0
我問同樣的問題在這裏,我已經問在MSDN論壇http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/70f40a4c-8399-4629-9bfc-146524334dafMessageSecurityException:安全頭元素「戳」與'ID必須簽署
我耗費了(最有可能基於Java的)Web服務與我完全無法修改。即使我會問他們(這是一個全國性的系統),它不會被修改。
我用WCF編寫了客戶端。下面是一些代碼:
CustomBinding binding = new CustomBinding();
AsymmetricSecurityBindingElement element = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
element.AllowSerializedSigningTokenOnReply = true;
element.SetKeyDerivation(false);
element.IncludeTimestamp = true;
element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy;
element.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
element.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier();
element.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
element.IncludeTimestamp = false;
binding.Elements.Add(element);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement());
EndpointAddress address = new EndpointAddress(new Uri("url"));
ChannelFactory<MyPortTypeChannel> factory = new ChannelFactory<MyPortTypeChannel>(binding, address);
ClientCredentials credentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
credentials.ClientCertificate.Certificate = myClientCert;
credentials.ServiceCertificate.DefaultCertificate = myServiceCert;
credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
service = factory.CreateChannel();
這個工作到服務的每一個請求,在客戶端失敗後(我可以確認我的請求是由服務所接受,並返回一個理智的反應)
我總是得到以下異常
MessageSecurityException:安全 頭元素「戳」與' ID必須簽名。
通過查看跟蹤我可以看到,在響應中確實有一個時間戳元素,但在安全部分中只有身體的簽名。
我可以以某種方式使WCF ingore事實Timestamp沒有簽名?
這可能只是解決方案。現在我只是苦於語法。 xml看起來像這樣: 2010-06-21T06:53:57Z 2010-06-21T06:58:57Z 我不知道該怎麼在自定義類型中定義它。 –
NiklasN
2010-06-21 08:05:18