“签名或解密无效”;当尝试通过WSE或WCF访问web服务时
本文关键字:WSE WCF web 服务 访问 解密 无效 | 更新日期: 2023-09-27 18:03:06
我已经得到了一个WSDL和一个web服务的URL,我需要使用c#来访问。web服务是通过HTTPS访问的,我被告知需要使用提供给我们的证书对SOAP有效负载进行签名。我们还提供了一个示例SOAP消息,当我将其插入soapUI时,它返回一个有效的响应。该消息看起来像这样:
<soapenv:Envelope xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xis="http://paymetric/2007-07/XiSecureWS.xsd">
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-94D3D696D2D0F9176413124110633037" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICYDCCAcmgAwIBAgIFLtK9XLEwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTExMDQxMjE1MDk1M1oXDTEzMDQwMTE1MDk1M1owgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJHQTERMA8GA1UEBxMIQ29sb21idXMxDjAMBgNVBAoTBUFmbGFjMQ4wDAYDVQQLEwVBZmxhYzEWMBQGA1UEAxMNQ2VjaWxsaW8gR2lsbDEeMBwGCSqGSIb3DQEJARYPY2dpbGxAYWZsYWMuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMN5LPHPVzhTWkB/R7qJVNMe/Z9dLsCZ5qlo/m1BRS0nGS+EWSTrjeGj12pGIO7xKg+OMOZMOylvNTzsgrh6U+sCAwEAAaMPMA0wCwYDVR0PBAQDAgP4MA0GCSqGSIb3DQEBBQUAA4GBACwh0KaS6RqMRXY4IDTGfWq2KQ+lLpkjtReAXlnpYr350axV9EoPoDkW3MPwdsKPWeFPll4vZQbOw4+kw07rGXrKLydxp2FpCRRNzoGlMTDyA1HpOtL2zMpokXz7HB7E13Y6SwJjK03KTJSw4wJLw/2AzYmZiYbp6L6OvD1lx0fJ</wsse:BinarySecurityToken><ds:Signature Id="Signature-3" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>0YnXlBdLNSbCMUP0Tuiu3c2ye+g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
LBpI+U/3Q9utuaNR/8j4smX1VGoOCeexbDmL6xM4nrHpHyNys1J6kOJIwGLOW0XEKRzTbdil5JjO
iKR/jzg5hw==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-94D3D696D2D0F9176413124110633038">
<wsse:SecurityTokenReference wsu:Id="STRId-94D3D696D2D0F9176413124110633039" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#CertId-94D3D696D2D0F9176413124110633037" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xis:sEncrypt_Input>
<xis:MaxUnmaskedDigits>4</xis:MaxUnmaskedDigits>
<xis:isUnmaskedFromLeft>1</xis:isUnmaskedFromLeft>
<xis:strRawValue>1234123412341234</xis:strRawValue>
</xis:sEncrypt_Input>
</soapenv:Body>
</soapenv:Envelope>
我已经尝试使用WSE 3.0和WCF访问此服务。我知道WSE已经过时了,我不应该使用它,但是在这一点上,我迫切需要一些有效的东西,而我在WCF上没有任何更好的运气。
下面是我的WSE实现:XiSecureWSService svcXi = new XiSecureWSService();
SoapContext context = svcXi.RequestSoapContext;
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
"certificatelookupinfo", false);
X509Certificate2 cert;
X509SecurityToken signatureToken;
if (certs.Count == 1)
{
cert = certs[0];
signatureToken = new X509SecurityToken(cert);
}
else
{
signatureToken = null;
}
MessageSignature sig = new MessageSignature(signatureToken);
context.Security.Tokens.Add(signatureToken);
context.Security.Elements.Add(sig);
context.Security.MustUnderstand = false;
context.Security.Timestamp.TtlInSeconds = 60;
sEncrypt_InputType xiInput = new sEncrypt_InputType();
xiInput.MaxUnmaskedDigits = 4;
xiInput.isUnmaskedFromLeft = false;
xiInput.strRawValue = "1234123412341234";
sEncrypt_OutputType xiOutput = svcXi.pm_SingleEncrypt(xiInput);
XiSecureWSPortTypeClient client = new XiSecureWSPortTypeClient("XiSecureWSServicePort",
"https://endpointaddress");
X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
"certificatelookupinfo",
false);
X509Certificate2 cert;
X509SecurityToken signatureToken;
