C# WCF WS-security客户端验证消息时遇到安全错误
我有一个java代码,它使用axis2连接到启用WS-security的web服务。 我正在尝试使用dotnet WCF调用相同的服务 以下是我正确工作的axis2.xml客户端配置:C# WCF WS-security客户端验证消息时遇到安全错误,c#,web-services,wcf,axis2,ws-security,C#,Web Services,Wcf,Axis2,Ws Security,我有一个java代码,它使用axis2连接到启用WS-security的web服务。 我正在尝试使用dotnet WCF调用相同的服务 以下是我正确工作的axis2.xml客户端配置: <parameter name="OutflowSecurity"> <action> <items>Timestamp UsernameToken Encrypt Signature</items>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp UsernameToken Encrypt Signature</items>
<user>MyUser</user>
<passwordCallbackClass>tr.com.mypackage.PWCBHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Encrypt Signature</items>
<user>MyUser</user>
<passwordCallbackClass>tr.com.mypackage.PWCBHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
<signatureKeyIdentifier>IssuerSerial</signatureKeyIdentifier>
</action>
</parameter>
这是我在C#中得到的信封,最终:
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-SOMEVALUE-1">
<u:Created>2020-05-21T11:08:16.280Z</u:Created>
<u:Expires>2020-05-21T11:13:16.280Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-078efc57-eea8-4dcd-9600-1b46d410feb7-3"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
SOMEVALUE
</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>C=XY,O=ORG,CN=Test ORGN ASD NA</X509IssuerName>
<X509SerialNumber>SOMENUMBER</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>SOMEVALUE</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<o:UsernameToken u:Id="SOMEVALUE-1">
<o:Username>MyUser</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">CLEAR TEXT PASSWORD</o:Password>
</o:UsernameToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>SOMEVALUE=</DigestValue>
</Reference>
<Reference URI="#uuid-SOMEVALUE-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>SOMEVALUE</DigestValue>
</Reference>
<Reference URI="#uuid-SOMEVALUE-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>SOMEVALUE</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>SOMEVALUE</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-SOMEVALUE-3"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<e:CipherData>
<e:CipherValue>SOMEVALUE</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
2020-05-21T11:08:16.280Z
2020-05-21T11:13:16.280Z
一些价值
C=XY,O=ORG,CN=试验机构ASD NA
一些
一些价值
我的用户
明文密码
一些价值=
一些价值
一些价值
一些价值
一些价值
我看到的区别是:
我的信封有BinarySecurityToken Axis2信封没有
我的用户名令牌密码是纯文本。Java具有Nonce和created值。
我尝试了,但得到System.InvalidOperationException:“无法在根元素之外写入文本。”错误。我在beforesendrequest上添加了Usernametoken,我的信封有两个安全头,再次失败
我的body encrypteddata没有KeyInfo,axis2 envolope有
我应该看什么?我被困在这里了。如有任何建议,我们将不胜感激
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-SOMEVALUE-1">
<u:Created>2020-05-21T11:08:16.280Z</u:Created>
<u:Expires>2020-05-21T11:13:16.280Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-078efc57-eea8-4dcd-9600-1b46d410feb7-3"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
SOMEVALUE
</o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>C=XY,O=ORG,CN=Test ORGN ASD NA</X509IssuerName>
<X509SerialNumber>SOMENUMBER</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>SOMEVALUE</e:CipherValue>
</e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/>
</e:ReferenceList>
</e:EncryptedKey>
<o:UsernameToken u:Id="SOMEVALUE-1">
<o:Username>MyUser</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">CLEAR TEXT PASSWORD</o:Password>
</o:UsernameToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>SOMEVALUE=</DigestValue>
</Reference>
<Reference URI="#uuid-SOMEVALUE-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>SOMEVALUE</DigestValue>
</Reference>
<Reference URI="#uuid-SOMEVALUE-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>SOMEVALUE</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>SOMEVALUE</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-SOMEVALUE-3"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<e:CipherData>
<e:CipherValue>SOMEVALUE</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>