.net - 如何添加 SOAP 安全 header

Question

我已经阅读了很多文章和答案，但我无法解决。

我在我的项目中使用 .NET Framework 4.0。因此，我首先将 WebService 添加为服务引用并在我的 app.config 上获取绑定(bind)。我将列出我的尝试

尝试 #1

我像这样实例化了服务并添加了凭据:

在 App.Config 上

<binding name="SubscriptionWSImplServiceSoapBinding" >
  <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="Basic"/>
  </security>
</binding>

SubscriptionWSImplServiceClient ClientWs = new SubscriptionWSImplServiceClient();
ClientWs.ClientCredentials.UserName.UserName = "some-username";
ClientWs.ClientCredentials.UserName.Password = "some-password";

var SomeResposne = ClientWs.RunMethod(); //I have exception at this point

我得到一个异常如下:

 System.ArgumentException: The provided URI scheme 'http' is invalid;
 expected 'https'. Parameter name: via at System.ServiceModel.Channels

异常(exception)情况是 Web 服务的 url 必须是 HTTPS，但给我的 Web 服务 url 是 HTTP 而不是 HTTPS。

但我不介意 HttpS 并进行了第二次尝试。

尝试 #2

如 this answer 中所述，我尝试如下:

BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
CustomBinding customBinding = new CustomBinding(binding);
SecurityBindingElement element = customBinding.Elements.Find<SecurityBindingElement>();
element.IncludeTimestamp = false;

EndpointAddress address = new EndpointAddress("https://www.GivenServiceUrl.com/WebService"); //Note that the url does not end as ..svc or ..asmx! Just the name like this with no dot or extension


SubscriptionWSImplServiceClient ClientWs = new SubscriptionWSImplService(customBinding, address);
ClientWs.ClientCredentials.UserName.UserName = "some-username";
ClientWs.ClientCredentials.UserName.Password = "some-password";

var SomeResposne = ClientWs.RunMethod(); //I have exception at this point

我得到一个异常如下:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'https://www.GivenServiceUrl.com/WebService'

因此，我进行了第三次尝试，我在我的项目中将引用作为 WebReference 而不是作为 ServiceReference。

尝试 #3

SubscriptionWSImplService ClientWs2 = new SubscriptionWSImplService();
var SomeResposne = ClientWs.RunMethod(); //I have exception at this point

我现在不知道如何发送安全 header 。

我得到一个异常如下:

 System.Web.Services.Protocols.SoapHeaderException: An error was
 discovered processing the <wsse: Security> header

但是在这里，我无法添加必要的标题。你能帮我解决这个问题吗？

尝试 1 或尝试 2 或尝试 3 ，考虑到我使用的是 Framework 4.0，应该使用哪一个？我该如何解决这个问题？

根据文档，最终请求 SOAP 必须如下所示:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sub="http://subscription.services.ws.fourplay.com.tr/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">123456</wsse:Password>
           <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">1lcj+WbCMlrPyhcud4QxiQ==</wsse:Nonce>
           <wsu:Created>2012-06-05T10:23:26.879Z</wsu:Created>
        </wsse:UsernameToken>
     </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <sub:RunMethod>
         <!--Optional:-->
         <sub:opaque id>555555555</sub:opaque id>
         <sub:params>
            <!--Optional:-->
            <name>GUID</name>
            <!--Optional:-->
            <value>2fc4ce1d-645e-41f4-811e-28510a02a17f </value>
         </sub:params>      
</sub: RunMethod >

Answer 1

优秀的职位。你们都救了我的命!!我必须进行一些更改才能获得以下标题:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xml:mustUnderstand="1">
    <wsse:UsernameToken wsu:Id="UsernameToken-15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>EFO140714JPA</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">SgBJAHMANwBBACYANQBOAG8ANwAzACEANgBrAGEAJgBIAGwAJABMAA==</wsse:Password>
        <wsse:Nonce>SgBJAHMANwBBACYANQBOAG8ANwAzACEANgBrAGEAJgBIAGwAJABMAA==</wsse:Nonce>
        <wsu:Created>2016-08-04T11:24:10.0Z</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>

我所做的更改如下:

        public class SoapSecurityHeader : MessageHeader
        {
            private readonly string _password, _username, _nonce, _createdDate;

            public SoapSecurityHeader(string id, string username, string password, string nonce, string created)
            {
                _password = password;
                _username = username;
                _nonce = nonce;
                _createdDate = created;
                this.Id = id;
            }

            public string Id { get; set; }

            public override string Name
            {
                get { return "Security"; }
            }

            public override string Namespace
            {
                get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
            }

            protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", Name, Namespace);
                writer.WriteXmlnsAttribute("wsse", Namespace);
 ------->       writer.WriteXmlAttribute("mustUnderstand", "1");
            }


            protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", "UsernameToken", Namespace);
                writer.WriteAttributeString("wsu:Id", "UsernameToken-15");
                writer.WriteAttributeString("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

                writer.WriteStartElement("wsse", "Username", Namespace);
                writer.WriteValue(_username);
                writer.WriteEndElement();

                writer.WriteStartElement("wsse", "Password", Namespace);
  ----->        writer.WriteAttributeString("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
                writer.WriteValue(_password);
                writer.WriteEndElement();

                writer.WriteStartElement("wsse", "Nonce", Namespace);
                writer.WriteValue(_nonce);
                writer.WriteEndElement();

  ------>       writer.WriteStartElement("wsu:Created");
                writer.WriteValue(_createdDate);
                writer.WriteEndElement();

                writer.WriteEndElement();
            }
        }