通过HTTPS进行WCF并签署正文
我有一个我想要连接的SOAP服务。 它需要通过https访问,并且需要通过证书对其进行签名。
我试过以下代码:
按如下方式设置我的客户端:
P4_ServiceReference.P4PortTypeClient client = new P4_ServiceReference.P4PortTypeClient(); client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(@"[..].cer"); client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"[..]", "somepass");
甚至更改了我的Reference.cs以在ServiceContractAttribute和OperationContractAttribute上包含ProtectionLevel=ProtectionLevel.Sign 。
会发生什么是创建了wse:security标头,但是正文没有被签名。 该服务返回Element http://schemas.xmlsoap.org/soap/envelope/Body must be signed 。
我错过了什么让身体得到正确的签名?
使用此customBinding而不是basicHttpBinding修复它。
//Setup custom binding with HTTPS + Body Signing + Soap1.1 CustomBinding binding = new CustomBinding(); //HTTPS Transport HttpsTransportBindingElement transport = new HttpsTransportBindingElement(); //Body signing AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); asec.SetKeyDerivation(false); asec.AllowInsecureTransport = true; asec.IncludeTimestamp = true; //Setup for SOAP 11 and UTF8 Encoding TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); //Bind in order (Security layer, message layer, transport layer) binding.Elements.Add(asec); binding.Elements.Add(textMessageEncoding); binding.Elements.Add(transport);
似乎TransportWithMessageCredential仅将Transport用于安全性而忽略其他所有内容。