问题描述
我正在设置现有的 WCF 服务以满足某些客户端要求.需求之一是在禁用 WS-Addressing 的服务上使用 UserNameToken 身份验证,并且在 WSDL 上以SupportingTokens"格式生成策略,如下所示.
I am setting an existing WCF service to meet some client requirements.One of the demands is to use a UserNameToken authentication on a service with WS-Addressing disabled and the policy generated on the WSDL in 'SupportingTokens' format, as below.
<wsp:Policy wsu:Id="wss_username_token_service_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
我尝试了很多配置,但总是得到一个标签sp:SignedSupportingTokens"或sp:SupportingTokens"以外的标签.
I tried many configurations but always get a tag "sp:SignedSupportingTokens" or other than "sp:SupportingTokens".
在 documentation 似乎是没有什么特别的.
根据 这篇文章,似乎不支持这种断言类型.
At the documentation seems to be nothing specific to this.
According to Ladislav Mrnka in this post, seems to be no support for this assertion type.
如果这是正确的,是否无法使用 WCF 生成该 wsdl?
If this is correct, it is not possible to generate that wsdl using WCF?
遵循绑定和行为配置.
绑定:
<customBinding>
<binding name="httpsBinding" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
<mtomMessageEncoding messageVersion="Soap12" >
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</mtomMessageEncoding>
<httpsTransport maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
行为:
<behavior name="svcSslAndUserNamePasswordBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceSecurityAudit auditLogLocation="Application" suppressAuditFailure="true" serviceAuthorizationAuditLevel="Failure"
messageAuthenticationAuditLevel="Failure" />
<serviceCredentials>
<serviceCertificate findValue="certificateInfo" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="UserManagement.UserNameValidator" />
</serviceCredentials>
</behavior>
推荐答案
这取决于其他所需的策略.WCF 不支持普通 SupportingToken,但如果您使用 HTTPS 和 UserNameToken 而没有其他特殊要求,您的绑定应该可以工作.它使用 WSDL 中的 SignedSupportingToken 生成策略,但由于没有其他消息安全性,并且因为使用了 HTTPS,您将在消息中没有签名,但签名"要求将通过传输 (HTTPS) 来满足.
It depends on other required policies. WCF does not support plain SupportingToken but if you use HTTPS and UserNameToken with no other special requirements your binding should work. It produces policy with SignedSupportingToken in WSDL instead but because there is no other message security and because HTTPS is used, you will have no signature in the message but "signed" requirement will be fulfilled by transport (HTTPS).
这篇关于我可以使用 WCF 创建一个生成 SupportingTokens 策略的服务吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!