2012-08-07 56 views
5

我有一個我想連接到的SOAP服務。它需要通過https訪問,並且需要通過證書對其進行身份驗證。通過HTTPS的WCF和簽署正文

我試過下面的代碼:

<basicHttpBinding> 
    <binding name="P4Binding" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" 
     bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
     maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
     messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" 
     useDefaultWebProxy="true"> 
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
      maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
     <security mode="TransportWithMessageCredential"> 
     <transport clientCredentialType="None" proxyCredentialType="None" 
      realm="" /> 
     <message clientCredentialType="Certificate" algorithmSuite="Default" /> 
     </security> 
    </binding> 
</basicHttpBinding> 

設置了我的客戶如下:

P4_ServiceReference.P4PortTypeClient client = new P4_ServiceReference.P4PortTypeClient(); 

client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; 
client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(@"[..].cer"); 
client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"[..]", "somepass"); 

即使改變了我的Reference.cs以包括ServiceContractAttribute的和OperationContractAttribute的ProtectionLevel=ProtectionLevel.Sign

發生了什麼是wse:security頭被創建,但身體沒有被簽名。該服務返回Element http://schemas.xmlsoap.org/soap/envelope/Body must be signed

我錯過了什麼讓身體正確簽名?

回答

8

使用此customBinding而不是basicHttpBinding修復了此問題。

 //Setup custom binding with HTTPS + Body Signing + Soap1.1 
     CustomBinding binding = new CustomBinding(); 

     //HTTPS Transport 
     HttpsTransportBindingElement transport = new HttpsTransportBindingElement(); 

     //Body signing 
     AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); 
     asec.SetKeyDerivation(false); 
     asec.AllowInsecureTransport = true; 
     asec.IncludeTimestamp = true; 

     //Setup for SOAP 11 and UTF8 Encoding 
     TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); 

     //Bind in order (Security layer, message layer, transport layer) 
     binding.Elements.Add(asec); 
     binding.Elements.Add(textMessageEncoding); 
     binding.Elements.Add(transport); 

看起來TransportWithMessageCredential只使用Transport來保證安全性並忽略其他所有內容。

+1

我只嘗試簽署正文,但使用AsymmetricSecurityBindingElement仍然對其進行加密(服務不使用https)。我在這裏有一個問題:http://stackoverflow.com/questions/20349062/wcf-client-binding-to-sign-the-body-of-a-request-to-a-java-web-service – 2013-12-03 12:37:06

+0

@MSShoubs將以下屬性應用於您的服務接口,並且不會再發生加密:'[ServiceContractAttribute(ProtectionLevel = ProtectionLevel.Sign,...)] public interface MyService {...}'。請注意,這可以通過類似'myService.Endpoint.Contract.ProtectionLevel = ProtectionLevel.Sign'的代碼來執行。 – 2017-11-19 18:32:41