如何從.net和wcf使用java web服務

Question

我遇到了互操作性問題。我來自.net，必須使用x509證書籤署請求才能使用Java安全服務。我有.net wcf客戶端中的WSDL和生成的服務引用，並在app.config中添加了x509證書憑據，但客戶端不會生成預期的SOAP Payload（在fiddler中跟蹤），並且java服務會引發錯誤。有沒有一種WCF客戶端按照java的預期生成有效載荷的方法？

下面是爪哇人給出的工作請求負載。

<soapenv:Envelope xmlns:smok="http://www.javaServer.org/schemas/SmokeTest" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> 
    <soapenv:Header> 
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
     <ds:Signature Id="SIG-53" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <ds:SignedInfo> 
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
      <ec:InclusiveNamespaces PrefixList="smok soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      </ds:CanonicalizationMethod> 
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
      <ds:Reference URI="#id-52"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec:InclusiveNamespaces PrefixList="smok" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
      <ds:DigestValue>dCnj2a+0wptrFSyWzEgwetSTHmM=</ds:DigestValue> 
      </ds:Reference> 
     </ds:SignedInfo> 
     <ds:SignatureValue> 
      WgD3P8DWPG4eWXzXiD9+LZosn7ggRPpIC1OAmq9bn0s1HuGhM/fZozfDhEDn5sAF9RtVFiAZxC03 
      4tW+cuxC5jAHH4GYQud6s5h5sGwvhLshQNVdI6HBBFQWr+J3mUEBbUCExJ6HEe1i2v0+dMQNWezo 
      E1Ot7klNGxXedHzrlZw= 
     </ds:SignatureValue> 
     <ds:KeyInfo Id="KI-DE6BE13CF8D5419B66135109740345572"> 
      <wsse:SecurityTokenReference wsu:Id="STR-DE6BE13CF8D5419B66135109740345573"> 
      <ds:X509Data> 
       <ds:X509IssuerSerial> 
       <ds:X509IssuerName>CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName> 
       <ds:X509SerialNumber>51921456535433584705342517836423530149</ds:X509SerialNumber> 
       </ds:X509IssuerSerial> 
      </ds:X509Data> 
      </wsse:SecurityTokenReference> 
     </ds:KeyInfo> 
     </ds:Signature> 
    </wsse:Security> 
    </soapenv:Header> 
    <soapenv:Body wsu:Id="id-52" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
    <smok:HelloRequest> 
     <smok:Name>Hello from Heruwala</smok:Name> 
    </smok:HelloRequest> 
    </soapenv:Body> 
</soapenv:Envelope> 

Answer 1

的解釋here使用customBinding與 「mutualCertificate」 的security.mode。如果失敗，請發佈您的請求看起來如何（通過Fiddler或Wcf日誌記錄），以便我們可以比較它。一個預期的差異是證書將顯示爲二進制令牌而不是X509Data。我不希望服務器因此而失敗。萬一它可以通過從代碼創建整個自定義綁定來解決這個問題。當你需要創建安全元素，它將是這樣的：

SecurityBindingElement sec = 
       SecurityBindingElement.CreateMutualCertificateBindingElement(
        MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, false); 
X509SecurityTokenParameters x509Params = new X509SecurityTokenParameters(); 
x509Params.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial; 
((AsymmetricSecurityBindingElement) sec).InitiatorTokenParameters = x509Params; 

或通過硬編碼X509Data在自定義編碼器。