如何解决如何在用C#编写的Web服务客户端中禁用响应验证
我有一个用C#编写的简单Web服务客户端,该客户端使用x.509证书身份验证连接到部署在Weblogic上的基于MTOM的基于Java的Web服务。
所有简单的请求都可以正常工作,我从Web服务获得了正确的响应,但是当我要接收带有基于MTOM的二进制附件的响应时,则会引发以下异常:
Unhandled Exception: System.ServiceModel.Security.MessageSecurityException: The signature verification failed. Please see inner exception for fault details. ---> System.Security.Cryptography.CryptographicException: Digest verification failed for Reference '#Body_50Qa3hJtTFc5taQf'.
at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id,Object resolvedXmlSource)
at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id,Object resolvedXmlSource)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo,String id,XmlDictionaryReader reader,Boolean doSoapAttributeChecks,MessagePartSpecification signatureParts,MessageHeaderInfo info,Boolean checkForTokensAtHeaders)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo,Boolean checkForTokensAtHeaders)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ExecuteMessageProtectionPass(Boolean hasAtLeastOneSupportingTokenExpectedToBeSigned)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout,ChannelBinding channelBinding,ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader,Message& message,SecurityToken requiredSigningToken,TimeSpan timeout,SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message,String actor,SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message,SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply,SecurityProtocolCorrelationState correlationState,TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message,TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message,TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,Boolean oneway,ProxyOperationRuntime operation,Object[] ins,Object[] outs,TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
我认为根本原因是用于计算服务器和客户端上的SOAP元素Body的签名的方法之间的差异。我知道Weblogic服务器正在以某种方式计算签名,其中整个附加的二进制内容均以Base64编码并内联到SOAP消息中。
但是我不知道C#中生成的代码如何在客户端计算签名。有什么方法可以在C#客户端上禁用签名验证吗?
我已经尝试使用IClientMessageInspector来调整响应,以将以Base64编码的二进制MTOM附件添加到消息的主体中,但是没有成功,看来生成的C#代码正在处理方法之前的签名验证。 IClientMessageInspector中的AfterReceiveReply()被执行。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。