自定义 X509SecurityTokenManager 被忽略
我有一个 Web 服务,它在 WSE 3.0 中使用带有 X.509 证书的消息层安全性。 该服务使用 X509v3 策略对肥皂头中的各种元素进行签名。
我需要对证书进行一些自定义检查,因此我尝试实现自定义 X509SecurityTokenManager 并在 web.config 中添加了一个部分。
当我使用 Wseproxy 调用该服务时,我预计会出现错误 (NotImplementedException),但调用失败,在下面的示例中,控制台上打印了“foo”。
问题是:错过了什么? web.config 中的 binarySecurityTokenManager 类型与 RDI.Server.X509TokenManager 的完整类名匹配。 X509TokenManager继承自 X509SecurityTokenManager(尽管方法只是存根)。
using System;
using System.Xml;
using System.Security.Permissions;
using System.Security.Cryptography;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Security.Tokens;
namespace RDI.Server
{
[SecurityPermissionAttribute(SecurityAction.Demand,Flags = SecurityPermissionFlag.UnmanagedCode)]
public class X509TokenManager : Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager
{
public X509TokenManager() : base()
{
throw new NotImplementedException("Stub");
}
public X509TokenManager(XmlNodeList configData) : base(configData)
{
throw new NotImplementedException("Stub");
}
protected override void AuthenticateToken(X509SecurityToken token)
{
base.AuthenticateToken(token);
throw new NotImplementedException("Stub");
}
}
}
我的 web.config 的前几行是为了简洁而编辑的
<?xml version="1.0"?>
<configuration><configSections><section name="microsoft.web.services3" type="..." />
</configSections>
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<security>
<binarySecurityTokenManager>
<add type="RDI.Server.X509TokenManager" valueType="http://docs.oasis-open.org/..." />
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>`
(顺便说一句,如何在 stackoverflow 上很好地格式化 xml?)
Administration.AdministrationWse test = new TestConnector.Administration.AdministrationWse();
X509Certificate2 cert = GetCert("RDIDemoUser2");
X509SecurityToken x509Token = new X509SecurityToken(cert);
test.SetPolicy("X509");
test.SetClientCredential(x509Token);
string message = test.Ping("foo");
Console.WriteLine(message);
我暂时停留在 .NET 2.0 (VS2005),所以我认为 WCF 已经超出了问题,否则互操作性不是问题,因为我将控制系统中的客户端和服务。
I have a webservice that that uses message layer security with X.509 certificates in WSE 3.0. The service uses a X509v3 policy to sign various elements in the soapheader.
I need to do some custom checks on the certificates so I've tried to implement a custom X509SecurityTokenManager and added a section in web.config.
When I call the service with my Wseproxy I would expect a error (NotImplementedException) but the call goes trough and, in the example below, "foo" is printed at the console.
The question is: What have missed? The binarySecurityTokenManager type in web.config matches the full classname of RDI.Server.X509TokenManager. X509TokenManager inherits from
X509SecurityTokenManager (altough methods are just stubs).
using System;
using System.Xml;
using System.Security.Permissions;
using System.Security.Cryptography;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Security.Tokens;
namespace RDI.Server
{
[SecurityPermissionAttribute(SecurityAction.Demand,Flags = SecurityPermissionFlag.UnmanagedCode)]
public class X509TokenManager : Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager
{
public X509TokenManager() : base()
{
throw new NotImplementedException("Stub");
}
public X509TokenManager(XmlNodeList configData) : base(configData)
{
throw new NotImplementedException("Stub");
}
protected override void AuthenticateToken(X509SecurityToken token)
{
base.AuthenticateToken(token);
throw new NotImplementedException("Stub");
}
}
}
The first few lines of my web.config, edited for brevity
<?xml version="1.0"?>
<configuration><configSections><section name="microsoft.web.services3" type="..." />
</configSections>
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<security>
<binarySecurityTokenManager>
<add type="RDI.Server.X509TokenManager" valueType="http://docs.oasis-open.org/..." />
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>`
(Btw, how do one format xml nicely here at stackoverflow?)
Administration.AdministrationWse test = new TestConnector.Administration.AdministrationWse();
X509Certificate2 cert = GetCert("RDIDemoUser2");
X509SecurityToken x509Token = new X509SecurityToken(cert);
test.SetPolicy("X509");
test.SetClientCredential(x509Token);
string message = test.Ping("foo");
Console.WriteLine(message);
I'm stuck at .NET 2.0 (VS2005) for the time being so I presume WCF is out of the question, otherwise interoperability isn't a problem, as I will have control of both clients and services in the system.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
问题出在其他地方。 我的服务器项目是一个网络应用程序,某些选项不适用于仅适用于网站的网络应用程序。 因此,我制作了一个小型网站项目并比较了 web.configs,发现有些行有所不同。
这些行位于网站 web.config 中,但不在我的其他项目中
添加这些行后,我收到了预期的错误。
The problem was located elsewhere. My serverproject was an web-app and some options wasn't available for web-apps just for web-sites. So I made a small web-site project and compared web.configs and noticed that some lines diffed.
These lines was in the website web.config but not in my other projekt
After I added those lines i got the expected error.
我知道这不是特别有建设性的建议,但如果我是你,我会尽快摆脱 WSE3.0。 今年早些时候,我们做了一些工作,试图让它与 WCF 和 Java 客户端进行互操作,但这绝对是一场噩梦。
另一方面,WCF 几乎是理智的,并且有关此类领域的文档非常好。 这是你的选择吗?
Not particular constructive advice I know, but if I was you I'd get off WSE3.0 as soon as possible. We did some work with trying to get it to interoperate with WCF and a Java client earlier this year and it was an obsolute KNIGHTMARE.
WCF on the other hand is practically sane and the documentation on areas like this is pretty good. Is that an option for you?