【问题标题】:add username in mutualcertificate ws-security header wcf在相互证书 ws-security 标头 wcf 中添加用户名
【发布时间】:2014-03-05 22:00:47
【问题描述】:

经过 1 周的研究和尝试/重试,我确实成功地编写了几乎我需要的程序。

我目前遇到有关 ws-security 登录消息的问题。

所以我在 authenticationMode 中使用带有 ws-security 1.0、框架 4.0 和相互证书的soap12。

除了我需要在 ws-security 标头中输入用户名之外,我发送到 web 服务的请求一切都很好。

如果我输入 CertificateOverTransport,我有用户名,但消息签名不足。

这是我的绑定:

<customBinding>
<binding name="NewBinding">
    <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
        messageVersion="Soap12" writeEncoding="utf-8">
    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
    </textMessageEncoding>
    <security includeTimestamp="true"
            authenticationMode="MutualCertificate"
                securityHeaderLayout="Strict"
            defaultAlgorithmSuite="Basic256"
            allowSerializedSigningTokenOnReply="true"
            messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">      
    </security>
    <httpsTransport manualAddressing="false" maxBufferPoolSize="524288"
        maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
        realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
        useDefaultWebProxy="true" requireClientCertificate="true" />
</binding>
</customBinding>

这是我的行为:

<behaviors>
    <endpointBehaviors>
    <behavior name="ServiceBehavior">
        <clientCredentials>
        <clientCertificate findValue="XXXXX" storeName="My" storeLocation="CurrentUser" x509FindType="FindByThumbprint"/>
        <serviceCertificate>
            <authentication certificateValidationMode ="PeerOrChainTrust" />
            <defaultCertificate findValue="XXXX" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
        </serviceCertificate>
        </clientCredentials>         
    </behavior>
    </endpointBehaviors>
</behaviors>

我的终点:

<client>
    <endpoint address="xxxx" binding="customBinding"
        bindingConfiguration="NewBinding" contract="WSSTestOutboundService"
        name="NewPort.0"  behaviorConfiguration="ServiceBehavior">
    <identity>
        <dns value="XXXX"/>
    </identity>
    </endpoint>
</client>

这是我的代码:

System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
    return true;
};

WSSTestOutboundServiceClient test = new WSSTestOutboundServiceClient();
test.ClientCredentials.ClientCertificate.SetCertificate(
                        StoreLocation.CurrentUser
                    , StoreName.My
                    , X509FindType.FindByThumbprint
                    , "9f 28 4b 80 f1 fe 5c 9e ea 4d b4 a1 34 48 e2 47 b9 29 82 27");

test.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
                        StoreLocation.CurrentUser
                    , StoreName.My
                    , X509FindType.FindBySubjectName
                    , "DPUPRGWYDP01.npr.bngf.local");
test.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;

test.ClientCredentials.UserName.UserName = "TEST";
test.ClientCredentials.UserName.Password = "TEST";
test.ChannelFactory.Credentials.UserName.UserName = "TEST2";
test.ChannelFactory.Credentials.UserName.Password = "TEST2";

getGreeting test2 = new getGreeting();
MessageBox.Show(test.getGreeting(test2).greeting);

你能帮帮我吗?

httprequest 中的用户名不够好。

谢谢!

///////////更新//////////////

我设法通过在端点信息中手动添加此用户名令牌:

<endpoint address="https://XXXXXXX:443/TestSecurity/V1" binding="customBinding"
          bindingConfiguration="NewBinding" contract="WSSTestOutboundService"
          name="NewPort.0"  behaviorConfiguration="ServiceBehavior">
  <identity>
    <dns value="DPUPRGWYDP01.npr.bngf.local"/>
  </identity>
  <headers>
    <wsse:UsernameToken
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      wsu:Id="UsernameToken-6"
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:Username name="UserNameToken" value="Username"></wsse:Username>
    </wsse:UsernameToken>
  </headers>
</endpoint>

但我不知道如何设置变量用户名...

你有什么想法吗?

谢谢!

//////////////更新/////////////

此解决方案不起作用,因为它是一个多用户应用程序,所以我无法修改配置文件。

我把帖子放在这里是因为它让你知道我在寻找什么。

请帮帮我!

【问题讨论】:

    标签: c# web-services wcf soap ws-security


    【解决方案1】:

    我找到了解决办法。

    这是添加用户名的代码:

    using (new OperationContextScope(test.InnerChannel))
    {
        // Add a SOAP Header to an outgoing request
        //can't send username using mutualcertificate instead of using that way
        //can be better : see http://blogs.msdn.com/b/wsdevsol/archive/2014/02/07/adding-custom-messageheader-and-http-header-to-a-wcf-method-call.aspx
        MessageHeader aMessageHeader = MessageHeader.CreateHeader("UsernameToken", "http://tempuri.org", "TOTOTO");
        OperationContext.Current.OutgoingMessageHeaders.Add(aMessageHeader);
    
        getGreeting test2 = new getGreeting();
        MessageBox.Show(test.getGreeting(test2).greeting);
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-06-08
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多