多重保護級別在WCF中不起作用

問題是：部分加密不適用於消息有效負載。當我在MessageContract和MessageBodyMember屬性處更改ProtectionLevel時，它會完全加密有效負載或保持未加密的整個有效負載。

即，部分加密不起作用，我希望有效負載（消息體元素）的根標記未加密，其餘部分（即根標記的子元素）要加密。此行爲對於服務器上的彈簧web服務的enpoint映射是必需的。

這是一個用Java開發的Web服務的DotNet客戶端程序（合同第一WebService在Spring WS開發）。它使用相互證書來保證安全。

我正在使用messageSecurityVersion，WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10的自定義綁定。

我不確定它是否與此綁定的WS-Addressing支持相關。

這裏是我的app.config

<?xml version="1.0" encoding="utf-8"?> 
<configuration> 
    <configSections> 
    <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > 
     <section name="DISClientLibTest.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" /> 
    </sectionGroup> 
    </configSections> 

    <system.diagnostics> 
    <sources> 
     <source name="System.ServiceModel.MessageLogging"> 
     <listeners> 
      <add name="messages" 
      type="System.Diagnostics.XmlWriterTraceListener" 
      initializeData="c:\logs\messages.svclog" /> 
     </listeners> 
     </source> 
    </sources> 
    </system.diagnostics> 

    <system.serviceModel> 
    <behaviors> 
     <endpointBehaviors> 
     <behavior name="DISEndPointBehaviour"> 
      <clientCredentials> 
      <clientCertificate storeLocation="LocalMachine" storeName="Root" 
           x509FindType="FindBySubjectName" findValue="d-i-s-partner"/> 
      <serviceCertificate> 
       <defaultCertificate storeLocation="LocalMachine" storeName="Root" 
            x509FindType="FindBySubjectName" findValue="dis"/> 
       <authentication certificateValidationMode="PeerOrChainTrust"/> 
      </serviceCertificate> 
      </clientCredentials> 
     </behavior> 

     </endpointBehaviors> 
    </behaviors> 

    <bindings> 
     <customBinding> 
     <binding name="DISMutualCertificateDuplexBinding"> 
      <!--<security authenticationMode="MutualCertificateDuplex"--> 
      <security authenticationMode="MutualCertificate" 
        includeTimestamp="false" 
        requireDerivedKeys="false" 
        keyEntropyMode="ClientEntropy" 
        messageProtectionOrder="EncryptBeforeSign" 
        messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"/> 
      <textMessageEncoding messageVersion="Soap11WSAddressing10"/> 
      <httpTransport manualAddressing="false"/> 
     </binding> 
     </customBinding> 

    </bindings> 
    <client> 
     <endpoint binding="customBinding" 
       bindingConfiguration="DISMutualCertificateDuplexBinding" 
       contract="DaDeskDataExchange" 
       name="DaDeskDataExchangeSoap11_DaDeskDataExchange" 
       address="http://192.168.0.27:8080/disweb/1.0/spring-ws/" 
       behaviorConfiguration="DISEndPointBehaviour"> 
     <identity> 
      <dns value="dis"/> 
     </identity> 
     <headers> 
      <wsse:UsernameToken 
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
      wsu:Id="UsernameToken-6" 
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
      <wsse:Username>50001</wsse:Username> 
      <wsse:Password 
       Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password> 
      <wsse:Nonce 
       EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce> 
      <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created> 
      </wsse:UsernameToken> 
     </headers> 
     </endpoint> 
    </client> 
    <diagnostics> 
     <messageLogging logEntireMessage="true" 
         logMalformedMessages="true" 
         logMessagesAtTransportLevel="true" 
         logMessagesAtServiceLevel="true"/> 
    </diagnostics> 

