WCF客户端的WSSecurity IBM DataPower问题
我试图在WCF中使用IBM DataPower web服务,并收到以下错误消息: 找不到“System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。根据当前安全设置,无法接受该类型的令牌。 HTTP响应返回为200,在Fiddler中调试时,我可以看到正确的SOAP响应 但是,WCF客户端似乎不知道如何处理SOAP响应中的BinarySecurityToken元素 这是我的WCF配置:WCF客户端的WSSecurity IBM DataPower问题,wcf,web-services,interop,x509certificate,ibm-datapower,Wcf,Web Services,Interop,X509certificate,Ibm Datapower,我试图在WCF中使用IBM DataPower web服务,并收到以下错误消息: 找不到“System.IdentityModel.Tokens.X509SecurityToken”令牌类型的令牌身份验证器。根据当前安全设置,无法接受该类型的令牌。 HTTP响应返回为200,在Fiddler中调试时,我可以看到正确的SOAP响应 但是,WCF客户端似乎不知道如何处理SOAP响应中的BinarySecurityToken元素 这是我的WCF配置: <client> <
<client>
<endpoint address="https://xxxx:6443/xxxx/xxxxx"
binding="customBinding" bindingConfiguration="NewBinding0"
contract="SoapPort" name="XXSoapPort" behaviorConfiguration="ServiceBehavior">
</endpoint>
</client>
<customBinding>
<binding name="NewBinding0">
<security allowSerializedSigningTokenOnReply="true" authenticationMode="CertificateOverTransport" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireDerivedKeys="false" securityHeaderLayout="Lax" />
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
</customBinding>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceBehavior">
<clientCredentials>
<clientCertificate findValue="xxxxxx" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<soapenv:Envelope xmlns:dgi="http://dgi.gub.uy" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-
1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-45851B081998E431E8132880700036719"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd">binarysecuritytoken base64...</wsse:BinarySecurityToken><ds:Signature Id="Signature-13"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-14">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>62KaCXQkeXTGyGd+aoX46cGAl9M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
YdwY0hmkHE8tnQmGQBdfA5fjVyoHWMiQhKanI1SEaii295hakwMbf5KsP3YMMhzl4HEHs6nqhZpq
lyL1OBcbJPJQN34uhOtucnzgObUYHckkJqfAN/sYmfNMSFGDvyZCFQSiJwh8dkvKxmxzdUwv3wza
M+i0nzLAh9viQZYS8N8=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-45851B081998E431E8132880700036720">
<wsse:SecurityTokenReference wsu:Id="STRId-45851B081998E431E8132880700036821" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#CertId-45851B081998E431E8132880700036719" ValueType="http://docs.oasisopen.
org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-14" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<method>
data...
</method>
..
BinarySecurityTokenBase64。。。
62KaCXQkeXTGyGd+aoX46cGAl9M=
YdwY0hmkHE8tnQmGQBdfA5fjVyoHWMiQhKanI1SEaii295hakwMbf5KsP3YMMhzl4HEHs6nqhZpq
lyL1OBcbJPJQN34uhOtucnzgObUYHckkJqfAN/SYMFNMSFGDYZCFQSIJWH8DKVKXMXZDUWV3WZA
M+i0nzLAh9viQZYS8N8=
数据。。。
..
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAPENC="
http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken wsu:Id="SecurityToken-c0477b7a-df1a-4883-9ae1-59a518913f96" EncodingType="http://docs.oasisopen.
