使用来自WCF客户端的X509签署SOAP请求

时间:2014-10-17 07:04:52

标签: c# web-services wcf soap

我有一个要求,我必须使用wcf客户端调用第三方Web服务。我必须调用的第三方服务是安全的Web服务,并使用https,例如。 https://kavyen.com/md。服务提供商为我提供了服务器和客户端证书。

我必须创建一个wcf客户端来签署SOAP请求但不加密,所以换句话说,我需要在SOAP Header中有签名信息,但不希望整个主体被加密。

下面是我必须从wcf客户端发送的SOAP信封样本。

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
            <soapenv:Header>
                        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
                                    <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-639F96823FC161A915140921867132422">MIICmDCCAYACEGkpMaS8nUlq58nKTzVZubIwDQYJKoZIhvcNAQEFBQAwRjELMAkGA1UEBhMCSUUxHjAcBgNVBAoTFVJldmVudWUgQ29tbWlzc2lvbmVyczEXMBUGA1UEAxMOREVWUEtJMSBTdWIgQ0EwHhcNMTMwOTI0MDgwNTQxWhcNMTUwOTI0MDgwNTQxWjBTMQswCQYDVQQGEwJJRTEXMBUGA1UEChMOVEVTVCBDT01QQU5ZIDUxEjAQBgNVBAsTCTYxOTEyODc1NzEXMBUGA1UEAxMOVEVTVCBDT01QQU5ZIDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMiliAb+XYJpkEMkwPAG4IObXlwnMdnQ04jNWrholmjmY/PgiPV4/oe1opScyHxI26sq+u4U+aBKyx2mgRDLqn2rpgVsEsq60mzFwuYBYRHLUS0rrQki13jbvoOvPWlAMgR42iF0V3GKr34Zm6i4lw4vLJzju+Xwup9UJhP8NM1nAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEOrsjUXMgMUQlnsupvl3e07/SA6r7idXCXZ/cbIi6ZzyAkPZOsUJQ7nUIckUF04jJTNJWfVYzs7+sY1c67G7r1MjypyfVH4JIckDFmF2Q5MmyePTGICm2ZeNm+3sJI8ApfbMNYDfXSSY7UXJVt1jhE+M3d2JGXirG+XrZC29/dcqIYixTkiBfDEP16LUTPcHseA/DKzGP43O92r5VP1oa07HA1nHt7W2CbT4MMqEpurBMC0EWkc/LzK0LKGUomZSDUHTOKisHPG5AKrV71EFJnR46eq+Ro6C781dbztkuHj8HH+8CdFuknq2+B7XCVVJTv1F3PVrCC5x8gsoR79oAo=</wsse:BinarySecurityToken>
                                    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8">
                                                <ds:SignedInfo>
                                                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                                            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                                                            <ds:Reference URI="#Id-762175305">
                                                                        <ds:Transforms>
                                                                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                                                        </ds:Transforms>
                                                                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                                                        <ds:DigestValue>WAtX3NtBp52Y5beBeL28QtPq6LE=</ds:DigestValue>
                                                            </ds:Reference>
                                                </ds:SignedInfo>
                                                <ds:SignatureValue>
OibCc5mrk6noqbukfcxy8Tt/d8+/JlOm9Nmx3nrD1i00HWjqi3v55sbnUowCPGA+fztRcIXhuWYF
GlQyrRxxPLhnvM6vfk9zEZYbS/34dudp9H8gswPh+wsWa0/nowgSoo+eK5I0AbYNqCIHD3EUAfzG
/Br+gMqtRuZyZbhtKbg=
                                                </ds:SignatureValue>
                                                <ds:KeyInfo Id="KeyId-639F96823FC161A915140921867132623">
                                                            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-639F96823FC161A915140921867132624">
                                                                        <wsse:Reference URI="#CertId-639F96823FC161A915140921867132422" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                                                            </wsse:SecurityTokenReference>
                                                </ds:KeyInfo>
                                    </ds:Signature>
                        </wsse:Security>
            </soapenv:Header>
            <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-762175305">
                        <TestMessage>This is a test.</TestMessage>
            </soapenv:Body>
</soapenv:Envelope>

服务提供商

1 个答案:

答案 0 :(得分:0)

使用此绑定:

<customBinding>
        <binding name="NewBinding0">
            <textMessageEncoding messageVersion="Soap11" />
            <security authenticationMode="MutualCertificate" includeTimestamp="false"
                messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                <secureConversationBootstrap />
            </security>
            <httpTransport />
        </binding>
</customBinding>

还使用此属性修饰您的合同:

[System.ServiceModel.ServiceContractAttribute(ConfigurationName=..., ProtectionLevel=System.Net.Security.ProtectionLevel.Sign)]

合同is in reference.cs

相关问题
最新问题