    </system.serviceModel> 
</configuration>

這裏是由SvcUtil工具

[System.CodeDom.Compiler.GeneratedCodeAttribute("svcutil", "4.0.30319.1")] 
[System.SerializableAttribute()] 
[System.Diagnostics.DebuggerStepThroughAttribute()] 
[System.ComponentModel.DesignerCategoryAttribute("code")] 
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType = true, Namespace = "http://www.dadesk.com/dis/schema")] 
// This is added for bypassing encryption 
[System.ServiceModel.MessageContract(ProtectionLevel = System.Net.Security.ProtectionLevel.None)] 
public partial class getActualInvoiceOutputRequest 
{ 

    // This is added for bypassing encryption 
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] 
    private string interfaceUniqueReferenceField; 

    // This is added for bypassing encryption 
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] 
    private string invoiceIdField; 

    // This is added for bypassing encryption 
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] 
    private string daEventField; 

    /// <remarks/> 
    [System.Xml.Serialization.XmlElementAttribute(Order = 0)] 
    public string interfaceUniqueReference 
    { 
     get 
     { 
      return this.interfaceUniqueReferenceField; 
     } 
     set 
     { 
      this.interfaceUniqueReferenceField = value; 
     } 
    } 

    /// <remarks/> 
    [System.Xml.Serialization.XmlElementAttribute(Order = 1)] 
    public string invoiceId 
    { 
     get 
     { 
      return this.invoiceIdField; 
     } 
     set 
     { 
      this.invoiceIdField = value; 
     } 
    } 

    /// <remarks/> 
    [System.Xml.Serialization.XmlElementAttribute(Order = 2)] 
    public string daEvent 
    { 
     get 
     { 
      return this.daEventField; 
     } 
     set 
     { 
      this.daEventField = value; 
     } 
    } 
}

預期的SOAP請求

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> 
<SOAP-ENV:Header> 
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> 
    <wsse:BinarySecurityToken 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
    wsu:Id="CertId-1BC7C7CC8C1DC237A312742702475786" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ== 
    </wsse:BinarySecurityToken> 
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
    Id="Signature-7"> 
    <ds:SignedInfo> 
    <ds:CanonicalizationMethod 
     Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
    <ds:Reference URI="#id-8"> 
     <ds:Transforms> 
     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
     </ds:Transforms> 
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
     <ds:DigestValue>O+wONgrnKflVXuIf/QqMIVPHICg=</ds:DigestValue> 
    </ds:Reference> 
    </ds:SignedInfo> 
    <ds:SignatureValue> 
    cPLtiHI8a3Ay7lCau0wosF7pakNPaOkFdmjC8osUqkUUECjQvSPCoVyWZldPxheWIEEM1qUAR7X2 
    1cOFNn2YUfTu9c3ElEgfRycDUTpcvF5hs37Er+ssR3QBKQ9Jmd76MHcc8LW12KNGGWZn/grUMhnR 
    uuOzSrfAtOHYK22wPvE= 
</ds:SignatureValue> 
    <ds:KeyInfo Id="KeyId-1BC7C7CC8C1DC237A312742702475787"> 
    <wsse:SecurityTokenReference 
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
     wsu:Id="STRId-1BC7C7CC8C1DC237A312742702475788" 
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
     <wsse:Reference URI="#CertId-1BC7C7CC8C1DC237A312742702475786" 
     ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> 
    </wsse:SecurityTokenReference> 
    </ds:KeyInfo> 
    </ds:Signature> 
    <wsse:UsernameToken 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    wsu:Id="UsernameToken-6" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
    <wsse:Username>115394</wsse:Username> 
    <wsse:Password 
    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password> 
    <wsse:Nonce 
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce> 
    <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created> 
    </wsse:UsernameToken> 
    </wsse:Security> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    wsu:Id="id-8"> 
       <!---- I need the root tag un-encrypted--> 
    <getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema"> 
       <!---- I need the content encrypted--> 
    <interfaceUniqueReference>aasd</interfaceUniqueReference> 
    <invoiceId>-1</invoiceId> 
    <daEvent>1</daEvent> 
    </getActualInvoiceOutputRequest> 
</SOAP-ENV:Body> 
</SOAP-ENV:Envelope>

