我正在编写一个客户端,对一个为WS-Security配置的外部Web服务进行POST调用,我从提供的WSDL中提取了引用,customBinding
如下:
<customBinding>
<binding name="OOH_ServiceSoap12Binding">
<textMessageEncoding messageVersion="Soap12" writeEncoding="utf-8"/>
<security authenticationMode="MutualCertificate" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
enableUnsecuredResponse="true" allowSerializedSigningTokenOnReply="true" requireSignatureConfirmation="false" includeTimestamp="true" defaultAlgorithmSuite="Default">
</security>
<httpsTransport />
</binding>
</customBinding>
我正在从文件加载证书,如下所示:
var fiClientCert = new FileInfo("cpmsws.ic24.nhs.uk.pfx");
var clientCertBytes = new byte[fiClientCert.Length];
fiClientCert.OpenRead().Read(clientCertBytes, 0, clientCertBytes.Length);
var cert = new X509Certificate2(clientCertBytes, "P@ssw0rd");
cert.Verify();
service.ClientCredentials.ClientCertificate.Certificate = cert;
var fiServiceCert = new FileInfo("Rhapsody_Server_Key.cer");
var serviceCertBytes = new byte[fiServiceCert.Length];
fiServiceCert.OpenRead().Read(serviceCertBytes, 0, serviceCertBytes.Length);
var serviceCert = new X509Certificate2(serviceCertBytes, string.Empty);
serviceCert.Verify();
service.ClientCredentials.ServiceCertificate.DefaultCertificate = serviceCert;
service.ClientCredentials.ServiceCertificate
.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
service.ClientCredentials.ServiceCertificate
.Authentication.RevocationMode = X509RevocationMode.NoCheck;
var address = service.Endpoint.Address;
service.Endpoint.Address = new EndpointAddress(address.Uri,
new DnsEndpointIdentity("Rhapsody Server Key"), address.Headers,
address.GetReaderAtMetadata(),
address.GetReaderAtExtensions());
service.episodeOutcome("TEST123", 9448969759, "Other", "", "Test", "12345", "12345",
DateTime.Now.AddMinutes(-15), DateTime.Now, "Test", "TEST", new DateTime(1970, 01, 01),
"Male", "Test", "", "", "", "", "TN24 0GP", "G8000", out description);
以上代码有效,我可以在Fiddler中看到正在发送的消息,并且服务正在返回带有响应XML的HTTP 200
响应,但是我的测试应用程序中出现以下异常
Exception: System.ServiceModel.Security.MessageSecurityException
Message: The primary signature must be encrypted
就像我说的那样,我可以在Fiddler中看到原始的xml,所以我知道SOAP消息是正确的并且正由服务处理,响应正在被发回,但上面的异常被抛出。
我用google搜索但是我发现的所有内容都与WCF有关,但我调用的服务是Java,因此与WCF无关。
任何人都可以详细说明为什么我会得到这个例外以及如何解决这个问题?