从.Net调用Java Web服务时出现安全策略错误
我正在尝试使用.Net通过Http而不是Https调用Java web服务。我从web服务团队得到的唯一提示是在SOAP消息或端点设置中传递凭据 我创建了一个简单的控制台应用程序,并向web服务添加了一个服务引用。以下是生成的绑定(我看到有关于未识别策略的警告,但无法理解它的含义或它是否相关): 或在Windows属性中提供凭据从.Net调用Java Web服务时出现安全策略错误,java,wcf,web-services,c#-4.0,Java,Wcf,Web Services,C# 4.0,我正在尝试使用.Net通过Http而不是Https调用Java web服务。我从web服务团队得到的唯一提示是在SOAP消息或端点设置中传递凭据 我创建了一个简单的控制台应用程序,并向web服务添加了一个服务引用。以下是生成的绑定(我看到有关于未识别策略的警告,但无法理解它的含义或它是否相关): 或在Windows属性中提供凭据 CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("crmuser", "welcome1");
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
或者在用户名属性中提供凭据
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
导致
System.ServiceModel.FaultException: Error on verifying message against security policy Error code:1000
小径#2:-----------
根据我看到的一条评论,我试图在绑定中添加以下标记,并通过在ClientCredentials的UserName属性中传递凭据来调用web服务
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>
小径#3:-----------
我尝试使用WSHttpBinding而不是VS生成的CustomBinding,如下所示:
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
EndpointAddress ea = new EndpointAddress("http://someurl/CurrencyInformationService.jws");
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient(binding, ea);
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
但结果是
System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.
System.ServiceModel.ProtocolException: Content Type application/soap+xml; charset=utf-8 was not supported by service http://someurl/CurrencyInformationService.jws. The client andservice bindings may be mismatched. ---> System.Net.WebException: The remote server returned an error: (415) Unsupported Media Type.
更新:-----------
我收到了供应商的工作请求,并在soapUI中进行了尝试,它给出了正确的响应
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="SecurityToken-35598fb7-5aa2-4623-b07b-3277c6578beb" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>someuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somepassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<getAllForeignCurrencies xmlns="http://www.openuri.org/">
</getAllForeignCurrencies>
</soap:Body>
</soap:Envelope>
某个用户
密码
有人能告诉我如何生成这样的SOAP请求吗?如果使用SSL,请使用以下命令:
<basicHttpBinding>
<binding name="NewBinding0">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
如果没有SSL,则使用。如果使用SSL,则使用以下选项:
<basicHttpBinding>
<binding name="NewBinding0">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
如果没有SSL,那么就使用。在使用.Net使用java web服务时,我也面临同样的问题,这个线程在一定程度上帮助了我使用web服务 但是,不知怎的,我偶然发现了这篇文章,它为我提供了一个最终的解决方案: 以下设置对我来说很好:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomSoapBinding">
<security includeTimestamp="false"
authenticationMode="UserNameOverTransport"
defaultAlgorithmSuite="Basic256"
requireDerivedKeys="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2000000000"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://notrealurl.com:443/services/RealTimeOnline"
binding="customBinding"
bindingConfiguration="CustomSoapBinding"
contract="RealTimeOnline.RealTimeOnline"
name="RealTimeOnline" />
</client>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0"
sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
在使用.Net使用java web服务时,我也面临着同样的问题,这个线程在一定程度上帮助我使用web服务 但是,不知怎的,我偶然发现了这篇文章,它为我提供了一个最终的解决方案: 以下设置对我来说很好:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomSoapBinding">
<security includeTimestamp="false"
authenticationMode="UserNameOverTransport"
defaultAlgorithmSuite="Basic256"
requireDerivedKeys="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2000000000"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://notrealurl.com:443/services/RealTimeOnline"
binding="customBinding"
bindingConfiguration="CustomSoapBinding"
contract="RealTimeOnline.RealTimeOnline"
name="RealTimeOnline" />
</client>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0"
sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
您需要向服务供应商询问一个有效的SOAP消息示例。然后您可以配置WCF以支持它。@YaronNaveh我添加了一个工作SOAP请求。您可以指导我配置应用程序以从.NET生成相同的请求吗?您需要向服务供应商询问一个工作SOAP消息示例。然后您可以配置WCF以支持它。@YaronNaveh我添加了一个工作SOAP请求。你能指导我配置应用程序来生成相同的请求吗?NetHi Yaron,我使用了CUB,我可以在fiddler中看到正确的请求和响应。我还使用了fiddler捕获的请求,并在soapUI中进行了尝试,得到了正确的响应。然而,在.Net应用程序中,我得到“安全处理器无法在消息中找到安全标头…”。有没有关于如何忽略这一点的想法。解决方案似乎是添加到客户端配置中,但我得到了异常“Unrecogned element'security.”有什么建议吗?它是否接受不带allowInsecureTransport的安全元素?使用.net 4.5与.net 4.5的问题相同。如果我在myClearUsernameBinding中添加或仅在myClearUsernameBinding中添加,我会得到相同的错误“Unrecognized element'security.”CUB不支持OOTB,但您可以在这里的代码中添加它,但必须在某个变量中创建SecurityBindingElement并在其上设置allowInsecureTransport。但是,我认为这个设置与您无关-似乎服务器返回了一些错误,所以这对您没有帮助。您需要打开WCF跟踪或检查您的内部异常Hi Yaron,我使用了CUB,我可以在fiddler中看到正确的请求和响应。我还使用了fiddler捕获的请求,并在soapUI中进行了尝试,得到了正确的响应。然而,在.Net应用程序中,我得到“安全处理器无法在消息中找到安全标头…”。有没有关于如何忽略这一点的想法。解决方案似乎是添加到客户端配置中,但我得到了异常“Unrecogned element'security.”有什么建议吗?它是否接受不带allowInsecureTransport的安全元素?使用.net 4.5与.net 4.5的问题相同。如果我在myClearUsernameBinding中添加或仅在myClearUsernameBinding中添加,我会得到相同的错误“Unrecognized element'security.”CUB不支持OOTB,但您可以在这里的代码中添加它,但必须在某个变量中创建SecurityBindingElement并在其上设置allowInsecureTransport。但是,我认为这个设置与您无关-似乎服务器返回了一些错误,所以这对您没有帮助。您需要打开WCF跟踪或检查内部异常