產生在代理類（僅限相關部分）上面的SOAP消息，在body內部，我需要對getActualInvoiceOutputRequest的內容進行加密，並且不希望getActualInvoiceOutputRequest被加密。現在，整個內容都被加密了。

我也跟着在下面的MSDN網頁 http://msdn.microsoft.com/en-us/library/aa347692.aspx

報告警告說，有關WS-Addressing的依賴給出的指導方針。它有一個聲明，[例如，BasicHttpBinding類不支持該規範，或者如果您創建不支持WS-Addressing的自定義綁定。]。

我懷疑那個區域，WS-Addressing支持我的自定義綁定。有人可以幫助嗎？

感謝， Shameer

來源

2010-08-18 Shameer Kunjumohamed

您的自定義綁定指定的WS-Addressing，但預計SOAP請求不使用它。我擔心這是互操作性被破壞的部分。您是否擁有描述安全設置的服務的WSDL？您是否也有使用加密的SOAP請求示例？

來源

2010-08-18 09:03:41

不幸的是，WSDL沒有描述的安全設置。它可以在這裏訪問.. http://83.111.89.230/disweb/1.0/spring-ws/DaDeskDataExchange/dataexchange.wsdl。這是一個公共IP。 – 2010-08-18 11:12:27

你有沒有有效的請求和響應的例子？順便說一句。檢查我的帖子：http://stackoverflow.com/questions/3457378/web-service-interoperability-broken-by-developers-incompetence – 2010-08-18 11:24:03

