soap ws安全http中的用户名令牌
本文关键字:用户 令牌 ws 安全 http soap | 更新日期: 2023-09-27 18:12:47
这是我试图生成的第一部分soap头
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
<wsse:Username>....your_username.....</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
<wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
<wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
虽然我有wsdl,这是我在c#中创建自定义绑定的代码。我不确定如何使用wsdl来创建soap标头。我所知道的是如何调用一些操作。我使用svcutil生成代理。如果有人想看wsdl,请告诉我此外,我相信我的webconfig不需要任何绑定配置。因为我在代码
中设置了所有的绑定端点 protected void Button2_Click(object sender, EventArgs e)
{
var b = new CustomBinding();
var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
UserNameSecurityTokenParameters tokenParameters = new
UserNameSecurityTokenParameters();
tokenParameters.InclusionMode =
SecurityTokenInclusionMode.AlwaysToRecipient;
tokenParameters.RequireDerivedKeys = false;
sec.EndpointSupportingTokenParameters.SignedEncrypted.Add(
tokenParameters);
//b.Elements.Add(security);
// sec.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
sec.MessageSecurityVersion =
MessageSecurityVersion.
WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
sec.IncludeTimestamp = true;
sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
b.Elements.Add(sec);
b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
b.Elements.Add(new HttpTransportBindingElement());
//AddressHeader addressHeader1 = AddressHeader.CreateAddressHeader("wsse", "http://12.23.28.113:9047/MHService", 1);
AddressHeader[] addressHeaders = null;
EndpointAddress endptAddress = new EndpointAddress(new Uri("http://12.23.28.113:9047/MHService"), EndpointIdentity.CreateDnsIdentity("DPMedsHistory"), addressHeaders);
MHSClient serviceProxy = new MHSClient(b, endptAddress);
serviceProxy.ClientCredentials.UserName.UserName = "sss";
serviceProxy.ClientCredentials.UserName.Password = "fff";
serviceProxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "sss");
serviceProxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "dsfdsa");
byte[] array = Encoding.ASCII.GetBytes("Hi");
Transaction t = new Transaction();
t.transData = array;
serviceProxy.getEligibility(t);
}
这是我根据fiddler生成的请求
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header><VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-c243958e-b070-4ac7-b497-9f668427eeb9-2"><u:Created>2013-05-08T17:03:14.129Z</u:Created><u:Expires>2013-05-08T17:08:14.129Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-2e5edef4-96b6-4747-83ad-f8b5a34d1ada-6" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">l81/yYTa2h</e:CipherValue></e:CipherData></e:EncryptedData></s:Body></s:Envelope>
问题:为什么不生成usernametoken2)它如何获得这些wsse头。我的外部服务url使用http
好了,我用这些链接让nonce起作用了
WCF:添加Nonce到UsernameToken
http://blogs.msdn.com/b/aszego/archive/2010/06/24/usernametoken-profile-vs-wcf.aspxhttp://www.west-wind.com/weblog/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication
感谢Yaron Naveh