Java 添加soap头wsse:Security、wsse:BinarySecurityToken、ds:Signature、wsse:UsernameToken、wsu:Timestamp的C代码
我们可以通过添加密钥存储、传出WS-Security配置(时间戳、用户名和签名)以及usertoken、时间戳主体的名称空间,然后应用传出wss->apply“TimeStamp\u Signed”,从SOAP UI工具调用web服务 但是如何在c代码中完成这些事情(我们正在使用java web服务) Soap标头: 我们使用自定义绑定选项来创建这些soap头,但当我们在IClientMessageInspector->BeforeSendRequest头中检查时,并没有创建这些soap头 样本代码附在这里 公共静态布尔接受证书策略(对象发送方、X509证书证书、X509链、SslPolicyErrors SslPolicyErrors) { 返回true; }Java 添加soap头wsse:Security、wsse:BinarySecurityToken、ds:Signature、wsse:UsernameToken、wsu:Timestamp的C代码,java,c#,web-services,wcf,Java,C#,Web Services,Wcf,我们可以通过添加密钥存储、传出WS-Security配置(时间戳、用户名和签名)以及usertoken、时间戳主体的名称空间,然后应用传出wss->apply“TimeStamp\u Signed”,从SOAP UI工具调用web服务 但是如何在c代码中完成这些事情(我们正在使用java web服务) Soap标头: 我们使用自定义绑定选项来创建这些soap头,但当我们在IClientMessageInspector->BeforeSendRequest头中检查时,并没有创建这些soap头 样
private static Binding GetCustomBinding()
{
var asbe = new AsymmetricSecurityBindingElement
{
MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12,
InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never },
RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never },
MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt,
SecurityHeaderLayout = SecurityHeaderLayout.Strict,
EnableUnsecuredResponse = true,
IncludeTimestamp = true
};
asbe.SetKeyDerivation(false);
asbe.AllowSerializedSigningTokenOnReply = true;
asbe.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
asbe.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
asbe.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
var myBinding = new CustomBinding();
myBinding.Elements.Add(asbe);
myBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
var httpsBindingElement = new HttpsTransportBindingElement
{
RequireClientCertificate = true
};
myBinding.Elements.Add(httpsBindingElement);
return myBinding;
}
private static Client GetCredentialingClient()
{
var customBinding = GetCustomBinding();
var client = new Client
(customBinding,
new EndpointAddress(new Uri(_endpointAddress),
new DnsEndpointIdentity(_dnsEndpointIdentity),
new AddressHeaderCollection()));
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =
System.ServiceModel.Security.X509CertificateValidationMode.None;
client.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign;
client.Endpoint.Behaviors.Add(new InspectorBehavior());
SetClientCredentialsSecurity(client.ClientCredentials);
Binding binding = client.Endpoint.Binding;
BindingElementCollection elements = binding.CreateBindingElements();
SecurityBindingElement security = elements.Find<SecurityBindingElement>();
if (security != null)
{
X509SecurityTokenParameters tokenParameters = new X509SecurityTokenParameters();
tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
tokenParameters.RequireDerivedKeys = false;
security.EndpointSupportingTokenParameters.SignedEncrypted.Add(tokenParameters);
client.Endpoint.Binding = new CustomBinding(elements.ToArray());
}
return client;
}
private static void SetClientCredentialsSecurity(ClientCredentials clientCredentials)
{
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =
System.ServiceModel.Security.X509CertificateValidationMode.None;
clientCredentials.UserName.UserName = _userName;
clientCredentials.UserName.Password = _password;
clientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(_certificatePath, _certificatePassword);
clientCredentials.ClientCertificate.Certificate = new X509Certificate2(_certificatePath,_certificatePassword);
}
static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback = AcceptAllCertificatePolicy;
using (var client = GetCredentialingClient())
{
client.Open();
try
{
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Console.ReadLine();
}
私有静态绑定GetCustomBinding()
{
var asbe=新的AsymmetricSecurityBindingElement
{
MessageSecurityVersion=MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12,
InitiatorTokenParameters=new X509SecurityTokenParameters{InclusionMode=SecurityTokenInclusionMode.Never},
RecipientTokenParameters=new X509SecurityTokenParameters{InclusionMode=SecurityTokenInclusionMode.Never},
MessageProtectionOrder=System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt,
SecurityHeaderLayout=SecurityHeaderLayout.Strict,
EnableUnsecuredResponse=true,
IncludeTimestamp=true
};
asbe.setkeydrivation(false);
asbe.AllowSerializedSigningTokenOnReply=true;
