6
我有一個客戶端,用於通過WSDL使用Visual Studio服務引用開發的Web服務。它被配置爲使用證書籤署請求並可以向服務發送請求罰款,但服務會回覆400 - 錯誤請求錯誤,因爲除了我想要的之外還有一個額外的簽名,並且有多個<Reference>標籤,它們使用HMAC-SHA1作爲其簽名方法。 HMAC-SHA1不受Web服務支持,因此請求被拒絕。但是,我甚至不想或不需要這個其他簽名,我不確定它來自哪裏。以下是我綁定配置:使用WSDL配置簽署主體的SOAP服務客戶端只有
<customBinding>
<binding name="mainBinding">
<security authenticationMode="MutualCertificate"
allowSerializedSigningTokenOnReply="true"
requireDerivedKeys="false"
requireSignatureConfirmation="false"/>
<httpsTransport />
</binding>
</customBinding>
我也把ProtectionLevel = System.Net.Security.ProtectionLevel.Sign作爲ServiceContractAttribute的一部分。
我的配置的哪個部分導致第二個簽名?我如何更改配置,以便在我的請求中擁有一個簽名?
編輯:
下面是發送請求。爲了突出我不想要的部分,我將它分成了幾個部分,但實際上它們都是連續的。
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_1">[removed]</a:Action>
<a:MessageID u:Id="_2">[removed]</a:MessageID>
<a:ReplyTo u:Id="_3">
<a:Address>[removed]</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_4">[removed]</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="[removed]">
<u:Created>2017-05-11T08:59:25.681Z</u:Created>
<u:Expires>2017-05-11T09:04:25.681Z</u:Expires>
</u:Timestamp>
<e:EncryptedKey Id="[removed]" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
[removed]
</e:EncryptedKey>
<o:BinarySecurityToken u:Id="[removed]" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">[removed]</o:BinarySecurityToken>
開頭的一部分,我不想
<Signature Id="_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="[removed]">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>[removed]</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="[removed]"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
末的一部分,我不想
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>[removed]</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="[removed]"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
[removed]
</s:Body>
</s:Envelope>
編輯2:
經過一些挖掘和閱讀後,我現在明白,這兩個簽名是身體和標題的簽名。我只想想要簽署正文。我已經相應地更改了標題。