0
我正在嘗試連接到第三方Web服務。我試圖用多種方式去做,但我一直無法做到。他們使用Java服務和客戶端,他們給我發了什麼應該是正確的標題:如何爲第三方Web服務創建特定的SOAP標頭
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-DF651A72BB4BD472F5149301750204095" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="doc soapenv web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-DF651A72BB4BD472F5149301750203994">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="doc web" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>iITj5pTonO3g052LVSnea1yZd0Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DhsMfNnidlHk7QIRAWBrr44T6nMLLG00AN/1jnZSlV7pbrMZ3V/MrvW1S5hzQYGQXRH1U1bqzCw8wF2nGtizDtagWGR9UfBoq+wvFBktQy6f7B91DbN++q03a28i2iiSxiEOVWaCvZzCmwOOLdOIIvaD8c8YsJAIgzB+wGg1s6d14+0rk4zAEQrtu7hWvOtU3s6aKIMrX9JiP+1qVInI4RPWynZ9pIbB87vaZSMHsqkjexxKMBB7v5sZugDjl2gPsJeE4dbtC8pXrfZ4QhQ+HSsEYvMJ90J8zyoG2gLuOeCrcQDBe6RrdwpP20r2sTFMKpy2ADZnl1LkwbadvLvnQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-DF651A72BB4BD472F5149301750203992">
<wsse:SecurityTokenReference wsu:Id="STR-DF651A72BB4BD472F5149301750203993">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>OU=yyy,O=xxx,C=ES</ds:X509IssuerName>
<ds:X509SerialNumber>a very long integer here</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
我嘗試不同的綁定,像這樣的:
<basicHttpBinding>
<binding name="GInsideCertificateWSSoapBinding" >
<security mode="TransportWithMessageCredential" >
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
這一個:
<customBinding>
<binding name="CustomSoapBinding">
<security includeTimestamp="true"
authenticationMode="CertificateOverTransport"
defaultAlgorithmSuite="Basic256"
requireDerivedKeys="false"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
>
</security>
<textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2000000000"/>
</binding>
</customBinding>
但是沒有人會像他們寄給我的那樣產生一個標題。實施什麼樣的安全措施?他們告訴我BinarySecurityToken,但無法連接到服務。
任何想法?
我已經這樣做了。我想要的是一個簡單的BinarySecurityToken簽名,就像上面的SOAP消息一樣,但生成的消息真的不同。問題不在於如何獲得證書,而在於如何生成如上所述的SOAP。 – rasputino
噢,好的。那麼你會檢查這個頁面https://msdn.microsoft.com/en-us/library/ms827738.aspx。它關於如何創建自定義令牌。這很舊(2003),所以現在可以使用一些擴展或塊體包。 –
檢查此答案,它是相同的問題.http://stackoverflow.com/questions/37594829/use-wsse-security-header-in-soap-message-visual-studio-2015-net-framework-4-5或http://stackoverflow.com/questions/40671821/calling-a-java-ws-from-c-sharp –