asbe.DefaultAlgorithmSuite=System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Rsa15;
asbe.EndpointSupportingTokenParameters.Signed.Add(新用户名安全性TokenParameters());
asbe.EndpointSupportingTokenParameters.Signed.Add(新的X509SecurityTokenParameters());
var myBinding=new CustomBinding();
myBinding.Elements.Add(asbe);
添加(新的TextMessageEncodingBindingElement(MessageVersion.Soap11,Encoding.UTF8));
var httpsBindingElement=新的HttpsTransportBindingElement
{
RequireClientCertificate=true
};
myBinding.Elements.Add(httpsBindingElement);
返回myBinding;
}
私有静态客户端GetCredentialingClient()
{
var customBinding=GetCustomBinding();
var客户机=新客户机
(b)具有约束力,
新端点地址(新Uri(_EndpointAddress),
新的DnsEndpointIdentity(_DnsEndpointIdentity),
新地址HeaderCollection());
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode=
System.ServiceModel.Security.X509CertificateValidationMode.None;
client.Endpoint.Contract.ProtectionLevel=ProtectionLevel.Sign;
client.Endpoint.Behaviors.Add(新的InspectorBehavior());
SetClientCredentialsSecurity(client.ClientCredentials);
Binding Binding=client.Endpoint.Binding;
BindingElementCollection元素=binding.CreateBindingElements();
SecurityBindingElement security=elements.Find();
if(安全性!=null)
{
X509SecurityTokenParameters tokenParameters=新的X509SecurityTokenParameters();
tokenParameters.InclusionMode=SecurityTokenInclusionMode.AlwayStoreCiClient;
tokenParameters.RequiredDriveKeys=false;
EndpointSupportingTokenParameters.SignedEncrypted.Add(tokenParameters);
client.Endpoint.Binding=新的CustomBinding(elements.ToArray());
}
返回客户;
}
私有静态void SetClientCredentialsSecurity(ClientCredentials ClientCredentials)
{
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode=
System.ServiceModel.Security.X509CertificateValidationMode.None;
clientCredentials.UserName.UserName=\u UserName;
clientCredentials.UserName.Password=\u密码;
clientCredentials.ServiceCertificate.DefaultCertificate=新的X509Certificate2(\u certificatePath,\u certificatePassword);
clientCredentials.ClientCertificate.Certificate=新的X509Certificate2(\u certificatePath,\u certificatePassword);
}
静态void Main(字符串[]参数)
{
ServicePointManager.ServerCertificateValidationCallback=AcceptAllCertificatePolicy;
使用(var client=GetCredentialingClient())
{
client.Open();
尝试
{
}
捕获(例外情况除外)
{
控制台写入线(例如消息);
}
}
Console.ReadLine();
}
谢谢您可以尝试在“标题”节点下的xml中添加标题
<endpoint address="http://ws-wuxipc-5077:4000/calculator" binding="basicHttpBinding"
contract="ServiceInterface.ICalculatorService" name="cal">
<headers>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">monMonDePasse</wsse:Password>
<wsse:Nonce>sdsdsdlojhfdsdM5Nw==</wsse:Nonce>
<wsu:Created>2019-01-21T6:17:34Z</wsu:Created>
</wsse:UsernameToken>
</Security>
蒙德帕斯
SDLOJHFDM5NW==
2019-01-21T6:17:34Z
using (ChannelFactory<ICalculatorService> ChannelFactory = new ChannelFactory<ICalculatorService>("cal"))
{
ICalculatorService employeeService = ChannelFactory.CreateChannel();
using (OperationContextScope scope = new OperationContextScope((IContextChannel)employeeService))
{
System.Xml.XmlDocument document = new XmlDocument();
XmlElement element = document.CreateElement("wsse", "UsernameToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement newChild = null;
newChild = document.CreateElement("wsse", "Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
newChild.InnerText = "finance";
element.AppendChild(newChild);
newChild = document.CreateElement("wsse", "password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
newChild.SetAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
newChild.InnerText = "387";
element.AppendChild(newChild);
MessageHeader messageHeader = MessageHeader.CreateHeader("security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", element, false);
OperationContext.Current.OutgoingMessageHeaders.Add(messageHeader);
employeeService.Add(5, 6);
}
Console.Read();
}
使用(ChannelFactory ChannelFactory=新的ChannelFactory(“cal”))
{
ICalculatorService employeeService=ChannelFactory.CreateChannel();
使用(OperationContextScope范围=新的OperationContextScope((IContextChannel)employeeService))
{
System.Xml.XmlDocument document=新的XmlDocument();
XmlElement=document.CreateElement(“wsse”、“UsernameToken”、”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement newChild=null;
newChild=document.CreateElement(“wsse”、“用户名”、”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
newChild.InnerText=“金融”;
元素。AppendChild(newChild);