Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/302.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 为什么要在soap头中的证书上获得签名_C#_Wcf Security_Wcf Client_Digital Signature - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 为什么要在soap头中的证书上获得签名

C# 为什么要在soap头中的证书上获得签名

c#

C# 为什么要在soap头中的证书上获得签名,c#,wcf-security,wcf-client,digital-signature,C#,Wcf Security,Wcf Client,Digital Signature,我需要与支持Soap1.1 en WS-Security 1.0的soap服务通信。 我在C#中编写了一些与此服务通信的代码,但它返回了一个FaultException。 serive的一个要求是我在soap主体上签名。我返回的错误似乎与消息的签名有关 当我检查发送到服务的消息时,我可以看到其中有一个签名,但是这个签名有两个引用。第一个(URI=#u2)指向正文,第二个(URI=#uuid-67…)指向用于对消息签名的证书 我想这是导致错误的原因。请向我解释一下为什么第二次引用会被添加到签名中,

我需要与支持Soap1.1 en WS-Security 1.0的soap服务通信。 我在C#中编写了一些与此服务通信的代码,但它返回了一个FaultException。 serive的一个要求是我在soap主体上签名。我返回的错误似乎与消息的签名有关

当我检查发送到服务的消息时,我可以看到其中有一个签名,但是这个签名有两个引用。第一个(URI=#u2)指向正文,第二个(URI=#uuid-67…)指向用于对消息签名的证书

我想这是导致错误的原因。请向我解释一下为什么第二次引用会被添加到签名中,以及我怎样才能去掉它

资料来源:

 //start communication
 EndpointAddress address = new EndpointAddress(
 new Uri("https://klac.procesinfrastructuur.nl:443/PIAanleverservices/services/AanleverService"),
 EndpointIdentity.CreateDnsIdentity("*.procesinfrastructuur.nl"));

 CustomBinding cbinding = new CustomBinding();
 var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
 sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
 sec.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
 sec.EnableUnsecuredResponse = true;
 sec.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; 
 sec.IncludeTimestamp = false;
 cbinding.Elements.Add(sec);

 var tme = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
 cbinding.Elements.Add(tme);

 var https = new HttpsTransportBindingElement();
 https.RequireClientCertificate = true;
 cbinding.Elements.Add(https);

 ChannelFactory<AanleverService> factory = new ChannelFactory<AanleverService>(cbinding, address);
 factory.Endpoint.Behaviors.Add(new PaulsBehaviour());
 factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My,
     X509FindType.FindBySubjectName, "My Certificate");

 factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser,
                                              StoreName.My,
                                              X509FindType.FindBySubjectName,
                                              "*.procesinfrastructuur.nl");

 AanleverService client = factory.CreateChannel();
 try
 {
     leverAanRequest request = new leverAanRequest("", "KLogiO.OB20100305", "Omzetbelasting", "inhoud", //EncodeTo64(inhoudsigned),
                                               DateTime.Now, "24140938B01", "http://geenausp.nl");
     leverAanResponse resultaat = client.leverAan(request);
     Console.WriteLine("Resultaat: {0}/{1}", resultaat.leverAanReturn.PI_Kenmerk, resultaat.leverAanReturn.tijdstempelOntvangst);
     Console.ReadKey();
 }

