1. 首頁
  2. 問答
  3. 如何讓我的WCF客戶端加密我的請求的SOAP Body?

如何讓我的WCF客戶端加密我的請求的SOAP Body?

2012-05-31 19 views
2

如何簽名和加密我的WCF客戶端服務調用(從規範:所有消息都應簽署並加密,對應於WS-Security X.509令牌配置文件,規範可見here)。如何讓我的WCF客戶端加密我的請求的SOAP Body?

我必須使用SOAP 1.1和WS-Security,服務由第三方提供,我非常肯定他們使用Java(IBM DataPower)(而不是WCf)來編寫它。

我已經嘗試了以下內容,但我認爲這是一個錯誤的問題,因爲我讀過的大部分內容都說客戶端不會決定什麼是加密的,並且這是由服務保護級別定義的(SignAndEncrypt)。我也看到了我應該用來加密的X509SecurityToken的引用,但是我認爲這是舊的.net。

反正這是我到目前爲止有:

' Create the binding. 
Dim myBinding As New BasicHttpBinding() ' FOR SOAP 1.1 
myBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential 
myBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate 
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate 

' Create the endpoint address. 
Dim ea As New EndpointAddress("https://removed") 

' Create the client. 
Dim starClientProxy As New wcfStarServiceProxy.starTransportPortTypesClient(myBinding, ea) 

' Specify a certificate to use for authenticating the client. 
starClientProxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "removed") 

'Cert used for encryption 
starClientProxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.AddressBook, X509FindType.FindBySubjectName, "removed")

所以現在它應該只是自動加密呢?我無法找到任何東西,我需要設置

'call the service  
Dim response As wcfStarServiceProxy.AcknowledgeRepairOrderPayload = starClientProxy.ProcessMessage(payload)

所以,我覺得我已經成功地對請求籤名,但是,身體不加密。我如何加密身體?

來源

2012-05-31 Mr Shoubs

回答

1

@Dejan導致我一個答案:

Private Function GetCustomBinding2() As Channels.Binding 

    Dim httpsBindingElement As New HttpsTransportBindingElement() 
    httpsBindingElement.AllowCookies = False 
    httpsBindingElement.BypassProxyOnLocal = False 
    httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard 
    httpsBindingElement.MaxBufferPoolSize = 524288 
    httpsBindingElement.MaxBufferSize = 65536 
    httpsBindingElement.MaxReceivedMessageSize = 65536 
    httpsBindingElement.RequireClientCertificate = True 
    httpsBindingElement.UseDefaultWebProxy = True 



    Dim asbe As New Channels.AsymmetricSecurityBindingElement 
    asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 
    asbe.InitiatorTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters 
    asbe.RecipientTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters 
    asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict 
    asbe.DefaultAlgorithmSuite = Security.SecurityAlgorithmSuite.Basic128Sha256 
    asbe.IncludeTimestamp = True 
    asbe.SetKeyDerivation(False) 
    'asbe.OnlySignEntireHeadersAndBody = True 

    'asbe.EndpointSupportingTokenParameters.SignedEncrypted.Add(New ServiceModel.Security.Tokens.X509SecurityTokenParameters) 
    'asbe.EndpointSupportingTokenParameters.SetKeyDerivation(False) 

    Dim myBinding As New CustomBinding 

    myBinding.Elements.Add(asbe) 

    myBinding.Elements.Add(New TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8)) 
    'myBinding3.Elements.Add(New HttpsTransportBindingElement()) 
    myBinding.Elements.Add(httpsBindingElement) 



    Return myBinding 
End Function

來源

2012-05-31 15:07:59

1

我創建了一個自定義綁定來實現2級安全 - 證書和用戶名 - 密碼。我做了這樣的(代碼摘錄):

 CustomBinding customBinding = new CustomBinding(); 
     // ... 
     HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement(); 
     httpsBindingElement.AllowCookies = false; 
     httpsBindingElement.BypassProxyOnLocal = false; 
     httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard; 
     httpsBindingElement.MaxBufferPoolSize = 20480000; 
     httpsBindingElement.MaxBufferSize = 20480000; 
     httpsBindingElement.MaxReceivedMessageSize = 20480000; 
     httpsBindingElement.RequireClientCertificate = true; 
     httpsBindingElement.UseDefaultWebProxy = true; 
     TransportSecurityBindingElement transportSecurityElement = new TransportSecurityBindingElement(); 
     transportSecurityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters()); 
     transportSecurityElement.EndpointSupportingTokenParameters.SetKeyDerivation(false); 
     // ... 
     customBinding.Elements.Add(transportSecurityElement); 
     customBinding.Elements.Add(httpsBindingElement);

這樣的郵件進行簽名,並使用用戶名和密碼的客戶端加密的,但是你可以修改這個例子中,完成你所需要的。

來源

2012-05-31 12:21:10

+0

這是有幫助的,謝謝。我需要使用X509SecurityTokenParameters,因爲我使用的是證書,而不是用戶名密碼。我使用了這個綁定,但是SOAP體仍然沒有加密。 –

+1

@MrShoubs而不是'TransportSecurityBindingElement'嘗試'AsymmetricSecurityBindingElement'併發回 –

+0

你知道有關這方面的好文章嗎?我不知道我在做什麼。現在我有一條消息:AsymmetricSecurityBindingElement無法構建通道或偵聽器工廠。 InitiatorTokenParameters屬性是必需的,但未設置。我不知道如何設置它。 –

相關問題

 相關問題