如何让我的WCF客户端加密我的请求的SOAP正文?
提问于 2012-05-31 09:53:09
如何签名和加密我的WCF客户端服务调用(来自规范:所有消息都应根据WS-Security X.509令牌配置文件进行签名和加密。该规范可以在here中找到)。
我必须使用SOAP1.1和WS-Security,该服务是由第三方提供的,我非常确定他们是使用Java (IBM )(而不是WCf )编写的。
我已经尝试了以下方法,但我认为这是提出错误问题的情况,因为我读到的大多数内容都表明,客户端不会决定加密的内容,这是由服务保护级别(SignAndEncrypt)定义的。我还看到了应该用来加密的X509SecurityToken的引用,但我认为这是较旧的.net。
不管怎样,这就是我到目前为止所知道的:
' Create the binding.
Dim myBinding As New BasicHttpBinding() ' FOR SOAP 1.1
myBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential
myBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate
' Create the endpoint address.
Dim ea As New EndpointAddress("https://removed")
' Create the client.
Dim starClientProxy As New wcfStarServiceProxy.starTransportPortTypesClient(myBinding, ea)
' Specify a certificate to use for authenticating the client.
starClientProxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "removed")
'Cert used for encryption
starClientProxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.AddressBook, X509FindType.FindBySubjectName, "removed")所以现在它应该自动加密它吗?我找不到需要设置的任何内容
'call the service
Dim response As wcfStarServiceProxy.AcknowledgeRepairOrderPayload = starClientProxy.ProcessMessage(payload)所以,我想我已经成功地对请求进行了签名,但是,主体并没有加密。如何对正文进行加密?
回答 2
Stack Overflow用户
回答已采纳
发布于 2012-05-31 15:08:00
@Dejan给了我一个答案:
Private Function GetCustomBinding2() As Channels.Binding
Dim httpsBindingElement As New HttpsTransportBindingElement()
httpsBindingElement.AllowCookies = False
httpsBindingElement.BypassProxyOnLocal = False
httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard
httpsBindingElement.MaxBufferPoolSize = 524288
httpsBindingElement.MaxBufferSize = 65536
httpsBindingElement.MaxReceivedMessageSize = 65536
httpsBindingElement.RequireClientCertificate = True
httpsBindingElement.UseDefaultWebProxy = True
Dim asbe As New Channels.AsymmetricSecurityBindingElement
asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11
asbe.InitiatorTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
asbe.RecipientTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict
asbe.DefaultAlgorithmSuite = Security.SecurityAlgorithmSuite.Basic128Sha256
asbe.IncludeTimestamp = True
asbe.SetKeyDerivation(False)
'asbe.OnlySignEntireHeadersAndBody = True
'asbe.EndpointSupportingTokenParameters.SignedEncrypted.Add(New ServiceModel.Security.Tokens.X509SecurityTokenParameters)
'asbe.EndpointSupportingTokenParameters.SetKeyDerivation(False)
Dim myBinding As New CustomBinding
myBinding.Elements.Add(asbe)
myBinding.Elements.Add(New TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8))
'myBinding3.Elements.Add(New HttpsTransportBindingElement())
myBinding.Elements.Add(httpsBindingElement)
Return myBinding
End FunctionStack Overflow用户
发布于 2012-05-31 12:21:10
我已经创建了一个自定义绑定来实现两个级别的安全-证书和用户名-密码。我是这样做的(代码摘录):
CustomBinding customBinding = new CustomBinding();
// ...
HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
httpsBindingElement.AllowCookies = false;
httpsBindingElement.BypassProxyOnLocal = false;
httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
httpsBindingElement.MaxBufferPoolSize = 20480000;
httpsBindingElement.MaxBufferSize = 20480000;
httpsBindingElement.MaxReceivedMessageSize = 20480000;
httpsBindingElement.RequireClientCertificate = true;
httpsBindingElement.UseDefaultWebProxy = true;
TransportSecurityBindingElement transportSecurityElement = new TransportSecurityBindingElement();
transportSecurityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());
transportSecurityElement.EndpointSupportingTokenParameters.SetKeyDerivation(false);
// ...
customBinding.Elements.Add(transportSecurityElement);
customBinding.Elements.Add(httpsBindingElement);通过这种方式,客户端使用用户名和密码对消息进行签名和加密,但是您可以修改此示例并完成所需的操作。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/10831264
复制相关文章
![用户登录界面[通俗易懂]](https://ask.qcloudimg.com/http-save/yehe-8223537/a16d36c92e3ff852c45596f4e74c2edd.png)
![[javaSE] GUI(图形用户界面)](https://ask.qcloudimg.com/http-save/yehe-2504969/o04rixnck6.jpg)
腾讯云开发者
