问题描述
我有一个SOAP服务,我想连接到。它需要访问低谷HTTPS,它需要有它的由证书签名的身体
I've got a SOAP service I want to connect to. It needs to be accessed trough https and it needs to have it's body signed by a certificate.
我试过下面的代码:
<basicHttpBinding>
<binding name="P4Binding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
设置了我的客户如下:
P4_ServiceReference.P4PortTypeClient client = new P4_ServiceReference.P4PortTypeClient();
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(@"[..].cer");
client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"[..]", "somepass");
甚至改变了我的Reference.cs包含的ProtectionLevel = ProtectionLevel.Sign
上ServiceContractAttribute的和OperationContractAttribute
Even changed my Reference.cs to include the ProtectionLevel=ProtectionLevel.Sign
on the ServiceContractAttribute and the OperationContractAttribute.
会发生什么事是,WSE:安全头被创建,但身体没有被签署。该服务返回元素http://schemas.xmlsoap.org/soap/envelope/Body必须签署
。
What happens is that the wse:security header is created, but the body is not being signed. The service returns Element http://schemas.xmlsoap.org/soap/envelope/Body must be signed
.
我在想什么,使身体得到正确签名?
What am I missing so that the body gets signed properly?
推荐答案
固定它使用该 customBinding
而不是 basicHttpBinding的
。
//Setup custom binding with HTTPS + Body Signing + Soap1.1
CustomBinding binding = new CustomBinding();
//HTTPS Transport
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
//Body signing
AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
asec.SetKeyDerivation(false);
asec.AllowInsecureTransport = true;
asec.IncludeTimestamp = true;
//Setup for SOAP 11 and UTF8 Encoding
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
//Bind in order (Security layer, message layer, transport layer)
binding.Elements.Add(asec);
binding.Elements.Add(textMessageEncoding);
binding.Elements.Add(transport);
似乎 TransportWithMessageCredential
只使用运输出于安全和无视一切。
It seems that TransportWithMessageCredential
only uses the Transport for security and ignores everything else.
这篇关于WCF通过HTTPS和签署身体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!