使用摘要身份验证使用web服务
本文关键字:web 服务 身份验证 | 更新日期: 2023-09-27 18:27:34
我们使用C#通过SOAP发送XML数据。该服务需要使用#PasswordDigest
和#Base64Binary Nonce
进行HttpDigest身份验证。我们的binding
代码:
protected BasicHttpBinding binding = new BasicHttpBinding()
{
Name = "ShipmentServiceSoapBinding",
CloseTimeout = new TimeSpan(0, 01, 0),
OpenTimeout = new TimeSpan(0, 01, 0),
ReceiveTimeout = new TimeSpan(0, 10, 0),
SendTimeout = new TimeSpan(0, 5, 0),
AllowCookies = false,
BypassProxyOnLocal = false,
HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
MaxBufferPoolSize = 5242880,
MaxReceivedMessageSize = 655360,
MessageEncoding = WSMessageEncoding.Text ,
TextEncoding = new UTF8Encoding(),
UseDefaultWebProxy = true,
ReaderQuotas = new XmlDictionaryReaderQuotas() { MaxDepth = 32, MaxStringContentLength = 81920, MaxArrayLength = 1638400, MaxBytesPerRead = 409600, MaxNameTableCharCount = 163840 },
Security = new BasicHttpSecurity() { Mode = BasicHttpSecurityMode.TransportWithMessageCredential,
//Message = new BasicHttpMessageSecurity() { AlgorithmSuite = SecurityAlgorithmSuite.Default, ClientCredentialType = BasicHttpMessageCredentialType.UserName},
Transport = new HttpTransportSecurity(){ ClientCredentialType = HttpClientCredentialType.Digest}},
};
根据我们选择的BasicHttpSecurityMode类型,我们遇到了3个不同的问题。
- 传输-XML不包括任何安全信息
- TransportCredentialOnly-我们得到的错误表明端点不能是https://
- TransportWithMessagecredential-这不是在使用摘要
现在他们的ServiceReference允许我们使用ClientCredentials类,所以下面是我们如何尝试使用HttpDigest:
typeClient.ClientCredentials.HttpDigest.ClientCredential.UserName = "username";
typeClient.ClientCredentials.HttpDigest.ClientCredential.Password = "password";
我读过关于StackOverflow的另一个问题,即对于摘要,我们应该使用SoapHeader和AuthHeader,但我们无法将其与API中提供的内容相匹配。还有别的办法吗?还是他们的API没有为C#正确编写?
在这种情况下使用摘要身份验证要复杂得多——您需要实现IClientMessageInspector
才能使其工作。。。这使您能够以摘要身份验证所需的方式修改http标头。
有用的链接:
- https://stackoverflow.com/a/3257760/847363
- http://benpowell.org/supporting-the-ws-i-basic-profile-password-digest-in-a-wcf-client-proxy/
- http://social.msdn.microsoft.com/Forums/en/wcf/thread/0f09954e-3cef-45b3-a00d-f0f579a06bf7
- http://msdn.microsoft.com/en-us/library/system.servicemodel.dispatcher.iclientmessageinspector.aspx
- http://msdn.microsoft.com/en-us/library/system.servicemodel.dispatcher.iclientmessageinspector.beforesendrequest.aspx
- http://yuzhangqi.itpub.net/post/37475/500654
- http://wcfpro.wordpress.com/category/wcf-extensions/
- http://social.technet.microsoft.com/wiki/contents/articles/1322.how-to-inspect-wcf-message-headers-using-iclientmessageinspector-en-us.aspx
- http://weblogs.asp.net/paolopia/archive/2007/08/23/writing-a-wcf-message-inspector.aspx
- http://wcfpro.wordpress.com/2011/03/29/iclientmessageinspector/