4
我試圖將此轉換WSE3.0代碼WCF:當使用UserNameOverTransport綁定時,如何讓WCF以摘要模式發送密碼? (轉換WSE3.0代碼WCF)
// we use Microsoft WSE 3.0 to insert the username token in the soap header.
// This strategy takes care of creating and inserting the Nonce and Created elements
// for us, as well as creating a password digest based on Nonce, Created, and
// the password itself. Refer to the WS-Secutiry UsernameToken Profile 1.1
// specification at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
Microsoft.Web.Services3.Security.Tokens.UsernameToken nametoken;
nametoken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(username, password, Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
Microsoft.Web.Services3.Design.Policy ClientPolicy = new Microsoft.Web.Services3.Design.Policy();
ClientPolicy.Assertions.Add(new UsernameOverTransportAssertion());
this._proxy.SetPolicy(ClientPolicy);
this._proxy.SetClientCredential<UsernameToken>(nametoken);
我已經得到了,除了在上面摘要模式發送密碼(Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed八九不離十代碼'):
TransportSecurityBindingElement transportBindingElement =
SecurityBindingElement.CreateUserNameOverTransportBindingElement();
transportBindingElement.AllowInsecureTransport = true;
transportBindingElement.EnableUnsecuredResponse = true;
transportBindingElement.IncludeTimestamp = true;
var binding = new CustomBinding(new BindingElement[] { //
transportBindingElement, //
new TextMessageEncodingBindingElement() {
MessageVersion = MessageVersion.Soap11
}, //
new HttpTransportBindingElement() {
AuthenticationScheme = AuthenticationSchemes.Digest,
}, //
});
上面還是以純文本形式發送密碼(unhashhed)。我發現這個link有人試圖將類似的代碼轉換爲某人,指出無需設置WCF就可以在不編寫自定義令牌串行器的情況下執行此操作。
這句話是否準確?
如果是這樣,我需要做什麼來創建和使用此自定義序列化程序?
它看起來像這樣link時從網站linked中,讓下面的公式Password_Digest = Base64 (SHA-1 (nonce + created + password))註釋的PDF合併,但可能是一個很好的起點,如果有人有什麼我需要以及如何得到更好的解釋讓WCF使用我的新序列化程序,我很樂意聽到它。
在[Codeproject](http://www.codeproject.com/KB/WCF/DigestAuthWCFRest.aspx)上有一篇很好的文章 –
看起來像一篇有用的文章,謝謝。到目前爲止,我只是剔除它,但肯定會用它作爲工作中的參考。 –