C# 从.NET调用具有WS-Security的web服务
我需要从ASP.NET使用WS-Security保护的web服务 我正在使用SoapUI测试服务,作为信封请求:C# 从.NET调用具有WS-Security的web服务,c#,web-services,wcf,soap,ws-security,C#,Web Services,Wcf,Soap,Ws Security,我需要从ASP.NET使用WS-Security保护的web服务 我正在使用SoapUI测试服务,作为信封请求: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://aduana.gov.py/webservices"> <soapenv:Header/> <soapenv:Body> <web:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://aduana.gov.py/webservices">
<soapenv:Header/>
<soapenv:Body>
<web:agregarGuia>
<!--Optional:-->
<guia>?</guia>
<!--Optional:-->
<autenticacion>
<!--Optional:-->
<codAduana>?</codAduana>
<!--Optional:-->
<firmaWSAA>?</firmaWSAA>
<!--Optional:-->
<idUsuario>?</idUsuario>
<!--Optional:-->
<ticketWSAA>?</ticketWSAA>
</autenticacion>
</web:agregarGuia>
</soapenv:Body>
</soapenv:Envelope>
我在谷歌上搜索过,有些人推荐WCF。我正在构建一个ASP.NET4.5应用程序。在这种情况下,我的选择是什么?
我需要知道如何使用我的证书对邮件进行签名
编辑1:
我能够提前解决这个问题,现在我可以发送用证书签名的SOAP消息,我即将完成我的任务。现在我无法在安全标签中设置正确的元素,我编辑了问题以显示信封、正确的信封和我的信封
正确:这是一个正确请求的示例信封
MIIC9TCCAD2GAWIBAGIUIM4NWS8KFCWDQYJKOZIHVCNAQEFBWWNGZERMA8GA1EAWWIQWRTAW5QTEXFTTBGNVBAOMDEVKQKKKKKKKKKKFZTELMAKGA1EBHMCU0UHHCCNMTQWMZIWMTKXMZZZWJBBMRQWEGYDVQQDDATJB3VYLWYLWYLWWYLWWYLKK2WKKK2MAWYWKKKKK8WWKKKKKKKKKKKK8WYWYWK8WKWKKKKKKKKKKKKKKK8WK8WK8WK8WKK8WKKZZZZZZZYWK8WK8WWK8WK8WK8WK8WK8WK8WK8WK8WK/CeNM+mxImilLdJrGoC2/000LQETB9B3AQIRADOFFU4/qsAlgWI+KT2JNUSJMLJQFXHAKMEX4Rub0CmTcNxTwTwLfFfJuI9NujVSCmLdVFGliahrpjagmbaaGjFzb9MB0Ga1UdQwBtCwBcWbBb7F/4SmNnZ7GNJ25IlKwBbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGb进入/mhH8ahqUVN1+5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt/93F74B4P/1DYRK+W8SKGEBTAU9MVL3NZYY0ABVLHUD+RgX9DJOtUkKA/It2IM9/8GGUYEJJJJR4PP/1DYRK+W8SKGEBTAU9MVL3NZY0ABVLHUD+MZYVPB17FSLC8N5EQD8H+D8H3KJJJJJJJJJJJJZYLK2ZYLZ2FZZZZY2FZZ2FZZY2FZ2FYZZZ2FZZZYYY2FZZZYYY2FZZYYYYZZ2FZ2FZ2FZZZZYYYY2FZZZZZY=
WHVADAKYPSWxHxBIZ/T54n0dBw=
MDHY5中心WUD5WMVOZZU8ROXD3EQKQMCZA9LSFHBCP3CFAD3P1QJJ9EYRRFBS5YCIYDY716WZH
M+tFybt1+EUJXZZ3YTK4XAHKEXNAG51IUP1WV00KM+nsj4u/x8DzTA/J9EG3ZDTSURIVEBSFCEQA
TF4BwUAgGBS87xqL5zc=
2014-05-13T19:06:00.188Z
2014-05-13T19:07:00.188Z
我的,这不起作用
UIDPOWMUM40QT95GQSY7XPKT7LIAAAAAAVMWGORINWU+AVOWH+3TPjP6NBU03AZtHqle8GLRYcYAACQAA
2014-05-15T21:30:20.723Z
2014-05-15T21:35:20.723Z
MIIC9JCCAD6GAWIBAGINZYJKOZIHVCNAQEFBWWWZERMA8GA1UEAWIQWRTAW5DQTEXFTTBGNVBAOMDEVKKKKKNbHbHbHbHbHbHbHbHbHbzTelmakGa1EBHMCU0UHhHcHcHcHcHcHbHcHcHcHbHbHbHbHbHbHbHgZmHbHgZmHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbHbH中国ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZTKDC2NCTTo7P+mhvIBe54U/VS8I5VXIATKZ01BZHIBL7CHJP063V4YTTEHDCGKWUTTARQKKKUA7RFDLMQSMCR13QND4LUPGUAEVW0WSRHU1XGJPF02FTBDD3YYGWCEUINVKUYATGYB/VLHJAZHN4UJCNWLpIc6UumbyQROOA+wJr/OCFHQKEIBSCUIHD6ERG7AEFCG41GI2ZJVWKK/PEQQGGGGGGG7PNG9PNG9PNG9F8MM+TnJJJJJJJJJJJJJJJ7YKYKYK7F9BYKYP7PYKYKYP7PYP7PYPYK7PC+TJJJ9PYPYP7PY
pM8KraJSLZumo77gD9+JF2f8eBU=
MZ9ZTKEGJ5KNU4R6CQHRHODK0FRNK1O5KRGBM+YQFZLVWKQ6N7P9RNCBTRDGSLG3CVWUVWB7PBF78TDX3P0LJF/Eg015t6qouSyK/92qL3oRz/8TbqLKpe/1YSDMGHRQPRVTDF2HUFGWMQVSILYULG/nW7K+EDwS/Lg=
我设法让它工作起来,我将解决方案发布在这里供其他人使用。
总而言之,当前的任务是使用一个用java编写的具有ws-security特性的web服务。让我澄清一下,如果web服务开发人员有意识地编写一个好的wsdl和/或他们是协作人员,那么这应该是一项简单的任务。不幸的是,它们不是。
如果你是在这种情况下,你必须武装起来,并采取自己的服务。
