免责声明:.Net N00b
我已经在墙上砸了几天,现在试图让这个外部供应商网络服务的安全工作无济于事。事实证明,他们使用WSSE摘要安全性,简而言之,它将这样的内容添加到SOAP头中:
<wsse:UsernameToken wsu:Id="Example-1">
<wsse:Username> ... </wsse:Username>
<wsse:Password Type="..."> ... </wsse:Password>
<wsse:Nonce EncodingType="..."> ... </wsse:Nonce>
<wsu:Created> ... </wsu:Created>
</wsse:UsernameToken>
我开始时通过添加服务引用,并通过许多博客文章,stackoverflow问题摆弄app.config和代码。我似乎无法做对。也许这不容易?也许我只是不了解Visual Studio 2010和.Net,我不确定。
以下是我在app.config中停止的内容:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ServiceHttpBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://vendorurl"
binding="basicHttpBinding" bindingConfiguration="ServiceHttpBinding"
contract="ContractName"
name="ServiceHttpPort">
</endpoint>
</client>
</system.serviceModel>
和C#:
var someService = new ServiceClient();
someService.ClientCredentials.UserName.UserName = "username";
someService.ClientCredentials.UserName.Password = "passwordgobbletygook/somemorebase64stuff=";
#region Begin Magic
var elements = someService.Endpoint.Binding.CreateBindingElements();
var securityBindingElement = elements.Find<SecurityBindingElement>();
securityBindingElement.IncludeTimestamp = false;
someService.Endpoint.Binding = new CustomBinding(elements);
#endregion
var response = someService.webMethod(param1, param2, param3, param4);
Console.WriteLine(response);
有趣的是,在供应商规范中,我发现他们鼓励使用WSSJ,所以我尝试了(在java中)和我在2小时内工作
以下是这样的:
public class Test implements CallbackHandler {
/**
* @param args
*/
public static void main( final String[] args ) throws Throwable {
SomeService_Service someService_Service = new SomeService_Service();
SomeService someService = someService_Service.getSomeServiceHttpPort();
BindingProvider bindingProvider = (BindingProvider)someService;
Map< String, Object > requestContext = bindingProvider.getRequestContext();
requestContext.put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://vendorurl" );
Client client = ClientProxy.getClient( someService );
Endpoint endpoint = client.getEndpoint();
Map< String, Object > outProps = new HashMap< String, Object >();
outProps.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN );
outProps.put( WSHandlerConstants.USER, "username" );
outProps.put( WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST );
outProps.put( WSHandlerConstants.PW_CALLBACK_REF, new Test() );
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor( outProps );
endpoint.getOutInterceptors().add( wssOut );
System.out.println( someService.webMethod(param1, param2, param3, param4) );
}
public void handle( final Callback[] callbacks ) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[ 0 ];
// set the password for our message.
pc.setPassword( "passwordgobbletygook/somemorebase64stuff=" );
}
}
有没有人在stackoverflow土地上有这个工作在.Net \ C#?有什么明显的东西我在这里不见了吗?
答案 0 :(得分:4)
在尝试将基于.NET的组件连接到基于JAVA的SOAP服务之前,我们遇到过这个问题。我们的解决方案不涉及任何XML构造,并且恕我直言比我见过的任何其他东西都清洁。
缺点是您需要下载并包含较旧的可选.NET DLL才能使其正常工作。好处是代码非常干净,适合WCF。
基本实现如下所示:
using (OperationContextScope scope = new OperationContextScope(client.InnerChannel))
{
//Class from WSE 3.0
UsernameToken token = new UsernameToken("MY_USERNAME", "MY_PASSWORD", PasswordOption.SendHashed);
//Add Auth to SOAP Header
MessageHeader header
= MessageHeader.CreateHeader(
"Security",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
token.GetXml(new XmlDocument())
);
OperationContext.Current.OutgoingMessageHeaders.Add(header);
//Build Request
OrgWS.OrganizationDetailsRequest request = new OrgWS.OrganizationDetailsRequest()
{
ID = 1
};
//Send Request
OrgWS.OrganizationDetail[] response = client.getOrganizationDetail(request);
//Do something with response
}
可在此处找到完整说明:http://cxdeveloper.com/article/implementing-ws-security-digest-password-nonce-net-40-wcf
答案 1 :(得分:0)
安迪的答案就在眼前!在这上面花了大部分的发言权,但还有很多,但这是对我有用的唯一答案。非常适合在SOAP wsse标头中添加带有passwordDigest的随机数。同意尼克五世的说法,这个答案应该得到更多的认可。
BasicHttpBinding myBinding = new BasicHttpBinding();
myBinding.Security.Mode = BasicHttpSecurityMode.Transport;
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
EndpointAddress ea = new EndpointAddress("****");
WebServiceServiceClient cc = new WebServiceServiceClient(myBinding, ea);
cc.Open();
using (OperationContextScope scope = new OperationContextScope(cc.InnerChannel))
{
//Class from WSE 3.0
UsernameToken token = new UsernameToken("userid", "password", PasswordOption.SendHashed);
//Add Auth to SOAP Header
MessageHeader header
= MessageHeader.CreateHeader(
"Security",
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
token.GetXml(new XmlDocument())
);
OperationContext.Current.OutgoingMessageHeaders.Add(header);
try
{
//call SOAP methos
}
catch (Exception ex)
{
//catch any errors
}
}