2
我試圖通過https與WCF客戶端啓用的WS-Security與外部Java Web服務連接。 服務使用UserNameToken認證。WCF錯誤調用WS-Security Web服務:找不到X509SecurityToken的令牌認證器
當客戶端調用服務,我得到這個異常:
無法找到的「System.IdentityModel.Tokens.X509SecurityToken」令牌類型的令牌認證。根據當前的安全設置,該類型的令牌不能被接受。
我使用自定義的具有這種構造的結合:
端點:
<endpoint address="https://des-afirma.redsara.es/afirmaws/services/ValidarFirma"
binding="customBinding" bindingConfiguration="ValidarFirmaBinding"
contract="AFirma.Firma" name="ValidarFirma" />
</endpoint>
的結合:
<binding name="ValidarFirmaBinding">
<textMessageEncoding messageVersion="Soap11" />
<security
allowSerializedSigningTokenOnReply="true"
authenticationMode="UserNameOverTransport">
<secureConversationBootstrap />
</security>
<httpsTransport>
<extendedProtectionPolicy policyEnforcement="Never" />
</httpsTransport>
</binding>
我閱讀這個鏈接http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html和我配置了allowSerializedSigningTokenOnReply值,但它失敗了。
這是WCF生成消息:
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action />
<wsa:MessageID>urn:uuid:5b36bb8b-4a59-4c5f-9c67-065543db51d5</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://des-afirma.redsara.es/afirmaws/services/ValidarFirma</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-cef53b94-4432-4ede-89ea-7a42b7a686d2">
<wsu:Created>2012-11-13T13:49:32Z</wsu:Created>
<wsu:Expires>2012-11-13T13:54:32Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="SecurityToken-40deaa3d-fe02-4462-963e-7705e4648b24">
<wsse:Username>UserName</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">[Password]</wsse:Password>
<wsse:Nonce>G5CU1R6lKSTpBQ0FAF01rA==</wsse:Nonce>
<wsu:Created>2012-11-13T13:49:32Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ValidarFirma xmlns="http://afirmaws/services/ValidarFirma">
<paramIn xmlns="">[Param value (XML String)]</paramIn>
</ValidarFirma>
</soap:Body>
</soap:Envelope>
這是響應:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" soapenv:mustUnderstand="0">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="binaryToken">
MIIG2TCCBcGgAwIBAgIISXHqSo0f+C0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UEAxMIQUNDVi1D
[...]
</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signature-BDFADICIJJIDI81">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#SignedBody-BDFADICIJJIDI81">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>TFKLyv9zd1G7RXK4sJV+hG2WfqQ=</DigestValue>
</Reference>
<Reference URI="#keyInfo-BDFADICIJJIDI81">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>SWO3sIcC16EcT17pBREoGe3CVes=</DigestValue>
</Reference>
<Reference URI="#binaryToken">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>GT+8/UoUzQgUAhvc25bn+DL6T1E=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue Id="SignatureValue-BDFADICIJJIDI81">
sTVgtvYlVuwhQ9XGcTfHh7lKdUcsf8vF6vyJ/5LVxuwarRDAjMzHcQlvFBlZTn8f
[..]
</SignatureValue>
<KeyInfo Id="keyInfo-BDFADICIJJIDI81">
<KeyValue>
<RSAKeyValue>
<Modulus>
tCxb/yk9DgCJmdxshvm6RwQtRMHqTdI2nDzQ2C761KEGmAaz7jrv8PtVSoNMRVr9
[...]
</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509Certificate>
MIIG2TCCBcGgAwIBAgIISXHqSo0f+C0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE
[...]
</X509Certificate>
<X509IssuerSerial>
<X509IssuerName>Certificate name</X509IssuerName>
<X509SerialNumber>Serial number</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
<wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#binaryToken" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="SignedBody-BDFADICIJJIDI81">
<ValidarFirmaResponse xmlns="http://afirmaws/services/ValidarFirma">
<ValidarFirmaReturn xmlns="" xsi:type="c0bxsd:string">
[return value (XML String)]
</ValidarFirmaReturn>
</ValidarFirmaResponse>
</soapenv:Body>
</soapenv:Envelope>
我試着用WSE 3.0的Web服務和它的作品,但我可以」請將軟件包安裝在服務器中,因爲它是Windows Server 2008,安裝失敗。
我嘗試了所有可能的MessageSecurityVersion值,並得到了相同的結果。 – user1788617