第一件事是使用SoapUI获取服务使用的Soap版本,该版本将定义您可以使用的绑定类型,在我的例子中是Soap 1.1,在与ws-security的协作中,强制我使用customBinding,因为wsHttpBinding仅支持Soap 1.2,而basicBinding对于使用支持ws-security的服务来说没有那么灵活。
经过一系列的测试错误和大量的Fiddler读取服务器响应后,我最终得出了以下绑定。全部由配置完成,不涉及代码:
<system.serviceModel>
<bindings>
<binding name="MyBinding" >
<textMessageEncoding messageVersion="Soap11"/>
<security authenticationMode="MutualCertificate" enableUnsecuredResponse="true" allowSerializedSigningTokenOnReply="true"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
includeTimestamp="false">
</security>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<clientCertificate findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint" />
<serviceCertificate>
<defaultCertificate findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint"/>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere"
binding="customBinding" bindingConfiguration="MyBinding"
contract="serviciotereSoap" name="serviciotereSoap" behaviorConfiguration="ClientCertificateBehavior">
<identity>
<dns value="tere_test"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
以及当您使用DnaSoapClient
时会发生什么?@johnsaunder当着我的面使用java.lang.NullPointerException时,服务爆炸了。这就是我决定用SoapUI测试它的原因。但是NullPointerException
显然是服务器中的一个bug。你能和服务器人员谈谈,问他们你发送给他们的东西是否会触发他们的bug吗?有可能你的团队正在工作,而服务有一个bug。好的,那么你需要在代码中做一些事情,我不知道怎么做。这是一个糟糕的WSDL。该服务需要安全性,但WSDL表示该服务不需要安全性,因此WCF不提供安全性。在访问服务之前,您必须做一些事情来更改代码中的绑定配置。您应该创建一个答案,显示到目前为止您取得了哪些成就,以及您是如何做到的。了解更多信息后,请随时更新答案
var srvRef = new DnaSoapClient();
srvRef.ClientCredentials.ClientCertificate.Certificate = theCert;
var response = srvRef.agregarManifiesto( dnaManifiesto );
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-B259DAB3D28E48CB6A140000796019094">MIIC9TCCAd2gAwIBAgIIUiM4nWs8kfcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTkxMTIwWhcNMTgxMjIwMTQzNzEzWjBBMRQwEgYDVQQDDAtjb3VyaWVyLnRudDEOMAwGA1UECwwFc29maWExDDAKBgNVBAoMA2RuYTELMAkGA1UEBhMCcHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOS71x5+ChwGzWs4VlLgkePbU8/zFHUrrE8nFNVsukMCc5q5hCK8/CeNM+mxImilLdJrGoC2/000lQetB9B3AqIrAdOfBFU4/qsAlgWI+kt2jnUsJMLRjQfxhAKMeX4RUb0CmTcsnXtWlFvYFFjiUi9nUJVSxCsmldVFgLIAHRPjAgMBAAGjfzB9MB0GA1UdDgQWBBTCwBBmU7f/4SmNz7GNJ25ILkPuhjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFDF+1hOSdgg2DFOUofnnXdx9TxjeMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBAALVVGGNsTSMcfDBwkkNQH3MpfiNTo/mhH8ahqUVN1+5BIwWstv8fH0Sl9ea1XShKLPDfDIx8WSzUUIt/93f74B3a3oMpBtbVEiku2BKUp5cJfkYe2c5zPOxk3nzmQwcEoB++RgX9DJOtUkKA/It2IM9/8ggUyjceJQCpBRiA9Kg7+h3HfmOKNn+9/pNu498JXhSRKa8Jr4pp/1udYRk+W8sKGEBtAU9MvL3y0AbvLhUD+MZyvpHGB17fslC8Nnd5EBQH8hQD+DWGepyCBIlb0NA13YEoLMcRKDcWvSPd0UGWo2G0IOeUZaGuzzIz2n04QrXvnqQKAOFd9yH2VfGtWE=</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-96" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ec:InclusiveNamespaces PrefixList="soapenv web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod>
<ds:Reference URI="#id-95" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ec:InclusiveNamespaces PrefixList="web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"></ec:InclusiveNamespaces>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod>
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">whvAdAkypsWVXHXbIz/T54n0dBw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
MdHy5mceNtQWUD5WmVOzZU8roxD3EQkQmcZA9LsfhBcp3cFAD3P1qJJ9EyrRFBs5yCiYDY716Wzh