//开始通信
EndpointAddress地址=新的EndpointAddress(
新Uri(“https://klac.procesinfrastructuur.nl:443/PIAanleverservices/services/AanleverService"),
EndpointIdentity.CreateDnsIdentity(“*.procesinfrastructur.nl”);
CustomBinding cbinding=新建CustomBinding();
var sec=(AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
sec.EndpointSupportingTokenParameters.Signed.Add(新的X509SecurityTokenParameters());
sec.MessageSecurityVersion=MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sec.EnableUnsecuredResponse=真;
sec.MessageProtectionOrder=MessageProtectionOrder.SignBeforeEncrypt;
sec.IncludeTimestamp=假;
C绑定元素添加(秒);
var tme=newtextMessageEncodingBindingElement(MessageVersion.Soap11,Encoding.UTF8);
cbinding.Elements.Add(tme);
var https=新的HttpsTransportBindingElement();
https.RequireClientCertificate=true;
cbinding.Elements.Add(https);
ChannelFactory工厂=新的ChannelFactory(C绑定,地址);
factory.Endpoint.Behaviors.Add(新的PaulsBehaviour());
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,StoreName.My,
X509FindType.FindBySubjectName,“我的证书”);
factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser,
店名,我的,
X509FindType.FindBySubjectName,
“*.procesinfrastructuur.nl”);
AanleverService client=factory.CreateChannel();
尝试
{
LeverAnRequest request=新LeverAnRequest(“,”KLogiO.OB20100305“,”Omzetbelasting“,”inhoud“,//EncodeTo64(inhoudsigned),
DateTime.现在,“24140938B01”http://geenausp.nl");
LeverAnResponse ResultAt=client.LeverAn(请求);
WriteLine(“Resultaat:{0}/{1}”,Resultaat.leverAanReturn.PI_Kenmerk,Resultaat.leverAanReturn.tijdstempelOntvangst);
Console.ReadKey();
}
信息:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <ActivityId CorrelationId="7b88bb7b-eb91-47c9-8163-8d0eb90e3adb" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">412197d8-e97b-4e33-a988-1a5390b798a4</ActivityId>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo44bS9QvZcdJjhUDKzWRBs8AAAAAeNyqcH1zhkeOzSiaDD0CyM+e8mGeN1FCmpSR5zqYPf8ACQAA</VsDebuggerCausalityData>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <o:BinarySecurityToken u:Id="uuid-582a2846-2291-4c45-b788-2246af698cd8-3" 
      ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
      MIIG....
      </o:BinarySecurityToken>
      <o:BinarySecurityToken u:Id="uuid-582a2846-2291-4c45-b788-2246af698cd8-1" 
      ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
      MIIG....
      </o:BinarySecurityToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <Reference URI="#_2">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>AosPkLHPJGku8gcL+toVX62fPpg=</DigestValue>
          </Reference>
          <Reference URI="#uuid-582a2846-2291-4c45-b788-2246af698cd8-1">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>H5fqYFR6N3ryhcna8iXirRhG6w4=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>C3oE37WKGthBLpwzN+q/qYJfMKllCnWItNInS1UY5FC4w74sZZh7OJeudS+cNciXNAvT6O+IslJAxdSwApjtuKFTtj0XzgoHqnyRoXbi8zaMT1Vinrw+QSzhhIigWlqXA+5MPUIOJWAWe2Anh6+1LtTyrJo7DpTiSvF8AkGD+sUSOiFcQ6PaA9DtaUDWUqb1rv1X3AqY4T19Twb4aT4sHc3GIi/51/3yALhY4e+jMvo9k3wreJHV/HBCK49sQUCOXHaIHdO7HFodytGRHV5qHaGiH9aJlocAqAKQuegW9O8+56AHt4v3q48zXiIrfQSnaCsSob5LQGudX1KJv7jYtQ==</SignatureValue>
        <KeyInfo>
          <o:SecurityTokenReference>
            <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-582a2846-2291-4c45-b788-2246af698cd8-3"/>
          </o:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </o:Security>
  </s:Header>
  <s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <leverAan xmlns="http://procesinfrastructuur.nl/service/aanleverservice/2007/01/">
      <betreftPI_Kenmerk xmlns=""/>
      <aanleverKenmerk xmlns="">KLogiO.OB20100305</aanleverKenmerk>
      <berichtsoort xmlns="">Omzetbelasting</berichtsoort>
      <berichtInhoud xmlns="">inhoud</berichtInhoud>
      <tijdstempelAangemaakt xmlns="">2011-06-22T15:45:18.457469+02:00</tijdstempelAangemaakt>
      <bedrijfsnummer xmlns="">24140938B01</bedrijfsnummer>
      <cspEndpoint xmlns="">http://geenausp.nl</cspEndpoint>
    </leverAan>
  </s:Body>
</s:Envelope>


412197d8-e97b-4e33-a988-1a5390b798a4
UIDPO44BS9QVZCDJHUDKZWRBS8AAAAAENYQCH1ZHKEOZSIADD0CYM+e8mGeN1FCmpSR5zqYPf8ACQAA
米格。。。。
米格。。。。
AosPkLHPJGku8gcL+toVX62fPpg=
H5fqYFR6N3ryhcna8iXirRhG6w4=
3.本书是一本书中的一部分。2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 QGUDX1KJV7JYTQ==
KLogiO.OB20100305
omzetblasting
因胡德
2011-06-22T15:45:18.457469+02:00
24140938B01
http://geenausp.nl

最后我发现了为什么我也在证书上得到了签名。这是因为这一行代码:

    sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
删除这一行会产生正确的消息(只有一个引用元素带有then签名)

Paul

通过fiddler捕捉信息以查看整个内容。