Wcf UserNameOverTransport未签名请求后的签名响应
我必须用UserNameOverTransport发送一个未签名的请求。此部件按要求工作 问题是签名的响应。未设置mustUnderstand属性。因此,不需要验证签名。但我得到的错误仍然是:Wcf UserNameOverTransport未签名请求后的签名响应,wcf,wcf-binding,ws-security,Wcf,Wcf Binding,Ws Security,我必须用UserNameOverTransport发送一个未签名的请求。此部件按要求工作 问题是签名的响应。未设置mustUnderstand属性。因此,不需要验证签名。但我得到的错误仍然是: Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.
我想验证签名或忽略它。也不例外
我的装订:
<binding name="MvpBinding">
<security includeTimestamp="false"
authenticationMode="UserNameOverTransport"
defaultAlgorithmSuite="Basic256"
requireDerivedKeys="false"
allowSerializedSigningTokenOnReply="true"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2000000000" />
</binding>
soap标头:
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:kd4="http://www.ibm.com/KD4Soap">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsu:Timestamp wsu:Id="Timestamp-f2d068c8-87de-4dd0-9a3a-f11ce53d444b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2014-09-05T08:47:50Z</wsu:Created>
<wsu:Expires>2014-09-05T08:52:50Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken wsu:Id="SecurityToken-4e7c6de0-007d-4afc-9e28-c68de09368a6" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIE6zCCA9OgAwIBAgISESHYLw+ktfA+n3/v0Gmcvus...kf2qLDNUcKvLpW6pu11nFInk4P6ITfpzFvbwYLzwdEXpTr+Tp6FZEwRlOkfZqvFwCu/McnMebVWwB4RD+YdxLpJQz9kxivvLaNtHUkObNmkrtcGlJiLLaxyWron56+hEVNFqumhqBMIOfUHYCMlKkW1lmvxheHWTTz8uCpBYCEQvs7B2zsyqw</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Timestamp-f2d068c8-87de-4dd0-9a3a-f11ce53d444b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>zhzUEkYsK3HdX+J8/0Bv+By1W/A=</DigestValue>
</Reference>
<Reference URI="#Body-493e1e76-a11f-4c9c-8ef9-7231ff86354d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>o0j1TY3Zd8mfs59Z4K2Vrlu9seQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...geofKdEYJH/TbpXjO8w==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference xmlns="">
<wsse:Reference URI="#SecurityToken-4e7c6de0-007d-4afc-9e28-c68de09368a6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
2014-09-05T08:47:50Z
2014-09-05T08:52:50Z
MIIE6zCCA9OgAwIBAgISESHYLw+ktfA+n3/V0GMCVU…KF2QLDNUCvLpW6PU11NFINK4P6ITFpZfVbWyLzWdExptr+TP6FZEWRLOKfZQvVfWwB4Rd+YDxlpJQZ9KXIVlanthukObnKvTcGljillaxyWr56+HevfqHyKwKwKw1LKwTz8UCPBYCEQV7B2YQW
zhzUEkYsK3HdX+J8/0Bv+By1W/A=
o0j1TY3Zd8mfs59Z4K2Vrlu9seQ=
…geofKdEYJH/TbpXjO8w==
您好,您找到解决方案了吗?我也有同样的问题:-/没有一个完全符合我问题的解决方案。非对称安全协议afaik不能与WCF一起配置我的解决方案是服务器接受签名请求。所以请求和响应都是经过签名的。