使用C#,WCF SOAP使用者使用WSSE纯文本身份validation?
我有一个WCF SOAP使用者,它由Visual Studio 2012从WSDL实现。 WSDL由PeopleTools生成。 基础对象的类型为System.ServiceModel.ClientBase 。
我需要SOAP请求类似于:
[plain text username goes here] [plain text password goes here] Aren Cambre
这是我们最接近的:
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue urn:uuid:3cc3f2ca-c647-466c-b38b-f2423462c837 http://www.w3.org/2005/08/addressing/anonymous http://[internal URL to soap listener] http://schemas.xmlsoap.org/ws/2005/02/sc/sct http://schemas.xmlsoap.org/ws/2005/02/trust/Issue 256 FgMBAFoBAABWAwFQ9IhUFGUO6tCH+0baQ0n/3us//MMXzQA78Udm4xFj5gAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAABX/AQABAAAKAAYABAAXABgACwACAQA=
你会发现两个问题:
- 没有纯文本WSSE凭据。 传递服务不使用的二进制forms的凭据。
- 身份validation在
Body,而不是Header。 - 该请求省略了
InputParameters。
这是必不可少的C#代码:
var service = new ServiceWithBizarreNameFromPeoplesoft(); if (service.ClientCredentials == null) throw new NullReferenceException(); service.ClientCredentials.UserName.UserName = "test"; service.ClientCredentials.UserName.Password = "password"; var binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential) {Security = new WSHttpSecurity()}; service.Endpoint.Binding = binding; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Mode = SecurityMode.Message; var input = new InputParameters { Last_Name = "Cambre", First_Name = "Aren" }; var returnData = service.BizarrePeopleSoftNameForMethod(input);
没有HTTP层安全性,传输是SSL加密的。 身份validation仅基于SOAP消息。
这是对WS-SecureConversation令牌的请求。 默认情况下, WSHttpSecurity使用它,除非您将EstablishSecurityContext属性更改为false 。 请改用此绑定:
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
它将使用带有UserName令牌的SOAP 1.1,它将需要HTTPS传输。
编辑:
对于没有HTTPS的测试,请尝试使用此自定义绑定:
var securityElement = SecurityBindingElement.CreateUserNameOverTransportBindingElement(); securityElement.AllowInsecureTransport = true; var encodingElement = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); var transportElement = new HttpTransportBindingElement(); var binding = new CustomBinding(securityElement, encodingElement, transportElement);
这对我来说就像使用基本用户名密码身份validation的传输安全性的wsHttpBindings。
这些行看起来不对我:
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName; binding.Security.Mode = SecurityMode.Message;
以下是我希望在您的应用或web.config中看到此配置的方式
然后代码看起来像这样:
var service = new GeneratedProxyClient("basic"); service.ClientCredentials.UserName.UserName = "test"; service.ClientCredentials.UserName.Password = "password"; var input = new InputParameters { Last_Name = "Cambre", First_Name = "Aren" }; var returnData = service.BizarrePeopleSoftNameForMethod(input);
可能会在这里更好地解释 – > http://msdn.microsoft.com/en-us/library/ms733775.aspx