问题描述

我有一个SOAP服务，我想连接到。它需要访问低谷HTTPS，它需要有它的由证书签名的身体

I've got a SOAP service I want to connect to. It needs to be accessed trough https and it needs to have it's body signed by a certificate.

我试过下面的代码：

<basicHttpBinding>
    <binding name="P4Binding" closeTimeout="00:01:00" openTimeout="00:01:00"
        receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
        useDefaultWebProxy="true">
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
        <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="None" proxyCredentialType="None"
            realm="" />
        <message clientCredentialType="Certificate" algorithmSuite="Default" />
        </security>
    </binding>
</basicHttpBinding>

设置了我的客户如下：

P4_ServiceReference.P4PortTypeClient client = new P4_ServiceReference.P4PortTypeClient();

client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;
client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(@"[..].cer");
client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"[..]", "somepass");

甚至改变了我的Reference.cs包含的ProtectionLevel = ProtectionLevel.Sign 上ServiceContractAttribute的和OperationContractAttribute

Even changed my Reference.cs to include the ProtectionLevel=ProtectionLevel.Sign on the ServiceContractAttribute and the OperationContractAttribute.

会发生什么事是，WSE：安全头被创建，但身体没有被签署。该服务返回元素http://schemas.xmlsoap.org/soap/envelope/Body必须签署。

What happens is that the wse:security header is created, but the body is not being signed. The service returns Element http://schemas.xmlsoap.org/soap/envelope/Body must be signed.

我在想什么，使身体得到正确签名？

What am I missing so that the body gets signed properly?

推荐答案

固定它使用该 customBinding 而不是 basicHttpBinding的。

        //Setup custom binding with HTTPS + Body Signing + Soap1.1
        CustomBinding binding = new CustomBinding();

        //HTTPS Transport
        HttpsTransportBindingElement transport = new HttpsTransportBindingElement();

        //Body signing
        AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
        asec.SetKeyDerivation(false);
        asec.AllowInsecureTransport = true;
        asec.IncludeTimestamp = true;

        //Setup for SOAP 11 and UTF8 Encoding
        TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);

        //Bind in order (Security layer, message layer, transport layer)
        binding.Elements.Add(asec);
        binding.Elements.Add(textMessageEncoding);
        binding.Elements.Add(transport);

似乎 TransportWithMessageCredential 只使用运输出于安全和无视一切。

It seems that TransportWithMessageCredential only uses the Transport for security and ignores everything else.

这篇关于WCF通过HTTPS和签署身体的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！