我正在尝试让WCF客户端使用请求的SOAP标头中提供的安全信息来调用Web服务,如下所示。
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:ah_etas_order="http://types.defra.gov.uk/ahw/eartagging/order"
xmlns:ah_common="http://types.defra.gov.uk/ahw/common/complextypes"
xmlns:ah_assettype="http://types.defra.gov.uk/ahw/asset"
xmlns:ah_ref_data_sets="http://types.defra.gov.uk/ahw/common/referencedatasets"
xmlns:ah_custtype="http://types.defra.gov.uk/ahw/customer"
xmlns:m5="http://types.defra.gov.uk/bs7666"
xmlns:m6="http://www.govtalk.gov.uk/people/bs7666"
xmlns:m7="http://types.defra.gov.uk/ahw/common/derivedtypes"
xmlns:ah_etas_type="http://types.defra.gov.uk/ahw/eartagging">
<SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Security soap:role="system" soap:mustUnderstand="true">
<wsse:UsernameToken>
<wsse:Username>username here</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password here</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body>...</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
我正在使用Visual Studio 2012和.NET 4.文档说用于CARA服务的SOAP消息传递版本是SOAP 1.2。
我添加了一个服务引用,添加了一个带端点的web.config文件和以下自定义绑定。
<customBinding>
<binding name="ProcessOrderBinding">
<textMessageEncoding messageVersion="Soap12" />
<httpTransport />
</binding>
</customBinding>
我尝试了很多不同的web.config选项,但似乎无法获得正确的soap标头。有人能指出我正确的方向吗?
@Yaron,这是使用绑定的soap标头。我添加了一个includeTimestamp = false来删除时间戳。
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">
uIDPoxqYDT0sMwVImscgqVaf7GYAAAAAjin6KftLjkaS2CW99IXxrnWGCjfQnzFFuf4zGaQpeqIACQAA
</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-79885712-d6eb-451c-9483-4df2b68722bd-1">
<o:Username>username here</o:Username>
<o:Password>password here</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">...</s:Body>
</s:Envelope>
正如您所看到的,密码之前缺少以下内容。
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
答案 0 :(得分:3)
使用此绑定:
<customBinding>
<binding name="NewBinding0">
<textMessageEncoding messageVersion="Soap12" />
<security authenticationMode="UserNameOverTransport">
<secureConversationBootstrap />
</security>
<httpsTransport />
</binding>
</customBinding>
当然,您还需要提供代理的用户/传递:
proxy.ClientCredentials.Username.Username = "user"
proxy.ClientCredentials.Username.Password = "pass"
所有这些假设您也使用SSL。如果您不这样做,请查看CUB。