org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wssx509-
token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd">MIIFrDCCA5SgAwIBAgIQas+Rf7PxwFxNudVRjoOzEjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJVWTErMCkGA1UECgwiQURNSU5JU1RSQ
UNJT04gTkFDSU9OQUwgREUgQ09SUkVPUzEfMB0GA1UECwwWU0VSVklDSU9TIEVMRUNUUk9OSUNPUzEdMBsGA1UEAwwUQ29ycmVvIFVydWd1YXlvIC
0gQ0EwHhcNMTEwNDI4MjEwMDAxWhcNMTIwNDI4MjEwMDAxWjCBxzEiMCAGCSqGSIb3DQEJARYTam1vbnRhbmVAZGdpLmd1Yi51eTEfMB0GA1UECwwW
QU5BTElTSVMgREUgUFJPRFVDQ0lPTjEhMB8GA1UECgwYREdJLVBSVUVCQSBTRVJWSUNJT1MgV0VCMRMwEQYDVQQIDApNb250ZXZpZGVvMQswCQ
YDVQQGEwJVWTEYMBYGA1UEBRMPUlVDMjE5OTk5ODIwMDEzMSEwHwYDVQQDDBhER0ktUFJVRUJBIFNFUlZJQ0lPUyBXRUIwgZ8wDQYJKoZIhvcNAQE
BBQADgY0AMIGJAoGBAMcMcu70s0RQkD6ifYBGXwATovTxxA/Hjc8WKM16yJkz63d0eSTjjREYmM87g6NRacADy9LZRyENiRPjsBI+Tw9PHR/7g+frTIS+vIQZ0+f
9Rq1q2uxvw8TKoO9FvcrBabdl9dUBIrJEPa20wj6U+dupTZ66bD5uFXBUsKo2sZujAgMBAAGjggFiMIIBXjAeBgNVHREEFzAVgRNqbW9udGFuZUBkZ2kuZ3ViLnV
5MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgP4MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBglghkgBhvhCAQEEBAMCBaAw
HQYDVR0OBBYEFP0YQfFQvej6szyGhKlpNI0tESi5MB8GA1UdIwQYMBaAFCWP30Mvjmq6C75GXFdQk7dRvvzZMFQGA1UdIARNMEswSQYMKwYBBAGB9U8
BAQEEMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly93d3cuY29ycmVvLmNvbS51eS9jb3JyZW9jZXJ0L2Nwcy5wZGYwGAYNKwYBBAGB9U8BAQEEAQQHDAVE
aXNjbzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmNvcnJlby5jb20udXkvQ29ycmVvQ2VydC9hbmMuY3JsMA0GCSqGSIb3DQEBBQUAA4ICAQA01MEJ
sZ8VXJIybZQ0NlBJPXz7n8GbTf41Aq4lWxLI5rBWJD1uyWUdz2jUD0DuqflTAGknphzxn49QACCTA1Pv0aZ6hnK04uI9j7UJe4LiVx3aWbpLRBCnYrIs+QU2pyClEM
4bNPt0BU2DG+Q9k9SeCDQ8VD7hiD2W/aK8HLo6EVLAEwrl3pTums2dwxtO1KKPw6OBbYYitCjR5j6Hy5q1+fMTFXmx0vo+ZYFOl8DVoSp6OQJd2mcaL0CNVWI
9sOYRkJKEoELIJDSnIMKkUqgN2ilg05Dqcl/TDj2I5VfPLXZpnpuQbb6ADjEOtMzlkfe2EFemn0s/+2Hn97h5rtJMcjTuUhh937JZPWnD1XQTxICjS3ql1nSwbnJz9bk8P
N/j8cK4Kw+xipGo7pRxITFKUHmOIXsj05tH3kFWf8htdU/4rIyrvzJ3xUhita78SHaJMALQa4AGxmSxIEvej0+qyrxx4geMkzb/n5t3JAAluxW2ja3f/FrXMuwT7iKebreMS4
4FO0maMpP29SW94G8yClumghtU/6LI67oHxhpUNkCQ3UV4JaI6wEZcgV5KLXm9rr1i/hMKV5FspQcYg36qdeRz/N4DwuorVwZuTsXCIMwcKQCkzu1oUSkvO3PE
5cCRnu9cyJ3GzPfUO0T8mrCmI2XwISAvkuLs3kd6FeRBAw==</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Body-75c3e1d7-a956-4387-827e-58e7bf7f9672">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>O+QjV1cBEXJlS3Z15FBQZImx/Gs=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>lCEfQOGBeSvfvHPLUYtT5PUlwe8Gdbv6b2yto4WzSsoEpYz+6d4YFlyt+Vzq1DSK8Jcmz1ELuJkzPwZCt2aAkSxpToI51vjziELJJqiZfGR5gLJRCZ
CK/zhk3pJUBzaiLLSwfN1iX9t4X8IGqisc6yqrS9kabkhUvvsiYrdRIr4=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-c0477b7a-df1a-4883-9ae1-59a518913f96" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Body-75c3e1d7-a956-4387-827e-58e7bf7f9672" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurityutility-
1.0.xsd">
...data...
