【问题标题】:WCF - CustomBinding for signing timestamp, body and BinarySecirityTokenWCF - 用于签名时间戳、正文和 BinarySecirityToken 的 CustomBinding
【发布时间】:2021-03-01 19:52:21
【问题描述】:

我需要打电话给有严格格式要求的 java/Oracle 合作伙伴。

我的请求应该是这样的: sample request

但它实际上看起来像这样: my request

BinarySecurityToken 由于某种原因重复。

我的自定义绑定:

        UPLVaccinatieGegevensClient client = new UPLVaccinatieGegevensClient(GetBinding(), new EndpointAddress(new Uri("https://...."), EndpointIdentity.CreateDnsIdentity("...")));
        client.ClientCredentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "...");
        client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "...");

        var vs = client.Endpoint.EndpointBehaviors.FirstOrDefault((i) => i.GetType().Namespace == "Microsoft.VisualStudio.Diagnostics.ServiceModelSink");
        if (vs != null)
        {
            client.Endpoint.Behaviors.Remove(vs);
        }
        
        client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;

        //UPLVaccinatieGegevensClient client = new UPLVaccinatieGegevensClient("UPLVaccinatieGegevens1");

        var request = GetRequest();
        var response = client.GetAanleverenVaccinatieGegevens(request);
    }

    private static CustomBinding GetBinding()
    {
        var messageSecurity = new AsymmetricSecurityBindingElement
        {
            MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
            InitiatorTokenParameters = new X509SecurityTokenParameters
            {
                InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient,
                ReferenceStyle = SecurityTokenReferenceStyle.External,
                X509ReferenceStyle = X509KeyIdentifierClauseType.RawDataKeyIdentifier,
                RequireDerivedKeys = false
            },
            RecipientTokenParameters = new X509SecurityTokenParameters
            {
                InclusionMode = SecurityTokenInclusionMode.Never,
                ReferenceStyle = SecurityTokenReferenceStyle.External,
                X509ReferenceStyle = X509KeyIdentifierClauseType.Any,
                RequireDerivedKeys = false
            },
        };
        messageSecurity.EnableUnsecuredResponse = true;
        messageSecurity.IncludeTimestamp = true;
        messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampFirst;
        messageSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
        messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;

        messageSecurity.SetKeyDerivation(false);
        messageSecurity.EndpointSupportingTokenParameters.Signed.Add(messageSecurity.InitiatorTokenParameters);
        messageSecurity.LocalClientSettings.TimestampValidityDuration = new TimeSpan(0, 1, 0);

        HttpsTransportBindingElement elem = new HttpsTransportBindingElement { RequireClientCertificate = true };
        CustomBinding binding = new CustomBinding(messageSecurity, new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8), elem);

        return binding;
    }

我错过了什么?

【问题讨论】:

  • 我不是特别了解您的需求。是否要使用 WCF 调用 Java Web 服务?
  • 确实如此。我的标头接近预期的请求,但存在重复的 BinarySecurityToken。
  • 我的想法是实现IClientMessageInspector,然后在发送SOAP消息之前删除一个BinarySecurityToken节点。
  • 安全标头在 BeforeSendRequest 中仍然不可用。

标签: wcf signing


【解决方案1】:

当 X509SecurityTokenParameters.InclusionMode 在 InitiatorTokenParameters、RecipientTokenParameters 或 EndpointSupportingTokenParameters.Signed 中设置为 SecurityTokenInclusionMode.Never 以外的任何其他值时,似乎正在添加额外的令牌。

您可以尝试将InclusionMode的值设置为SecurityTokenInclusionMode.Never:

InclusionMode = SecurityTokenInclusionMode.Never

【讨论】:

  • 它有效。谢谢。 KeyInfo 部分看起来不同,但服务器接受了我的请求。
  • 如果您觉得我的回复对您有帮助,可以标记为回答。
猜你喜欢
  • 2017-12-21
  • 2014-02-06
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2014-05-13
  • 2013-02-14
  • 2021-07-03
相关资源
最近更新 更多