0
我正在使用WSBinding和「TransportWithMessageCredential」來保護我的WCF Web服務,我在使用.NET客戶端時沒有任何問題。如何傳遞消息憑證 - TransportWithMessageCredential - SOAP請求中沒有憑證
但是,當試圖從Android或non.Net客戶端使用它,我不知道哪裏提供消息憑據!
我攔截了由.NET客戶端發送的SOAP消息,它沒有包含任何與憑據有關的東西,但它工作的很完美,但是對於來自和Android客戶端的SOAP請求使用相同的語法我們正面臨着這樣的錯誤:
The message could not be processed. This is most likely because the action ' http://tempuri.org/XXX/YYY ' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
正在由.NET客戶端發送和工作作爲截獲的SOAP請求:
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
<a:MessageID>urn:uuid:XX-XX-XX-XX-XX</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
</s:Header>
<s:Body>
<XXXXXX xmlns="http://tempuri.org/">
<request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<d4p1:Prop1 i:nil="true" />
<d4p1:Prop2 i:nil="true" />
<d4p1:Prop3 i:nil="true" />
</request>
</XXXXXX >
</s:Body>
</s:Envelope>
我的WCF confing的服務:
<wsHttpBinding>
<binding name="wsHttpBindingExt" maxReceivedMessageSize="4096000">
<readerQuotas maxDepth="32" maxStringContentLength="409600" maxArrayLength="4096000" maxBytesPerRead="4096000" />
<security mode="TransportWithMessageCredential" >
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
對於工作.NET客戶端:
從客戶代碼.NET和正常工作調用服務:
XXXXXServiceClient client = new XXXXXServiceClient();
client.ClientCredentials.UserName.UserName = "XXXX";
client.ClientCredentials.UserName.Password = "YYYY";
var res = client.DoXXXXX(a,b,c);
編輯
它是存在的,攔截器並沒有給我整個請求,但我有另一個問題。
使用招,我發現有兩個要求,一是要求安全令牌:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<a:MessageID>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://XXX.XXX.com/XXX.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:13.686Z</u:Created>
<u:Expires>2014-04-25T10:36:13.686Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-4d51d9cc-f621-48af-96a7-1fa541c18ea1-1">
<o:Username>XXX</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">YYY</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:Entropy>
<t:BinarySecret u:Id="uuid-c32043fe-d4fb-4802-b15a-ba2691c2b3d8-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">XXXXXXXXXXXXXXXXXXXXXXXXX</t:BinarySecret>
</t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
而這個請求的響應:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</a:Action>
<a:RelatesTo>urn:uuid:b7c8d134-ec01-48cd-abb6-81988e7270b1</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:02.106Z</u:Created>
<u:Expires>2014-04-25T10:36:02.106Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestedSecurityToken>
<c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
</c:SecurityContextToken>
</t:RequestedSecurityToken>
<t:RequestedAttachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
</o:SecurityTokenReference>
</t:RequestedAttachedReference>
<t:RequestedUnattachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference URI="urn:uuid:e2562052-1de3-496d-b455-e36958692176" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</o:SecurityTokenReference>
</t:RequestedUnattachedReference>
<t:RequestedProofToken>
<t:ComputedKey>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</t:ComputedKey>
</t:RequestedProofToken>
<t:Entropy>
<t:BinarySecret u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-9" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">JrVuueyiE55P172GX97vM3KM/oo26pN71wQ4B4C5dbo=</t:BinarySecret>
</t:Entropy>
<t:Lifetime>
<u:Created>2014-04-25T10:31:02.106Z</u:Created>
<u:Expires>2014-04-26T01:31:02.106Z</u:Expires>
</t:Lifetime>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityTokenResponse>
</s:Body>
</s:Envelope>
然後,我可以在第二次請求中使用這些信息:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://tempuri.org/XXX/YYY</a:Action>
<a:MessageID>urn:uuid:e2ec7944-a6b8-46f1-b021-270cea67c205</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://XXXX.YYYY.com/ZZZZ.svc</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2014-04-25T10:31:14.905Z</u:Created>
<u:Expires>2014-04-25T10:36:14.905Z</u:Expires>
</u:Timestamp>
<c:SecurityContextToken u:Id="uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
<c:Identifier>urn:uuid:e2562052-1de3-496d-b455-e36958692176</c:Identifier>
</c:SecurityContextToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>YYYYYYYYYYYYYYYYYYYYYY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XXXXXXXXXXXXXXXXXXXXX=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" URI="#uuid-67a62dc5-2ce5-45d2-af88-371d06243652-8"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
<XXXXXX xmlns="http://tempuri.org/">
<request xmlns:d4p1="http://schemas.datacontract.org/2004/07/XXX.XXX.XXX" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<d4p1:Prop1 i:nil="true" />
<d4p1:Prop2 i:nil="true" />
<d4p1:Prop3 i:nil="true" />
</request>
</XXXXXX >
</s:Body>
</s:Envelope>
大q這裏的問題是,在哪裏可以找到: BinarySecret,DigestValue,SignatureValue !!!和其他巨大的價值和ids!