if (certs.Count == 1)
{
cert = certs[0];
signatureToken = new X509SecurityToken(cert);
}
else
{
cert = null;
signatureToken = null;
}
SecurityHeaderType security = new SecurityHeaderType();
client.ClientCredentials.ClientCertificate.Certificate = cert;
sEncrypt_InputType xiInput = new sEncrypt_InputType();
xiInput.MaxUnmaskedDigits = 4;
xiInput.isUnmaskedFromLeft = false;
xiInput.strRawValue = "1234123412341234";
sEncrypt_OutputType xiOutput = client.pm_SingleEncrypt(security, xiInput);
和我的。config文件看起来像这样:
<?xml version="1.0"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup>
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="customBinding"/>
</protocolMapping>
<bindings>
<customBinding>
<binding name="MyCustomBinding">
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="CertificateOverTransport" includeTimestamp="true" />
<httpsTransport keepAliveEnabled="false" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://endpointaddress" binding="customBinding"
bindingConfiguration="MyCustomBinding" contract="XiSecureWSPortType"
name="XiSecureWSServicePort" />
</client>
</system.serviceModel>
</configuration>
通过WSE生成的SOAP调用如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-c93385e7-4e68-4e65-b73f-e0d6040b407a">http://endpoint.wsdl/pm_SingleEncrypt</wsa:Action>
<wsa:MessageID wsu:Id="Id-dbdda6fd-6d3f-4b1d-8b30-34b87567d865">urn:uuid:054e3fdd-c1ab-4ef8-9e45-d6edbf462272</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-5704430b-7323-468d-9073-ce6f4adb03c6">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-795dab74-1cab-44ed-8c1e-6cf5db6d89c5">https://endpointaddress</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-5c742cc5-9653-45f3-81cf-691d5e76861c">
<wsu:Created>2013-03-08T19:53:18Z</wsu:Created>
<wsu:Expires>2013-03-08T19:54:18Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="SecurityToken-d1c1eee1-4eaa-4418-8d80-4416b05b4745">MIICrDCCAhWgAwIBAgIFLtjzLRAwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTEyMDgzMTE1NTYyOFoXDTE0MDgyMTE1NTYyOFowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzETMBEGA1UEBwwKQ2hhcmxlc3RvbjESMBAGA1UECgwJQmxhY2tiYXVkMQwwCgYDVQQLDANVQVQxFjAUBgNVBAMMDUxpbmRhIENvbGxpbnMxIjAgBgkqhkiG9w0BCQEWE25vb25lQGJsYWNrYmF1ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvvNxFm5pXQepTeBkonadC9AHAlZrwyJheNewJ7gaS+jGNAFPHOabiUHS99TIo5Qp9+iwkKBeHuCiiJCeBzhBUVjTJ+CQFbJc12IhVRvOeW5xnyawbe+025BkK+xfjDFvTU2LIZjAV+3y+TADVWUV4VSALlwARKHH2EOu0JaZqfAgMBAAGjDzANMAsGA1UdDwQEAwID+DANBgkqhkiG9w0BAQUFAAOBgQCGQfBXqMe/Qmr3LIItBzHFyP+qu8+/IA7x+//xOFFm/GpJg8FWd8uHiuWOVNHjxLKzN/o+oKRPs1rBamCjB4CDI9BhKDDi6ZmA2uvSJV2pdEeKL63mgPBb0o8QrFrUWSqoDEGqa8d6vlgXrQSzojIK3rxjd71xfoPcdrcBwHqJCw==</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-c93385e7-4e68-4e65-b73f-e0d6040b407a">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>kOQUVB/DeBZJiM5sOBtjdtuxXlg=</DigestValue>
</Reference>
<Reference URI="#Id-dbdda6fd-6d3f-4b1d-8b30-34b87567d865">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>pJRl5c7txgnw4rXEWzrFrmOBVPE=</DigestValue>
</Reference>
<Reference URI="#Id-5704430b-7323-468d-9073-ce6f4adb03c6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>YBG6XGu50bEz+yGcUl6LSflpegM=</DigestValue>
