C#/IRS ACA-使用WCF 4.5发送带有MTOM附件和GZip编码的web服务请求
我们正试图通过公开的web服务向IRS发送数据,以进行ACA数据传输,但由于时间戳和签名元素在安全标头中的顺序,我们无法使WSE 3.0方法正常工作。当TimeStamp元素出现在Signature元素之前时,IRS端的XSD验证显示错误。当我们使用策略断言手动生成签名和时间戳元素顺序正确的安全标头时,IRSWeb服务显示“无效的WS-security标头”错误 如果有人有同样的问题,请告诉我们可能的解决方法。使用WCF 4.5而不是WSE 3.0是解决方案,您能否提供一个工作示例,使用WCF 4.5处理MTOM附件和GZip编码 任何帮助都将不胜感激 编辑:下面是我们现在发送的状态请求Soap信封,其中包含由手动创建的整个XML。它仍然显示TPE-1122无效安全标头错误。这个请求有错误吗C#/IRS ACA-使用WCF 4.5发送带有MTOM附件和GZip编码的web服务请求,c#,web-services,gzip,mtom,irs,C#,Web Services,Gzip,Mtom,Irs,我们正试图通过公开的web服务向IRS发送数据,以进行ACA数据传输,但由于时间戳和签名元素在安全标头中的顺序,我们无法使WSE 3.0方法正常工作。当TimeStamp元素出现在Signature元素之前时,IRS端的XSD验证显示错误。当我们使用策略断言手动生成签名和时间戳元素顺序正确的安全标头时,IRSWeb服务显示“无效的WS-security标头”错误 如果有人有同样的问题,请告诉我们可能的解决方法。使用WCF 4.5而不是WSE 3.0是解决方案,您能否提供一个工作示例,使用WCF
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:oas1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:us:gov:treasury:irs:msg:irstransmitterstatusrequest" xmlns:urn1="urn:us:gov:treasury:irs:ext:aca:air:7.0" xmlns:urn2="urn:us:gov:treasury:irs:common" xmlns:urn3="urn:us:gov:treasury:irs:msg:acasecurityheader">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-E68EBBF1696C5DD4AA143353323390579" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#TS-82E7E6716E615C14D6144736030985954">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsse wsa oas1 soapenv urn urn1 urn2 urn3" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>[Digest_Value_Replaced]</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-82E7E6716E615C14D6144736030986559">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="oas1 soapenv urn1 urn2 urn3" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>[Digest_Value_Replaced]</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-82E7E6716E615C14D6144736030986558">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="wsa oas1 soapenv urn1 urn2 urn3" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>[Digest_Value_Replaced]</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>[Signature_Value_Replaced]</ds:SignatureValue>
<ds:KeyInfo Id="KI-82E7E6716E615C14D6144736030986456">
<wsse:SecurityTokenReference wsu:Id="STR-82E7E6716E615C14D6144736030986457" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">[Cert_Value_Replaced]</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-82E7E6716E615C14D6144736030985954">
<wsu:Created>2016-03-23T09:53:23:55Z</wsu:Created>
<wsu:Expires>2016-03-23T10:03:23:55Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<urn:ACABusinessHeader wsu:Id="id-82E7E6716E615C14D6144736030986558" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<urn1:UniqueTransmissionId>uuid:SYS12:tcc_cd::T</urn1:UniqueTransmissionId>
<urn2:Timestamp>2016-03-23T09:53:23:55Z</urn2:Timestamp>
</urn:ACABusinessHeader>
<urn3:ACASecurityHeader/>
<wsa:Action>RequestSubmissionStatusDetail</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<urn:ACABulkRequestTransmitterStatusDetailRequest version="1.0" wsu:Id="id-82E7E6716E615C14D6144736030986559" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<urn1:ACABulkReqTrnsmtStsReqGrpDtl>
<urn2:ReceiptId>[ReceiptId_Value_Replaced]</urn2:ReceiptId>
</urn1:ACABulkReqTrnsmtStsReqGrpDtl>
</urn:ACABulkRequestTransmitterStatusDetailRequest>
</soapenv:Body>
</soapenv:Envelope>
[摘要\u值\u替换]
[摘要\u值\u替换]
[摘要\u值\u替换]
[签名\u值\u替换]
[证书价值被替换]
2016-03-23T09:53:23:55Z
2016-03-23T10:03:23:55Z
uuid:SYS12:tcc_cd::T
2016-03-23T09:53:23:55Z
请求提交状态详细信息
[已替换接收ID\u值\u]
编辑2::以下是我用来对信封签名并创建签名元素的方法。仍在获取安全标头错误…:(
公共静态字符串getSignedXML(XmlDocument xmlDoc,rsacryptServiceProvider密钥,字符串signatureNamespacePrefix,
字符串sTimeStampId、字符串sManifestId、字符串sBusHeaderId)
{
xmlDoc.PreserveWhitespace=false;//忽略XML中的空白
SignedXml SignedXml=new CustomIdSignedXml(xmlDoc);//如果Id属性需要有前缀。根据最新的参考指南信息,这不是必需的。
//SignedXml SignedXml=新的SignedXml(xmlDoc);
//将密钥添加到SignedXml文档。
signedXml.SigningKey=key;
signedXml.SignedInfo.SignatureMethod=signedXml.XmlDsigRSASHA1Url;
signedXml.SignedInfo.CanonicalizationMethod=signedXml.XmlDsigExcC14NWithCommentsTransformUrl;
signedXml.SignedInfo.SignatureMethod=signedXml.XmlDsigRSASHA1Url;
