问题描述
我在这里问的问题与我已经在 msdn 论坛上问过的问题相同 http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/70f40a4c-8399-4629-9bfc-1465243>34daf/p> 我正在使用一个(很可能是基于 Java 的)Web 服务,但我绝对无权进行修改.即使我会问他们,它也不会被修改(这是一个全国范围的系统). 我已经用 WCF 编写了客户端.这是一些代码: 在此之后,对服务的每个请求都在客户端失败(我可以确认我的请求已被服务接受并且正在返回合理的响应) 我总是收到以下异常 MessageSecurityException:安全性带有 '' 的标题元素 'Timestamp'id 必须签名. 通过查看跟踪,我可以看到在响应中确实有一个时间戳元素,但在安全部分中只有正文的签名. 我可以以某种方式让 WCF 忽略时间戳未签名的事实吗? 我已经解决了这个问题,答案可以在这里找到:http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/371184de-5c05-4c70-8899-13536d8f5d16 要点:向自定义绑定添加自定义 StrippingChannel 以从 securityheader 中剥离时间戳,并将 WCF 配置为不检测回复. I'm asking the same question here that I've already asked on msdn forums http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/70f40a4c-8399-4629-9bfc-146524334daf I'm consuming a (most likely Java based) Web Service with I have absolutely no access to modify. It won't be modified even though I would ask them (it's a nation wide system). I've written the client with WCF. Here's some code: After this every request done to the service fails in client side (I can confirm my request is accepted by the service and a sane response is being returned) I always get the following exception By looking at trace I can see that in the response there really is a timestamp element, but in the security section there is only a signature for body. Can I somehow make WCF to ingore the fact Timestamp isn't signed? I got this sorted out, the answer can be found in here:http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/371184de-5c05-4c70-8899-13536d8f5d16 Main points: add a custom StrippingChannel to the custombinding to strip off the timestamp from the securityheader and configure WCF to not detect replies. 这篇关于MessageSecurityException: 必须对具有 '' id 的安全标头元素 'Timestamp' 进行签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!CustomBinding binding = new CustomBinding();AsymmetricSecurityBindingElement 元素 = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);element.AllowSerializedSigningTokenOnReply = true;element.SetKeyDerivation(false);element.IncludeTimestamp = true;element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;element.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;element.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier();element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;element.IncludeTimestamp = false;binding.Elements.Add(element);binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));binding.Elements.Add(new HttpsTransportBindingElement());EndpointAddress address = new EndpointAddress(new Uri("url"));ChannelFactoryfactory = new ChannelFactory(binding, address);ClientCredentials 凭证 = factory.Endpoint.Behaviors.Find();凭证.ClientCertificate.Certificate = myClientCert;凭据.ServiceCertificate.DefaultCertificate = myServiceCert;credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;服务 = factory.CreateChannel();
CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement element = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
element.AllowSerializedSigningTokenOnReply = true;
element.SetKeyDerivation(false);
element.IncludeTimestamp = true;
element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
element.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
element.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier();
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
element.IncludeTimestamp = false;
binding.Elements.Add(element);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());
EndpointAddress address = new EndpointAddress(new Uri("url"));
ChannelFactory<MyPortTypeChannel> factory = new ChannelFactory<MyPortTypeChannel>(binding, address);
ClientCredentials credentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
credentials.ClientCertificate.Certificate = myClientCert;
credentials.ServiceCertificate.DefaultCertificate = myServiceCert;
credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
service = factory.CreateChannel();