用C＃客戶端調用WS-Security Java Web服務

Question

我是使用WCF安全服務的新手。

我想用安全的HTTPS傳輸連接到一個java web服務，它使用WS-Security UsernamePassword令牌認證。

我試圖用WCF客戶端連接使用下面的綁定沒有運氣。

<bindings> 
    <wsHttpBinding> 
    <binding name="OperationsEndpoint1Binding" closeTimeout="00:01:00" 
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
     allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
     maxBufferPoolSize="524288" maxReceivedMessageSize="1015536" 
     messageEncoding="Text" textEncoding="utf-8" 
     useDefaultWebProxy="true"> 

     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
      maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 

     <security mode="TransportWithMessageCredential"> 
      <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> 
      <message clientCredentialType="UserName" algorithmSuite="Default" /> 
     </security> 
    </binding> 
    </wsHttpBinding> 
</bindings> 

有沒有人有解決方案連接到java webservice HTTPS傳輸和使用WS-Security UsernamePassword令牌認證非常感謝。

Answer 1

該解決方案不是使用WCF。相反，我創建了一個網絡請求，沿着Http request to web service in java這些線路工作。

我還沒有發現任何支持這種請求的WCF。

Answer 2

我是用wcf做的。 這對我來說，使用WS-Security用戶名令牌認證來連接到一個WebSphere ssl soap web服務。

如果您可以使用.NET4.5 +，並且服務器支持它，一定要避免默認tls1.0並使用tls.1.1或1.2。

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; 


private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress, 
                   String userName, 
                   X509Certificate2 clientCertificate, 
                   X509Certificate2 serviceCertificate, 
                   Int32 sendTimeoutMinutes){ 

// Custom Binding 
var myBinding = new CustomBinding 
{ 
    SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0), 
}; 
myBinding.Elements.Clear(); 

// asymmetric security 
var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(); 
mutual.AllowInsecureTransport = true; 
mutual.AllowSerializedSigningTokenOnReply = true; 
mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15; 
mutual.EnableUnsecuredResponse = true; 
mutual.IncludeTimestamp = false; 
mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient }; 
mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy; 
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; 
mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; 
mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator}; 
mutual.RequireSignatureConfirmation = false; 
mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax; 
mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier(); 
mutual.SetKeyDerivation(false); 
// Sets in header the certificate that signs the Username 
mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters()); 
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; 
myBinding.Elements.Add(mutual); 


var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true }; 
httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never); 
myBinding.Elements.Add(httpsBindingElement); 


var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress); 
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>(); 
factory.Endpoint.Behaviors.Remove(defaultCredentials); 

var clientCredentials = new ClientCredentials(); 
clientCredentials.UserName.UserName = userName; 
clientCredentials.ClientCertificate.Certificate = clientCertificate; 
clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate; 
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; 
clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; 

factory.Endpoint.Behaviors.Add(clientCredentials); 

return factory;}