Server stack trace: 
   at     System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply      (Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request      (Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,     TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,      ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,      ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService    (IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Client.MyWebService.WebServicesMainMethod.retrieve(retrieve request)

我一直试图找到一些有用的东西,差不多2天了。我已经解决了时间问题,证书问题。 任何想法或建议都会非常有用。 提前谢谢大家。

1 个答案:

答案 0 :(得分:0)

错误意味着WCF发送的SOAP请求与weblogic安全配置不兼容。通常存在时间戳WCF发送和密码作为文本的问题,但通常非.Net服务需要摘要模式。没有简单的解决方案。阅读thisthis。我做了降级到WSE 3.0以便能够向基于Java的服务发送请求。更容易实现这一点。