如何在這裏添加一個XMl的大塊？它不允許我添加超過600個字符。你能建議嗎？ – 2010-08-18 11:56:19

以下是使用恰當級別的加密的示例SOAP請求，它是由java客戶端生成的預期SOAP請求。

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
<SOAP-ENV:Header> 
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
SOAP-ENV:mustUnderstand="1"> 
<xenc:EncryptedKey Id="EncKeyId-B521E60EB6640CC36812821275442335" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> 
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<wsse:SecurityTokenReference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<ds:X509Data> 
<ds:X509IssuerSerial> 
<ds:X509IssuerName>CN=dis</ds:X509IssuerName> 
<ds:X509SerialNumber>1273126865</ds:X509SerialNumber> 
</ds:X509IssuerSerial> 
</ds:X509Data> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
<xenc:CipherData> 
<xenc:CipherValue>uVuKFUAyy7NvyMJuFgqB27nZ/uf1YCQLOjQJrOJN+iAiUGYBcIFYThpr+D2UK5l80HzWL8KUbbg8YcurjwOzuLM+DvuXbnsP3niFlFNipB0FTmnojD5t5J7xinRzfRzSVpSxxa/czOdFZTwyPclnUNFWEsWML8npQNOX2gir3Lk=</xenc:CipherValue> 
</xenc:CipherData> 
<xenc:ReferenceList> 
<xenc:DataReference URI="#EncDataId-4" /> 
</xenc:ReferenceList> 
</xenc:EncryptedKey> 
<wsse:BinarySecurityToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
wsu:Id="CertId-B521E60EB6640CC36812821275439461" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpkaXNwYXJ0bmVyMB4XDTEwMDUwNjA2MjEwNloXDTM3MDkyMDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkZCpIil24gHZdARUQXRrm0izFwMkACEeHoTv6/35FjSiQpntBxbaTLmGZ4U93Pjuko2jlBheiFeq0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ==</wsse:BinarySecurityToken> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
Id="Signature-2"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
<ds:Reference URI="#id-3"> 
<ds:Transforms> 
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
<ds:DigestValue>cYtMaQuuiVAho+6m8lj66ZPLFJc=</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue> 
ccAZE+FRn2ads52Ma5FsoYPx8P3SBYqjRYSctTNUmcsDQEhHowOoTyhkW5IElo9r/GaGWL0EBfmC 
SyNBh/qtKA4YHxjradG2Mk2Bxv/aRGuxaCllYTTr1kr37vC1fYiWVI2QrjbGOvp0i/5RgLanl40k 
gkDxle9CxegVDdZkijI= 
</ds:SignatureValue> 
<ds:KeyInfo Id="KeyId-B521E60EB6640CC36812821275439532"> 
<wsse:SecurityTokenReference 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="STRId-B521E60EB6640CC36812821275439553" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Reference URI="#CertId-B521E60EB6640CC36812821275439461" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
</ds:Signature> 
<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="UsernameToken-1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Username>119136</wsse:Username> 
<wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">R3WWGSkNtmPztaSUbiyAWOcpwTM=</wsse:Password> 
<wsse:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">pkJh0dN0yE8iIRe49T1bwg==</wsse:Nonce> 
<wsu:Created>2010-08-18T10:32:23.937Z</wsu:Created> 
</wsse:UsernameToken> 
</wsse:Security> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="id-3"> 
<getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema"> 
<xenc:EncryptedData Id="EncDataId-4" 
Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> 
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<wsse:SecurityTokenReference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Reference URI="#EncKeyId-B521E60EB6640CC36812821275442335" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
<xenc:CipherData> 
<xenc:CipherValue>Qg9GlqcRgEi6EJACo/RxVYbUTdX2fnHUdrmdsXolHPFcigsuTMMwj0ST5DIXuh3C4nB738Acd8ez 
hKyZdDR2skNYIWHKGzM8wuT3wrjbZGAnXl78PtzjfNSyldmwm1cm4JxW2YH0QvtUq5e2exVOnkVT 
ojBtvxYSjQl2F/pK0uawD/m3RFFyqB3/lOWShYSLqW+H5h0d96FxIyVPb27z+mGK0xRXO9sh51ES 
4wHozKnQvSMBbokOPaHLMgyNBqkRvDX5bNvsvnpyjBT8trlaSQYE6l+zyqSIj8apu+HxpLM8g73f 
MPeGyzn28I078ZVe6vOzVPhXsSLMEUwtEHWjHIe49h6uGGLg2xd5pehbXxqDbw2/a1UipBOOjz4v 
5UYVoFtw7OjfONbPrrhqEkyg8zV2S4SPH6ItGKYLuiLNGV7XEXgc4dhyZ+qV/byJ/tqxuP2eNF6+ 
a2pp+jEQ8z0QCLZSnWicrbz3sbRHzM2CyZk=</xenc:CipherValue> 
</xenc:CipherData> 
</xenc:EncryptedData> 
</getActualInvoiceOutputRequest> 
</SOAP-ENV:Body> 
</SOAP-ENV:Envelope>

