Web services 如何使我的WCF发送特定的WS-Security(Apache CXF 2.6)
我必须让我的WCF客户端使用web服务,并使用web服务Axis 1.4 a Apache CXF 2.6对请求进行签名/加密 到目前为止,我已经创建了一个自定义绑定,并且在我的合同中添加了Web services 如何使我的WCF发送特定的WS-Security(Apache CXF 2.6),web-services,wcf,soap,Web Services,Wcf,Soap,我必须让我的WCF客户端使用web服务,并使用web服务Axis 1.4 a Apache CXF 2.6对请求进行签名/加密 到目前为止,我已经创建了一个自定义绑定,并且在我的合同中添加了ProtectionLevel=Net.Security.ProtectionLevel.Sign,并“认为”我的工作是正确的 这是我的.config: <system.serviceModel> <behaviors> <endpointBehaviors&
ProtectionLevel=Net.Security.ProtectionLevel.Sign
,并“认为”我的工作是正确的
这是我的.config:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="ComportamientoCertificadosREA">
<clientCredentials>
<clientCertificate findValue="XXXXXXXX"
x509FindType="FindByThumbprint" />
<serviceCertificate>
<defaultCertificate findValue="XXXXXX"
storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
<authentication certificateValidationMode="ChainTrust" trustedStoreLocation="LocalMachine" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="reaCXFWSSoapBinding">
<security authenticationMode="MutualCertificate" requireDerivedKeys="false"
includeTimestamp="false" messageProtectionOrder="EncryptBeforeSign"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="false">
<secureConversationBootstrap authenticationMode="MutualCertificate"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://..."
behaviorConfiguration="ComportamientoCertificadosREA" binding="customBinding"
bindingConfiguration="reaCXFWSSoapBinding" contract="ServiceReference1.WSREACXFService"
name="REAEndpoint">
<identity>
<dns value="..." />
<certificateReference storeLocation="CurrentUser" findValue=""
isChainIncluded="false" />
</identity>
</endpoint>
</client>
</system.serviceModel>
生成以下请求(使用fiddler捕获和解密)
...
...
...
这是一个有效的服务示例:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-E554529BAA924FFE9C14373971009923"></wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-E554529BAA924FFE9C14373971009924">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-E554529BAA924FFE9C14373971009925">
<wsse:Reference URI="#CertId-E554529BAA924FFE9C14373971009923"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="E554529BAA924FFE9C14373971009141">...</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="EncKeyId-E554529BAA924FFE9C14373971009302">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#E554529BAA924FFE9C14373971009141"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-1" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3">
...
</soap:Body>
</soap:Envelope>
...
...
...
...
...
那么,如何设置我的.config(和我的代码)以生成一个像有效示例一样的请求呢?Awesome。那问题是什么?谢谢,我忘了问题。太棒了。那问题是什么?谢谢,我忘了问题。
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-E554529BAA924FFE9C14373971009923"></wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-E554529BAA924FFE9C14373971009924">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-E554529BAA924FFE9C14373971009925">
<wsse:Reference URI="#CertId-E554529BAA924FFE9C14373971009923"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="E554529BAA924FFE9C14373971009141">...</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="EncKeyId-E554529BAA924FFE9C14373971009302">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#E554529BAA924FFE9C14373971009141"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>...</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-1" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3">
...
</soap:Body>
</soap:Envelope>