个人中心
gpt4 book ai didi

.net - 如何添加 SOAP 安全 header

转载 作者:行者123 更新时间:2023-12-04 11:53:49 24 4
gpt4 key购买 nike

我已经阅读了很多文章和答案,但我无法解决。

我在我的项目中使用 .NET Framework 4.0。因此,我首先将 WebService 添加为服务引用并在我的 app.config 上获取绑定(bind)。我将列出我的尝试

尝试 #1

我像这样实例化了服务并添加了凭据:

在 App.Config 上

<binding name="SubscriptionWSImplServiceSoapBinding" >
  <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="Basic"/>
  </security>
</binding>

SubscriptionWSImplServiceClient ClientWs = new SubscriptionWSImplServiceClient();
ClientWs.ClientCredentials.UserName.UserName = "some-username";
ClientWs.ClientCredentials.UserName.Password = "some-password";

var SomeResposne = ClientWs.RunMethod(); //I have exception at this point

我得到一个异常如下: 
 System.ArgumentException: The provided URI scheme 'http' is invalid;
 expected 'https'. Parameter name: via at System.ServiceModel.Channels

异常(exception)情况是 Web 服务的 url 必须是 HTTPS,但给我的 Web 服务 url 是 HTTP 而不是 HTTPS。

但我不介意 HttpS 并进行了第二次尝试。

尝试 #2

this answer 中所述,我尝试如下: 
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
CustomBinding customBinding = new CustomBinding(binding);
SecurityBindingElement element = customBinding.Elements.Find<SecurityBindingElement>();
element.IncludeTimestamp = false;

EndpointAddress address = new EndpointAddress("https://www.GivenServiceUrl.com/WebService"); //Note that the url does not end as ..svc or ..asmx! Just the name like this with no dot or extension


SubscriptionWSImplServiceClient ClientWs = new SubscriptionWSImplService(customBinding, address);
ClientWs.ClientCredentials.UserName.UserName = "some-username";
ClientWs.ClientCredentials.UserName.Password = "some-password";

var SomeResposne = ClientWs.RunMethod(); //I have exception at this point

我得到一个异常如下:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'https://www.GivenServiceUrl.com/WebService'



因此,我进行了第三次尝试,我在我的项目中将引用作为 WebReference 而不是作为 ServiceReference。

尝试 #3 
SubscriptionWSImplService ClientWs2 = new SubscriptionWSImplService();
var SomeResposne = ClientWs.RunMethod(); //I have exception at this point

我现在不知道如何发送安全 header 。

我得到一个异常如下: 
 System.Web.Services.Protocols.SoapHeaderException: An error was
 discovered processing the <wsse: Security> header

但是在这里,我无法添加必要的标题。你能帮我解决这个问题吗?

尝试 1 或尝试 2 或尝试 3 ,考虑到我使用的是 Framework 4.0,应该使用哪一个?我该如何解决这个问题?

根据文档,最终请求 SOAP 必须如下所示: 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sub="http://subscription.services.ws.fourplay.com.tr/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-12" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">123456</wsse:Password>
           <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">1lcj+WbCMlrPyhcud4QxiQ==</wsse:Nonce>
           <wsu:Created>2012-06-05T10:23:26.879Z</wsu:Created>
        </wsse:UsernameToken>
     </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <sub:RunMethod>
         <!--Optional:-->
         <sub:opaque id>555555555</sub:opaque id>
         <sub:params>
            <!--Optional:-->
            <name>GUID</name>
            <!--Optional:-->
            <value>2fc4ce1d-645e-41f4-811e-28510a02a17f </value>
         </sub:params>      
</sub: RunMethod >

最佳答案

优秀的职位。你们都救了我的命!!我必须进行一些更改才能获得以下标题:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xml:mustUnderstand="1">
    <wsse:UsernameToken wsu:Id="UsernameToken-15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>EFO140714JPA</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">SgBJAHMANwBBACYANQBOAG8ANwAzACEANgBrAGEAJgBIAGwAJABMAA==</wsse:Password>
        <wsse:Nonce>SgBJAHMANwBBACYANQBOAG8ANwAzACEANgBrAGEAJgBIAGwAJABMAA==</wsse:Nonce>
        <wsu:Created>2016-08-04T11:24:10.0Z</wsu:Created>
    </wsse:UsernameToken>
</wsse:Security>
我所做的更改如下: 
        public class SoapSecurityHeader : MessageHeader
        {
            private readonly string _password, _username, _nonce, _createdDate;

            public SoapSecurityHeader(string id, string username, string password, string nonce, string created)
            {
                _password = password;
                _username = username;
                _nonce = nonce;
                _createdDate = created;
                this.Id = id;
            }

            public string Id { get; set; }

            public override string Name
            {
                get { return "Security"; }
            }

            public override string Namespace
            {
                get { return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; }
            }

            protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", Name, Namespace);
                writer.WriteXmlnsAttribute("wsse", Namespace);
 ------->       writer.WriteXmlAttribute("mustUnderstand", "1");
            }


            protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
            {
                writer.WriteStartElement("wsse", "UsernameToken", Namespace);
                writer.WriteAttributeString("wsu:Id", "UsernameToken-15");
                writer.WriteAttributeString("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");

                writer.WriteStartElement("wsse", "Username", Namespace);
                writer.WriteValue(_username);
                writer.WriteEndElement();

                writer.WriteStartElement("wsse", "Password", Namespace);
  ----->        writer.WriteAttributeString("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
                writer.WriteValue(_password);
                writer.WriteEndElement();

                writer.WriteStartElement("wsse", "Nonce", Namespace);
                writer.WriteValue(_nonce);
                writer.WriteEndElement();

  ------>       writer.WriteStartElement("wsu:Created");
                writer.WriteValue(_createdDate);
                writer.WriteEndElement();

                writer.WriteEndElement();
            }
        }

关于.net - 如何添加 SOAP 安全 header ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19111773/

24 4 0
文章推荐: sql - INSERT (x) VALUES (@x) WHERE NOT EXISTS ( SELECT * FROM
WHERE x = @x) 会导致重复吗?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com