而且我DOTNET客戶端當前生成以下要求

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<s:Header> 
<a:Action s:mustUnderstand="1" u:Id="_3"></a:Action> 
<a:MessageID u:Id="_4">urn:uuid:cbfc787e-d759-41b6-a919-9aba6fbd4fe6</a:MessageID> 
<a:ReplyTo u:Id="_5"> 
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> 
</a:ReplyTo> 
<a:To s:mustUnderstand="1" u:Id="_6">http://192.168.0.27:8080/disweb/1.0/spring-ws/</a:To> 
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:BinarySecurityToken> 
<!-- Removed--> 
</o:BinarySecurityToken> 
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"></DigestMethod> 
</e:EncryptionMethod> 
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<o:SecurityTokenReference> 
<X509Data> 
<X509IssuerSerial> 
<X509IssuerName>CN=dis</X509IssuerName> 
<X509SerialNumber>1273126865</X509SerialNumber> 
</X509IssuerSerial> 
</X509Data> 
</o:SecurityTokenReference> 
</KeyInfo> 
<e:CipherData> 
<e:CipherValue>YYorbYHYP+AmYDttzFQ4BtlnmvQPZVbIZqy/VD5eQendMmhZXXEKNiv32BVAqBDwmmiXzHjjaPkWOfA4Q0iRG6XNvFzmxo6G2hc3WJ+6ZDW/8RFaCjEjtGNp9LezuDrIBjdfMXZOR63H809mB4wtDwamg6eIxn64UmXfwybbNw4=</e:CipherValue> 
</e:CipherData> 
</e:EncryptedKey> 
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> 
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod> 
<Reference URI="#_2"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>LGEAlgVrR38d/JwppXPW4KvY/K0=</DigestValue> 
</Reference> 
<Reference URI="#_3"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>a8T/6AHa4bBGUI0zRJY5m1I0kYo=</DigestValue> 
</Reference> 
<Reference URI="#_4"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>hv0eRU3IzGVmeDHlGzlHyzVChkM=</DigestValue> 
</Reference> 
<Reference URI="#_5"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue> 
</Reference> 
<Reference URI="#_6"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>wnN99C6DCmP7MaOlTJxf10Urf/k=</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue>e2kDwoGU0XrmkUqO1rpkKSwYDMe327XN0hTLSQtutm04BX7+JjxbO5EbmmgX3F/hdKFjUk5rDdWxu1AC1LRlAhwiZKqzhnMx05ixuGoAxmlTLnL+ItdLTomOaOHkf7b7KNZouZDuCNeE/VdiQBOEmCYw2XfoukZxvIqyA03YffY=</SignatureValue> 
<KeyInfo> 
<o:SecurityTokenReference> 
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-127196be-7cc5-47ce-abd2-90d000c4fa2b-2"></o:Reference> 
</o:SecurityTokenReference> 
</KeyInfo> 
</Signature> 
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
<e:DataReference URI="#_1"></e:DataReference> 
</e:ReferenceList> 
</o:Security> 
</s:Header> 
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
<e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod> 
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:Reference URI="#_0"></o:Reference> 
</o:SecurityTokenReference> 
</KeyInfo> 
<e:CipherData> 
<e:CipherValue>rPnwZV8JzRPPf7jAR6HCNRTvELt5caZbyyBzs1icNP+5HPmKxzPfROs8aq4Soi5+HfOpAsanW6IdA3o9m466WOM4jVorN7dx+8VCygsKfp79JtniFfH3Us9YlJsjgxljCM5QvH84ZkXc/+TJy+zVwpTm0t3mEB8h83gDA0ZOYkCXG8ksZhOwvj4aaLpDoBI+e/4usJ2XsW2oi2xF8sCFzV20X4S/IJlTyUHqeQcW5N8evXF0A8K64FfnoFARCe/Bkq2kmbclNRBmCZE+sJNTNxkYVlA6QufCPASgZJg35fwDveHTcQb19IqccGC51khQWV8L4gIhnJ2RSRzgsDjuzO8wGYTjoSBvm18hfHMywqdEyUCYX9bFEGcaBFMevD9mIu/B/ksh6nqkp30NGctReupdTFyrNcUn9Zqu/xlwU/uJws4LIk4G7ggjF4IrqjOu</e:CipherValue> 
</e:CipherData> 
</e:EncryptedData> 
</s:Body> 
</s:Envelope>

來源

2010-08-18 12:03:23

我嘗試在測試WCF服務中使用您的消息協定，即使使用WS-Addressing，我也無法使其工作。它總是加密整個身體。我建議在MSDN論壇上放置相同的問題，如果你可以聯繫MS支持。 MSDN：http://social.msdn.microsoft.com/Forums/en-US/wcf/threads – 2010-08-18 22:20:04

非常感謝您的努力。我將很快在MSDN論壇上發佈。 – 2010-08-19 06:15:04

多重保護級別在WCF中不起作用

回答

相關問題