C# 带Java服务器的WSSE WCF客户端；找不到'；System.IdentityModel.Tokens.UserNameSecurityToken'；令牌类型。”；

我正在尝试与来自WCF的Java服务集成。服务器需要OASIS WSSE安全标头进行用户名+密码身份验证。传输安全性由服务器端的SSL提供（没有用于相互身份验证的客户端证书）。请求正在工作，但WCF在处理响应时失败

使用Fiddler2，我看到从服务器返回的有效响应没有任何问题，但看起来WCF阻塞了

wsse:UsernameToken

，这在服务器的响应中得到了响应

有没有办法忽略服务器响应中返回的令牌的客户端身份验证？我想我需要一个虚拟验证器，并以某种方式将其附加到客户机的响应处理中，但我不确定在何处连接到该逻辑

我不想使用WSE 3.0，所有的客户端设置都在代码中（没有外部程序集或配置文件）

代码

private static IEndPointClient NewProxy(string userName, string password)
{
    //Basic SOAP over TLS/SSL with WSSE header for authentication
    var baseBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);

    //Strip the TimeStamp element from the WSSE header - server does not expect it
    var elements = baseBinding.CreateBindingElements();
    var securityElem = elements.Find<SecurityBindingElement>();
    securityElem.IncludeTimestamp = false;

    var binding = new CustomBinding(elements);
    var address = new EndpointAddress(UATSERVER);    

    var svc = new EndPointClient(binding, address);    
    svc.ClientCredentials.UserName.UserName = userName;
    svc.ClientCredentials.UserName.Password = password;
}

您有两个选择：

实现一个从响应中删除用户名的

将WCF中的所有安全设置一起关闭（例如BasicHttpSecurityMode.None），并通过消息检查器（最简单的）或编码器或自定义头将传出用户/传递SOAP头推送到消息中（它们是非常简单的xml元素）

---

谢谢，我使用了第二个选项和消息检查器。没有什么是容易的，但我希望这些类型的集成能够在WCF中开箱即用：（对我来说，构建XML和执行HTTP POST会更快。对于所有使用选项2的人来说）：下面是一个链接，指向描述添加SOAP头的答案

Server stack trace: 
   at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList`1 allowedTokenAuthenticators, SecurityTokenAuthenticator& usedTokenAuthenticator)
   at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)
   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
   at System.ServiceModel.Security.StrictModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)