Wcf wsse对抗wss4j,另一种soap签名
我应该创建一个与wss4j服务对话的soap客户端 预期的soap消息如下所示:Wcf wsse对抗wss4j,另一种soap签名,wcf,security,soap,wss4j,wsse,Wcf,Security,Soap,Wss4j,Wsse,我应该创建一个与wss4j服务对话的soap客户端 预期的soap消息如下所示: <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope"> <wsse:Security xmlns:wsse="http://do
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<env:Header xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soap:mustUnderstand="true">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-2BF68C14B752C6AF9D13976577086141">R9lpib3+Lv9g0Gorz/5XQ==
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-3">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="soap" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ZKmbm/i1rJBrORIQCA5eIu9mNAk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RkeIc2YhRTxMQ/Wwm4gNHypLx24=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>O6ume5TiYL1t1KZrv6I7rpSCcF82yAu4FzkvcqYvQ2X1qxy/A==
</ds:SignatureValue>
<ds:KeyInfo Id="KI-2BF68C14B752C6AF9D13976577086302">
<wsse:SecurityTokenReference wsu:Id="STR-2BF68C14B752C6AF9D13976577086303">
<wsse:Reference URI="#X509-2BF68C14B752C6AF9D13976577086141"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2014-04-16T14:15:08.599Z</wsu:Created>
<wsu:Expires>2014-04-16T14:20:08.599Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</env:Header>
<soap:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-2">
<ns2:getBatchStatus xmlns:ns2="http://earsiv.vedop3.ggm.gov.org/">
<paketId>1</paketId>
</ns2:getBatchStatus>
</soap:Body>
</soap:Envelope>
但由此产生的soap是:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">..blah blah base64 content..</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Ng/QkiXSRDBasCcQjf35pp51ufw=</DigestValue>
</Reference>
<Reference URI="#uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>UdHyzU42q875NM1/W8pOW1QB+Pc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>.. blah blah a long base64 content..</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
<u:Created>2015-09-15T22:17:11.416Z</u:Created>
<u:Expires>2015-09-15T22:22:11.416Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<getBatchStatus>
<paketId xmlns="">1</paketId>
</getBatchStatus>
</s:Body>
</s:Envelope>
…诸如此类的base64内容。。
Ng/QKIXSRDBASCCQJF35PP51FW=
UdHyzU42q875NM1/W8pOW1QB+Pc=
.. 胡说八道一个冗长的base64内容。。
2015-09-15T22:17:11.416Z
2015-09-15T22:22:11.416Z
1.
它还提供
InvalidSecurity处理时发现错误
标题
所以,区别是,
- mustUnderstand=“1”,与mustUnderstand=“true”相反
- SignatureMethod算法是“”对“”
- 缺少InclusiveNamespaces标记
- 使用.config,如何准确地获取目标soap
- 错误是否由这些差异引起
- 你能解释一下错误的原因吗
- 并消除错误
感谢您的帮助。使用defaultAlgorithmSuite=“Basic256Sha256”获取“w3.org/2001/04/xmldsig more#rsa-sha256”所实现的解决方案;在目标SOAP。。感谢缺少一件事:客户端基于C#&WCF第一件事是启用日志记录并准确找出服务器端的问题所在。解决方案是使用defaultAlgorithmSuite=“Basic256Sha256”在目标SOAP上获取“”。。谢谢
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My" findValue="ddb10d5ef9ed14dada536ee144bd047ce42a1af8" x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(ProtectionLevel = ProtectionLevel.Sign)]
public interface SampleWs
{
...
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">..blah blah base64 content..</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Ng/QkiXSRDBasCcQjf35pp51ufw=</DigestValue>
</Reference>
<Reference URI="#uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>UdHyzU42q875NM1/W8pOW1QB+Pc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>.. blah blah a long base64 content..</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-8bb4deea-8fd2-42ff-af9a-5f97fa33e6f0-2"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="uuid-6ba044ea-3722-4eba-aabe-2f7afd012845-1">
<u:Created>2015-09-15T22:17:11.416Z</u:Created>
<u:Expires>2015-09-15T22:22:11.416Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<getBatchStatus>
<paketId xmlns="">1</paketId>
</getBatchStatus>
</s:Body>
</s:Envelope>