wcf wss1.1 客户端的 BindarySecurityToken UsernameToken 配置
wcf wss1.1 BindarySecurityToken UsernameToken configuration for client
我想用证书签署邮件并包含 username/password。我可以让 WCF 执行其中一项,但不能同时执行两项。
我正在尝试设置客户端以连接到同时使用 x509 证书和 username/password 使用 WCF 的 SOAP 服务 (WS-Security 2004)。
我有服务器和客户端的证书以及服务端点的 SSL URI (https://)。需要签名的客户端消息:
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-1317568">
MIICejCCAeOgAwIBAgIRAKxcIy5wGNq2XWsruqtiXY4wDQYJKoZIhvcNAQEF
...
</wsse:BinarySecurityToken>
并且 header 还需要包含 UsernameToken:
<wsse:UsernameToken>
<wsse:Username>VendorName0001</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
password
</wsse:Password>
</wsse:UsernameToken>
我试过Rick Strahl's solution,但我不需要 NONCE,我仍然需要 x509 签名。
我的代码(我知道它不太正确),因为 BasicHttpSecurityMode.TransportWithMessageCredential 似乎覆盖了消息的用户名设置。
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var uri = "https://company.com/service.svc";
var client = new ServiceNamespace.ServiceWrapperClient(binding, new EndpointAddress(uri));
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
"1946c826c9bfb0b25b437da763a7c637eb19f963");
client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
StoreLocation.LocalMachine,
StoreName.TrustedPublisher,
X509FindType.FindBySubjectName,
"TEST subject name");
这对我有用:
更新网络参考资料class
//public partial class FooServiceWrapper : System.Web.Services.Protocols.SoapHttpClientProtocol {
public partial class FooServiceWrapper : Microsoft.Web.Services3.WebServicesClientProtocol {
使用 Soap Context Security 添加我需要的令牌
client.Url = ServiceUrl;
client.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap11;
client.RequestSoapContext.Security.Tokens.Add(
new UsernameToken("username", "password", PasswordOption.SendPlainText));
client.RequestSoapContext.Security.MustUnderstand = false;
var certToken = new X509SecurityToken(new X509Certificate2(clientCert));
client.RequestSoapContext.Security.Tokens.Add(certToken);
client.RequestSoapContext.Security.Elements.Add(new MessageSignature(certToken));
我想用证书签署邮件并包含 username/password。我可以让 WCF 执行其中一项,但不能同时执行两项。
我正在尝试设置客户端以连接到同时使用 x509 证书和 username/password 使用 WCF 的 SOAP 服务 (WS-Security 2004)。
我有服务器和客户端的证书以及服务端点的 SSL URI (https://)。需要签名的客户端消息:
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="CertId-1317568">
MIICejCCAeOgAwIBAgIRAKxcIy5wGNq2XWsruqtiXY4wDQYJKoZIhvcNAQEF
...
</wsse:BinarySecurityToken>
并且 header 还需要包含 UsernameToken:
<wsse:UsernameToken>
<wsse:Username>VendorName0001</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
password
</wsse:Password>
</wsse:UsernameToken>
我试过Rick Strahl's solution,但我不需要 NONCE,我仍然需要 x509 签名。
我的代码(我知道它不太正确),因为 BasicHttpSecurityMode.TransportWithMessageCredential 似乎覆盖了消息的用户名设置。
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
var uri = "https://company.com/service.svc";
var client = new ServiceNamespace.ServiceWrapperClient(binding, new EndpointAddress(uri));
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
"1946c826c9bfb0b25b437da763a7c637eb19f963");
client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
StoreLocation.LocalMachine,
StoreName.TrustedPublisher,
X509FindType.FindBySubjectName,
"TEST subject name");
这对我有用:
更新网络参考资料class
//public partial class FooServiceWrapper : System.Web.Services.Protocols.SoapHttpClientProtocol {
public partial class FooServiceWrapper : Microsoft.Web.Services3.WebServicesClientProtocol {
使用 Soap Context Security 添加我需要的令牌
client.Url = ServiceUrl;
client.SoapVersion = System.Web.Services.Protocols.SoapProtocolVersion.Soap11;
client.RequestSoapContext.Security.Tokens.Add(
new UsernameToken("username", "password", PasswordOption.SendPlainText));
client.RequestSoapContext.Security.MustUnderstand = false;
var certToken = new X509SecurityToken(new X509Certificate2(clientCert));
client.RequestSoapContext.Security.Tokens.Add(certToken);
client.RequestSoapContext.Security.Elements.Add(new MessageSignature(certToken));