如何解决如何在WCF客户端服务中实现WS-security时间戳,用户名令牌,签名
我需要使用WS-Security实现WCF请求。标头必须具有此标签(签名,UsernameToken和时间戳),如下所示:
<soapenv:Header>
<wsse:Security>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...
<wsse:UsernameToken wsu:Id="UsernameToken-DCF9C511">...
<wsu:Timestamp wsu:Id="TS-DCF9C5119CC59E9AE2159888852210410">...
</wsse:Security>
</soapenv:Header>
我已经尝试过使用此代码,并且在标题中获得了“ Signature”和“ TimeStamp”标签,但是没有“ UsernameToken”标签:
System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender,certificate,chain,sslPolicyErrors) => true);
Servicio.RecaudoWSPortClient client = new Servicio.RecaudoWSPortClient();
//Configuration certificate
X509Certificate2 cert = new X509Certificate2();
cert.Import(@"C:\Users\jdduitama\Desktop\SCRIPTS\bis\Certificado\PKCS C#\PRUEBA.pfx","PRUEBA",X509KeyStorageFlags.DefaultKeySet);
X509Certificate2 cert2 = new X509Certificate2();
cert2.Import(@"C:\Users\jdduitama\Desktop\SCRIPTS\bis\Certificado\Certificado.cer","",X509KeyStorageFlags.DefaultKeySet);
//Configuration Custom Binding
TextMessageEncodingBindingElement textEncoding = new TextMessageEncodingBindingElement { MessageVersion = MessageVersion.Soap11 };
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement { RequireClientCertificate = true };
TransportSecurityBindingElement sec = SecurityBindingElement.CreateCertificateOverTransportBindingElement();
sec.EnableUnsecuredResponse = true;
CustomBinding customBinding = new CustomBinding(sec,textEncoding,httpsTransport);
client.Endpoint.Binding = myBinding;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
client.ClientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.Offline;
client.ClientCredentials.ServiceCertificate.DefaultCertificate = cert2;
client.ClientCredentials.ClientCertificate.Certificate = cert;
client.Endpoint.Address = new System.ServiceModel.EndpointAddress("https://myservice.com/service");
client.Endpoint.Binding.SendTimeout = new TimeSpan(0,30);
client.ClientCredentials.UserName.UserName = "USERNAME";
client.ClientCredentials.UserName.Password = "PASSWORD";
responseConsulta = client.ConsultaPorValidacion(requestConsulta);
我认为解决方案应该是在绑定安全性配置中,因为如果我在配置中使用安全性模式“ TransportWithMessageCredential”,则会在标头中获得usernameToken,但会丢失“ Signature”和“ TimeStamp”
<binding name="RecaudoWSPortSoap11">
<security mode="TransportWithMessageCredential" />
</binding>
解决方法
如果将安全模式设置为TransportWithMessageCredential,它将覆盖自定义绑定中的安全模式,因此我认为这不是解决方案。
WCF为自定义绑定提供了18种身份验证模式,也许您可以尝试UserNameOverTransport:
TransportSecurityBindingElement sec = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
您还可以尝试其他身份验证方案。有关其他身份验证方案的更多信息,您可以参考此链接:
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。