signedXml.Signature.Id=“SIG-E68EBBF1696C5DD4AA14335323390579”;
//------------------------------------------------------------------------
//开始:添加清单、BusinessHeader和时间戳引用
//------------------------------------------------------------------------
//添加时间戳引用
XmlDsigExcC14NTransform timeStampTransform=新的XmlDsigExcC14NTransform();
timeStampTransform.InclusiveNamespacesPrefixList=“wsse wsa oas1 soapenv urn1 urn2 urn3”;
参考参考=新参考(“#”+sTimeStampId);
AddTransform(timeStampTransform);
//添加对SignedXml对象的引用。
signedXml.AddReference(参考);
//添加业务标题引用
XmlDsigExcC14NTransform busHeaderTransform=新的XmlDsigExcC14NTransform();
BushHeaderTransform.InclusiveNamespacesPrefixList=“wsa oas1 soapenv urn1 urn2 urn3”;
reference=新引用(“#”+sBusHeaderId);
reference.AddTransform(busHeaderTransform);
//添加对SignedXml对象的引用。
signedXml.AddReference(参考);
//添加清单请求Dtl引用
XmlDsigExcC14NTransform manifestTransform=新的XmlDsigExcC14NTransform();
manifestTransform.InclusiveNamespacesPrefixList=“oas1 soapenv urn1 urn2 urn3”;
引用=新引用(“#”+sManifestId);
AddTransform(manifestTransform);
//添加对SignedXml对象的引用。
signedXml.AddReference(参考);
//------------------------------------------------------------------------
//结束:添加清单、BusinessHeader和时间戳引用
//------------------------------------------------------------------------
signedXml.ComputeSignature();
xmlement xmlSignature=signedXml.GetXml();//获取签名的XML块
如果(!string.IsNullOrEmpty(signatureNamespacePrefix))
{
//在这里,我们将签名元素和所有子元素的名称空间前缀设置为“ds”,从而使签名无效。
AssignNameSpacePrefixToElementTree(xm
public static string getSignedXML(XmlDocument xmlDoc, RSACryptoServiceProvider key, string signatureNamespacePrefix,
string sTimeStampId, string sManifestId, string sBusHeaderId)
{
xmlDoc.PreserveWhitespace = false; //Ignore the whitespace in XML
SignedXml signedXml = new CustomIdSignedXml(xmlDoc); //If Id attribute needs to have a prefix. This is not needed as per latest Reference Guide Info.
//SignedXml signedXml = new SignedXml(xmlDoc);
// Add the key to the SignedXml document.
signedXml.SigningKey = key;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl;
signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
signedXml.Signature.Id = "SIG-E68EBBF1696C5DD4AA143353323390579";
//------------------------------------------------------------------------
//START OF: Adding Manifest, BusinessHeader and TimeStamp References
//------------------------------------------------------------------------
//Adding Timestamp Reference
XmlDsigExcC14NTransform timeStampTransform = new XmlDsigExcC14NTransform();
timeStampTransform.InclusiveNamespacesPrefixList = "wsse wsa oas1 soapenv urn urn1 urn2 urn3";
Reference reference = new Reference("#" + sTimeStampId);
reference.AddTransform(timeStampTransform);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
//Adding Business Header Reference
XmlDsigExcC14NTransform busHeaderTransform = new XmlDsigExcC14NTransform();
busHeaderTransform.InclusiveNamespacesPrefixList = "wsa oas1 soapenv urn1 urn2 urn3";
reference = new Reference("#" + sBusHeaderId);
reference.AddTransform(busHeaderTransform);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
//Adding Manifest Request Dtl Reference
XmlDsigExcC14NTransform manifestTransform = new XmlDsigExcC14NTransform();
manifestTransform.InclusiveNamespacesPrefixList = "oas1 soapenv urn1 urn2 urn3";
reference = new Reference("#" + sManifestId);
reference.AddTransform(manifestTransform);
// Add the reference to the SignedXml object.
signedXml.AddReference(reference);
//------------------------------------------------------------------------
//END OF: Adding Manifest, BusinessHeader and TimeStamp References
//------------------------------------------------------------------------
signedXml.ComputeSignature();
XmlElement xmlSignature = signedXml.GetXml(); //Get the singed XML block
if (!string.IsNullOrEmpty(signatureNamespacePrefix))
{
//Here we set the namespace prefix on the signature element and all child elements to "ds", invalidating the signature.
AssignNameSpacePrefixToElementTree(xmlSignature, "ds");
//So let's recompute the SignatureValue based on our new SignatureInfo...