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
MIIFrDCCA5SgAwIBAgIQas+RF7PXWFxNudvrJoozejanbgkqhkig9w0Baqufadb6mqswcqydvqgewjvwtermckga1ecgwiqurnsu5ju1rsq
UNJT04GTKFDSU9OQUWGREUGQ09SUKVPUZEFMB0GA1ECWWWU0VSVKLDSU9TIEVMRUNUK9OSUNPUZEDBSGA1EAWWUQ29YCMVvYDWD1YXLVIC
0GQ0EWHCNMTEWNDI4MJEWMDAXWHCNMTIWNDI4MJEWMDAXWJCBXZEIMCAGCQGSIB3DQEJARYTAM1VBNRHBMVAZGDPLMD1YI51ETEFMB0GA1ECWWW
QU5TELTSVMGREUGUFJPRFVDQ0LPTJEHMB8GA1UECGWvCqSBTRVJWWsUnjT1MGV0VCMRMweqydVQQQQQIDAPNB250ZXZPZGVVMQSWCQ
YDVQGEWJVWTEYMBYGA1EBRMPULVDMJ5OTK5ODIWMDEZMSWHWYDVQDBHER0KTUFJVRUJBIFNFULZJQ0LPUYBXRUIWGZ8WDQYJKOZHIHVCNAQE
BBQADGY0AMIGJAOGBAMCU70S0RQKD6IFIbgxWatovtXXA/HJC8WKM16YJKZ63D0ESTJJREYMM87G6NRACADY9LZRYENIPJSBI+Tw9PHR/7g+frTIS+vIQZ0+f
9Rq1q2uxvw8TKoO9FvcrBabdl9dUBIrJEPa20wj6U+DUPTZ66BD5UFXBUSKO2SZUJAGMBAAGGGFIMIIBXJAEBGNVHREEFZAVGRNQBW9UDGFUZ2KUZ3VILNV
5 AWGA1UDEWB/wQCMAAwDgYDVR0PAQH/BAQDAGP4MB0GA1DJQWMBQGCCSGAQUFBWMCBGGRBGEFBQCDBDARBGGHKGBHVHCAQEEBAMCBAAW
HQYDVR0OBBYP0YQFFQVEJ6SZYGHKLPNI0TESI5MB8GA1DIWQYMBAAFCWP30MVJMQ6C75GXFDQK7DRVVZZMFQGA1DIARNMESWSQYMBABGB9U8
Baqeemdkwnwyikwybqhagewk2H0Dha6ly93D3Cuy29YCMVllMnVbs51ES9JB3JYZW9JZXJ0L2NWCY5WZGYWGYKWybagb9U8Baqeeaqhdave
AXNJBZA8BGNVHR8ENTAZMDGGL6ATHITODHRWOI8VD3D3LMNVCNJLBY5JB20UDXKVQ29YCMVQ2VYDC9HBMMUY3JSMA0GCSQGSIB3DQEBQUA4ICAQA01MEJ
SZ8VXJIYBZQ0NLBJPXZ7N8GBTF41AQ4LWXLI5RBWJD1UYWZ2Z2N49QACTA1PV0AZ6HNK04UI9J7UJE4LIVX3AWBPLRBCNYRIS+QU2CYCLEM
4bNPt0BU2DG+Q9k9SeCDQ8VD7hiD2W/AK8LO6EVLAEWRL3PTUMS2DWXTO1KpW6OBBYITCJR5J6HY5Q1+fMTFXmx0vo+ZYFOL8DVOSP6OQJD2MAL0CvWI
9SOYRKJKEOELIJDSNIMKUQGN2ILG05DQCL/TDj2I5VfPLXZpnpuQbb6ADjEOtMzlkfe2EFemn0s/+2HN97H5RTJMCJTUUHH937JZPWND1XQTXICJS3QL1NSWBNJ9BK8P
N/j8cK4Kw+XIPGO7PRXITFKHUMOIXJ05TH3KFWF8HTDU/4RIYRVZJ3XUHITA78SHAJMALQA4 AGXMSXIEVEJ0+qyrxx4geMkzb/N5T3JALUXW2JA3F/FrXMuwT7iKebreMS4
4FO0MAMPP29SW94G8CYCLUMGHTU/6LI67oHxhpUNkCQ3UV4JaI6wEZcgV5KLXm9rr1i/hMKV5FspQcYg36qdeRz/N4DWUORVWUZUTSCIMWCKQCKZU1USKVO3PE
5CrNu9CyJ3GzPfuO08mCrcMi2xWisavkuls3kD6Ferbaw==
O+QJV1CBEXJLS3Z15FBQZIX/Gs=
LCEFQOGBESVVHPLUYTT5PULWE8GDBV6B2YTO4WZSSOEPYZ+6d4YFlyt+VZQ1DSK8JCMZ1ELUJKZPWZCT2AAKSXPTOI51VJZIELJQIZFGR5GLJRCZ
CK/ZHK3Jubzaillswfn1ix9T4X8IGQIC6YQRS9Kabkhuvsiyrd4=
…数据。。。
如果失败,请将您的配置、您发送的soap请求以及服务器发送的响应发送给我。Yaron,我更改了我告诉我的内容。它一直在失败。查看日志,现在看来Soap主体是加密的,我不需要加密数据。SOAP请求和响应示例正在讨论这个问题。我真的需要从CertificateOverTransport更改为MutualCertificate吗?请在您的服务合同中添加此属性:ProtectionLevel=System.Net.ProtectionLevel.Sign不要通过传输还原为cert。