</Reference>
<Reference URI="#Id-795dab74-1cab-44ed-8c1e-6cf5db6d89c5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>LOUX6dBXgV0UI+2Xz2SbvXCjLZg=</DigestValue>
</Reference>
<Reference URI="#Timestamp-5c742cc5-9653-45f3-81cf-691d5e76861c">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>tUlKm/sCne9jjjlg/oOtycdFUhI=</DigestValue>
</Reference>
<Reference URI="#Id-44ed0eaf-f408-45ac-b703-fff9b3fdd638">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>ekZF3fuslJcNRjuXNekGZ49Hdq8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>K1MfLOS6sHmPxVsaLgTHoS9/Kisy/T07Um0/qlpV+246F+jPy1HbU+K0/pnAGESgLnzzA8bbGp7fZxmoIOx6oAONtI7sqM6E6OxY9g0aw+b+XAL65JT+9cXIKLNOUs9O9f301PGmlJ0ldocz0TkAX9NQTxdv8e8zqhsBLsH9kKo=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-d1c1eee1-4eaa-4418-8d80-4416b05b4745" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-44ed0eaf-f408-45ac-b703-fff9b3fdd638">
<sEncrypt_Input xmlns="http://endpoint/xsdname.xsd">
<MaxUnmaskedDigits>4</MaxUnmaskedDigits>
<isUnmaskedFromLeft>false</isUnmaskedFromLeft>
<strRawValue>1234123412341234</strRawValue>
</sEncrypt_Input>
</soap:Body>
</soap:Envelope>
WCF SOAP请求是这样的:
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo8nVLrfiqatEmo8IboHWGp0AAAAA1E1NtzXJZEGIoAvEM9FGvDB0fAYl39xBpJzQdMwSA8IACQAA</VsDebuggerCausalityData>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2013-03-08T21:13:18.546Z</u:Created>
<u:Expires>2013-03-08T21:18:18.546Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken u:Id="uuid-ecc8d8b8-ede9-46f6-b589-5d3b606a051a-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIICrDCCAhWgAwIBAgIFLtjzLRAwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTEyMDgzMTE1NTYyOFoXDTE0MDgyMTE1NTYyOFowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzETMBEGA1UEBwwKQ2hhcmxlc3RvbjESMBAGA1UECgwJQmxhY2tiYXVkMQwwCgYDVQQLDANVQVQxFjAUBgNVBAMMDUxpbmRhIENvbGxpbnMxIjAgBgkqhkiG9w0BCQEWE25vb25lQGJsYWNrYmF1ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvvNxFm5pXQepTeBkonadC9AHAlZrwyJheNewJ7gaS+jGNAFPHOabiUHS99TIo5Qp9+iwkKBeHuCiiJCeBzhBUVjTJ+CQFbJc12IhVRvOeW5xnyawbe+025BkK+xfjDFvTU2LIZjAV+3y+TADVWUV4VSALlwARKHH2EOu0JaZqfAgMBAAGjDzANMAsGA1UdDwQEAwID+DANBgkqhkiG9w0BAQUFAAOBgQCGQfBXqMe/Qmr3LIItBzHFyP+qu8+/IA7x+//xOFFm/GpJg8FWd8uHiuWOVNHjxLKzN/o+oKRPs1rBamCjB4CDI9BhKDDi6ZmA2uvSJV2pdEeKL63mgPBb0o8QrFrUWSqoDEGqa8d6vlgXrQSzojIK3rxjd71xfoPcdrcBwHqJCw==</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>8Jq254k3Mqm2AZ58M/7SZ0Oj9hY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>oUQgQmYxq+RvetZYGBzHMg953V+w0hxoT5BAICFs1xDuNoJi2SYIO2nvyHrywVGpvqMLeY+K89FI9SdfMyPJx6iReZm/QB8gTP5ZwkY9YQxyEEn6hlVnU+CUYaQmBtnAXMJJkQxS+OAzz3SfGBcXZSulGMwRS1fJtbC3tNtBfF4=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="#uuid-ecc8d8b8-ede9-46f6-b589-5d3b606a051a-1" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<sEncrypt_Input xmlns="http://vendor/xsdfile.xsd">
<MaxUnmaskedDigits>4</MaxUnmaskedDigits>
<isUnmaskedFromLeft>false</isUnmaskedFromLeft>
<strRawValue>4100123412341234</strRawValue>
</sEncrypt_Input>
</s:Body>
</s:Envelope>
无论我如何尝试使用WSE,我都会得到一个错误,说"签名或解密无效"。如果我尝试WCF实现,就会发现"元素‘o:Security’中的数据必须被理解,但不能被处理。"我一直在纠结这个问题,有人有什么主意吗?