//For XPath
XmlNamespaceManager namespaceManager = new XmlNamespaceManager(xmlDoc.NameTable);
namespaceManager.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#"); //this prefix is arbitrary and used only for XPath
XmlElement xmlSignedInfo = xmlSignature.SelectSingleNode("ds:SignedInfo", namespaceManager) as XmlElement;
//Canonicalize the SignedInfo element
XmlDsigC14NTransform transform = new XmlDsigC14NTransform();
XmlDocument signedInfoDoc = new XmlDocument();
signedInfoDoc.LoadXml(xmlSignedInfo.OuterXml);
transform.LoadInput(signedInfoDoc);
//Compute the new SignatureValue
string signatureValue = Convert.ToBase64String(key.SignData(transform.GetOutput() as MemoryStream, new SHA1CryptoServiceProvider()));
//Set it in the xml
XmlElement xmlSignatureValue = xmlSignature.SelectSingleNode("ds:SignatureValue", namespaceManager) as XmlElement;
xmlSignatureValue.InnerText = signatureValue;
}
//xmlDoc.DocumentElement.AppendChild(xmlDoc.ImportNode(xmlSignature, true));
//----------------------------------------------------------------------------------
//START OF: Add Key Info Element also to the XML after SignatureValue Node.
//----------------------------------------------------------------------------------
X509Certificate2 mycert = new X509Certificate2(<Cert_Path>, <Cert_Password>);
//bulkReqTransmitService.ClientCertificates.Add(mycert);
var exported = mycert.Export(X509ContentType.Cert, <Cert_Password>);
var base64 = Convert.ToBase64String(exported);
StringBuilder sbKeyInfo = new StringBuilder();
string dsStartTagPrefix = "";
string dsEndTagPrefix = "/";
if (!string.IsNullOrEmpty(signatureNamespacePrefix))
{
dsStartTagPrefix = "ds:";
dsEndTagPrefix = "/ds:";
}
sbKeyInfo.Append("<root xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
sbKeyInfo.Append("<" + dsStartTagPrefix + "KeyInfo Id=\"KI-82E7E6716E615C14D6144736030986456\">");
sbKeyInfo.Append("<wsse:SecurityTokenReference wsu:Id=\"STR-82E7E6716E615C14D6144736030986457\">");
sbKeyInfo.Append("<wsse:KeyIdentifier EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\" ValueType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3\">" + base64.ToString());
sbKeyInfo.Append("</wsse:KeyIdentifier>");
sbKeyInfo.Append("</wsse:SecurityTokenReference>");
sbKeyInfo.Append("<" + dsEndTagPrefix + "KeyInfo>");
sbKeyInfo.Append("</root>");
XmlDocument tempDoc = new XmlDocument();
tempDoc.LoadXml(sbKeyInfo.ToString());
XmlNode oNode = tempDoc.DocumentElement;
//necessary for crossing XmlDocument contexts
XmlNode importNode = xmlSignature.OwnerDocument.ImportNode(oNode.FirstChild, true);
xmlSignature.AppendChild(importNode);
//----------------------------------------------------------------------------------
//END OF: Add Key Info Element also to the XML after SignatureValue Node.
//----------------------------------------------------------------------------------
return xmlSignature.OuterXml;
}
public class CustomIdSignedXml : SignedXml
{
public CustomIdSignedXml(XmlDocument xml) : base(xml)
{
}
public CustomIdSignedXml(XmlElement xmlElement)
: base(xmlElement)
{
}
public override XmlElement GetIdElement(XmlDocument doc, string id)
{
// check to see if it's a standard ID reference
XmlElement idElem = base.GetIdElement(doc, id);
if (idElem == null)
{
XmlNamespaceManager nsManager = new XmlNamespaceManager(doc.NameTable);
nsManager.AddNamespace("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
//idElem = doc.SelectSingleNode("//*[@p5:Id=\"" + id + "\"]", nsManager) as XmlElement;
string xml = doc.SelectSingleNode("//*[@wsu:Id=\"" + id + "\"]", nsManager).OuterXml;
XmlDocument tempDoc = new XmlDocument();
tempDoc.LoadXml(xml);
XmlElement xEle = tempDoc.DocumentElement;
idElem = xEle;
}
return idElem;
}
}
<bindings>
<customBinding>
<binding name="BulkRequestTransmitterBinding">
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding" />
<security enableUnsecuredResponse="true" authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"/>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<system.serviceModel>
<extensions>
<bindingElementExtensions>
<add name="gzipMessageEncoding" type="[ProjectName].GZipEncoder.GzipMessageEncodingElement, GZipEncoder, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</bindingElementExtensions>
</extensions>
<client>
<endpoint />
<metadata>
<policyImporters>
<extension type="[ProjectName].GZipEncoder.GZipMessageEncodingBindingElementImporter, GZipEncoder, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</policyImporters>
</metadata>
</client>
<bindings>
<customBinding>
<binding name="BulkRequestTransmitterBinding">
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>