M+tFybt1+EujXZZ3ytk4XaahkexNAG51iup1wvw0Km+nsj4u/x8DzTA/J9EG3ZdTSUrIVBsFcEQa
TF4BwUAgGBS87xqL5zc=
</ds:SignatureValue>
<ds:KeyInfo Id="KI-B259DAB3D28E48CB6A140000796019095">
<wsse:SecurityTokenReference wsu:Id="STR-B259DAB3D28E48CB6A140000796019096" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#X509-B259DAB3D28E48CB6A140000796019094" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-94">
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:06:00.188Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2014-05-13T19:07:00.188Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPowmum40QT95GqsY7XPKT7LIAAAAAvMwgorinWU+AVOWH+3TPjP6NBU03AZtHqle8GLRYcYAACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-05-15T21:30:20.723Z</u:Created>
<u:Expires>2014-05-15T21:35:20.723Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIC9jCCAd6gAwIBAgIINNZyZplkQHgwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTQwMzIwMTgzMjQ3WhcNMTgxMjIwMTQzNzEzWjBCMRUwEwYDVQQDDAxjb3Vycmllci5kaGwxDDAKBgNVBAsMA09QUzEOMAwGA1UECgwFREhMUFkxCzAJBgNVBAYTAlBZMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGoP0dxByIfto/hqJCOhobTdwQJ3AxJkqUeSNFnprAH8zi6HjBJhzkXptqXiR9GZR1H4U3UaN6aczKVh2PaPqU8ooTxjST0ywWBgXA1WP3ukrybUKxpSvqmiRJ/cANAYLovL+gmh2v/fqPiLs7vsgT+zj1330wRGqtrokYPMjlbQIDAQABo38wfTAdBgNVHQ4EFgQU6IHB4XfP7+rbryy1Ru8kFcfSDqcwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQxftYTknYINgxTlKH5513cfU8Y3jAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQB3NQC+0/VmC7A1MStKdc2NctTo7P+mhvIBe54U/Vs8I5vXiatKz01BzHIbl7chjP063V4YTtehDCGkwUTtARqpkua7RfdlMqsmcr1s3qnD4lUpGuAeVW0Wsrhu1xGjPf02fTBdD3yyGWCeUiNvKuoweeATlGyB/VlHJaZHN4HuJCnWlPic6uUUMBYqrOOa+wJr/OCFHqkEiBsUihD6ergj7AeAAFcG41GI2ZjVWK/PEB71sbQqqGgLpigAS9f8PNMm+TnQuizrvLPKm3hanOKYr9ORrbWjZCL3dva1YobK4ykvUYpncj6YsOtuDi62RcHYjT7IF9UoeZHBE2vePc+K</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>pM8KraJSLZumo77gD9+JF2f8eBU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>MZ9ZTKeGj5KNUEn4R6cQhRhOdK0frNK1O5KRGbM+YqfvzlVwVKQ6n7p9rncbtrdGsLg3CVwUVwB7PBF78tDx3p0LjF/Eg015t6qouSyK/92qL3oRz/8TbqLKpe/1uySdmGhrqPrVlTDF2rHuFGwmQVSILyUVLg/nW7K+EDwS/Lg=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="#uuid-16d1441d-2f30-40a0-ae4e-ec5d557d2261-2"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
</s:Envelope>
<system.serviceModel>
<bindings>
<binding name="MyBinding" >
<textMessageEncoding messageVersion="Soap11"/>
<security authenticationMode="MutualCertificate" enableUnsecuredResponse="true" allowSerializedSigningTokenOnReply="true"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
includeTimestamp="false">
</security>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertificateBehavior">
<clientCredentials>
<clientCertificate findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint" />
<serviceCertificate>
<defaultCertificate findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint"/>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://secure.aduana.gov.py/test/tere/serviciotere"
binding="customBinding" bindingConfiguration="MyBinding"
contract="serviciotereSoap" name="serviciotereSoap" behaviorConfiguration="ClientCertificateBehavior">
<identity>
<dns value="tere_test"/>
</identity>
</endpoint>
</client>
</system.serviceModel>