编辑:当前SOAP请求:
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" u:Id="_2" />
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo9KISySaFjJMiAw5zk9o3qYAAAAAxhoAIROo00iQikvZBzGIH8wpfBfX1e1Kg29TMjN6keYACQAA</VsDebuggerCausalityData>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<o:BinarySecurityToken u:Id="uuid-bf6b0577-5466-4726-ac5e-2ba07665475f-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIICrDCCAhWgAwIBAgIFLtjzLRAwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTEyMDgzMTE1NTYyOFoXDTE0MDgyMTE1NTYyOFowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzETMBEGA1UEBwwKQ2hhcmxlc3RvbjESMBAGA1UECgwJQmxhY2tiYXVkMQwwCgYDVQQLDANVQVQxFjAUBgNVBAMMDUxpbmRhIENvbGxpbnMxIjAgBgkqhkiG9w0BCQEWE25vb25lQGJsYWNrYmF1ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvvNxFm5pXQepTeBkonadC9AHAlZrwyJheNewJ7gaS+jGNAFPHOabiUHS99TIo5Qp9+iwkKBeHuCiiJCeBzhBUVjTJ+CQFbJc12IhVRvOeW5xnyawbe+025BkK+xfjDFvTU2LIZjAV+3y+TADVWUV4VSALlwARKHH2EOu0JaZqfAgMBAAGjDzANMAsGA1UdDwQEAwID+DANBgkqhkiG9w0BAQUFAAOBgQCGQfBXqMe/Qmr3LIItBzHFyP+qu8+/IA7x+//xOFFm/GpJg8FWd8uHiuWOVNHjxLKzN/o+oKRPs1rBamCjB4CDI9BhKDDi6ZmA2uvSJV2pdEeKL63mgPBb0o8QrFrUWSqoDEGqa8d6vlgXrQSzojIK3rxjd71xfoPcdrcBwHqJCw==</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>zFBRC19YqaNfiONdpUCbcr4DQxs=</DigestValue>
</Reference>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>IkDHDcU8EXvtVZTidHKQd1q1g3s=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>a377DsYAjfklKE14NT1NjGWKNQaW2CCBXRpb08tzNcJKHPF07226AxqoA589y+IscFxwzlsQ+S5g4a5DkcXG25HYyNnXktHlQWzn9B1mvElQwY1pgq02hJ5g+Z3/ctyruqu4m1gKexYAtKthor06Zf800L4QNQlfYLDVawawwnc=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-bf6b0577-5466-4726-ac5e-2ba07665475f-2" />
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" u:Id="_1">
<sEncrypt_Input xmlns="http://vendor/xsdfile.xsd">
<MaxUnmaskedDigits>4</MaxUnmaskedDigits>
<isUnmaskedFromLeft>false</isUnmaskedFromLeft>
<strRawValue>1234123412341234</strRawValue>
</sEncrypt_Input>
</s:Body>
</s:Envelope>
您发布的最后一个soap看起来像WSE生成的soap。WCF是什么样子的?我建议使用wcf与'mutualCertificate'的authenticationomode的自定义绑定,而不是像你使用的。