C# 如何为WS-Security生成UsernameToken?
我有一些web服务(用Java编写),我需要在.NET中为它创建客户端。Web服务具有WS-Security,需要PasswordDigest。 首先,我在SoapUI中测试了它,它适用于:C# 如何为WS-Security生成UsernameToken?,c#,.net,web-services,soap,ws-security,C#,.net,Web Services,Soap,Ws Security,我有一些web服务(用Java编写),我需要在.NET中为它创建客户端。Web服务具有WS-Security,需要PasswordDigest。 首先,我在SoapUI中测试了它,它适用于: POST http://192.168.100.101:8181/services/ws/SomeService HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: application/soap+xml;charset=UTF-8;action="s
POST http://192.168.100.101:8181/services/ws/SomeService HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/soap+xml;charset=UTF-8;action="someMethod"
Content-Length: 971
Host: 192.168.100.101:8181
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
<soap:Envelope xmlns:not="http://existing-domain.com/op/integration/services" xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-2C1E2DE2B61EBB94E115572099598331">
<wsse:Username>SOME_LOGIN</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">rcSb6Hd8btcI9g6JvO7dGdiTBTI=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">PCoVwJm9oEXtusx6gkMb7w==</wsse:Nonce>
<wsu:Created>2019-05-07T06:19:19.824Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<not:someMethod/>
</soap:Body>
</soap:Envelope>
有一些文章介绍了如何创建密码数字(Base64(SHA1(password+nonce+created))、nonce(Base64(RandomString))或created date,但我找不到什么是wsu:Id=“UsernameToken-2c1e2db61ebb94e115572099598331”
以及如何创建它。上面我从UsernameToken获取xml的代码返回完整的部分,所以我决定使用它,但我注意到它附加了wsu:Id=“SecurityToken-85707168-b5c6-47dc-93e9-45afa466fa2a”
(而不是wsu:Id=“UsernameToken-2C1E2DE2DB61EBB94E115572099598331”
)。我可以更改名称并删除-
字符,但没有任何更改,我仍然收到500个内部服务器错误消息“验证消息时遇到安全错误”
所以,我的问题是如何使用正确的
wsu:Id=“UsernameToken-xxxxxxxxxxxxx”
数据生成UsernameToken节?它是什么-只是随机字符串或基于用户名和密码创建的哈希?明白了!我注意到从.NET客户端发送的SOAP在Nonce
节点中没有属性EncodingType
。代码稍作修改后:
UsernameToken t = new UsernameToken("SOME_LOGIN", "SOME_PASSWORD", PasswordOption.SendHashed);
string usernameTokenSection = t.GetXml(new XmlDocument()).OuterXml.ToString().Replace("<wsse:Nonce", "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\"");
UsernameToken t=newusernametoken(“一些登录”、“一些密码”、PasswordOption.SendHashed);
字符串UsernameTokeSection=t.GetXml(新的XmlDocument()).OuterXml.ToString().Replace(“
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
<soap:Subcode>
<soap:Value xmlns:ns1="http://ws.apache.org/wss4j">ns1:SecurityError</soap:Value>
</soap:Subcode>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">A security error was encountered when verifying the message</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>
UsernameToken t = new UsernameToken("SOME_LOGIN", "SOME_PASSWORD", PasswordOption.SendHashed);
string usernameTokenSection = t.GetXml(new XmlDocument()).OuterXml.ToString();
UsernameToken t = new UsernameToken("SOME_LOGIN", "SOME_PASSWORD", PasswordOption.SendHashed);
string usernameTokenSection = t.GetXml(new XmlDocument()).OuterXml.ToString().Replace("<wsse:Nonce", "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\"");
public static void Execute()
{
UsernameToken usernameTokenSection = new UsernameToken("SOME_LOGIN", "SOME_PASSWORD", PasswordOption.SendHashed);
HttpWebRequest request = CreateWebRequest();
XmlDocument soapEnvelopeXml = new XmlDocument();
soapEnvelopeXml.LoadXml(@"<soap:Envelope xmlns:not=""http://existing-domain.com/op/integration/services"" xmlns:soap=""http://www.w3.org/2003/05/soap-envelope"">" +
"<soap:Header>" +
@"<wsse:Security xmlns:wsse=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"" xmlns:wsu=""http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"">"+
usernameTokenSection.GetXml(new XmlDocument()).OuterXml.ToString().Replace("<wsse:Nonce", "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\"") +
"</wsse:Security>" +
"</soap:Header>"+
"<soap:Body>"+
"<not:someMethod/>"+
"</soap:Body>"+
"</soap:Envelope>");
using (Stream stream = request.GetRequestStream())
{
soapEnvelopeXml.Save(stream);
}
using (WebResponse response = request.GetResponse())
{
using (StreamReader rd = new StreamReader(response.GetResponseStream()))
{
string soapResult = rd.ReadToEnd();
Console.WriteLine(soapResult);
}
}
}
public static HttpWebRequest CreateWebRequest()
{
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(@"http://192.168.100.101:8181/services/ws/SomeService");
webRequest.Method = "POST";
webRequest.Headers.Add("Accept-Encoding:gzip,deflate");
webRequest.ContentType = "application/soap+xml;charset=UTF-8;action=\"someMethod\"";
//NOTE: below it's not necessary
//webRequest.Host = "192.168.100.101:8181";
//webRequest.KeepAlive = true;
//webRequest.UserAgent = "Apache-HttpClient/4.1.1 (java 1.5)";
return webRequest;
}
static void Main(string[] args)
{
try
{
Execute();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
Console.ReadLine();
}
}