使用 C# 客户端调用 WS-Security Java Web 服务

发布于 2024-10-04 06:27:07 字数 1204 浏览 2 评论 0原文

我刚开始使用 WCF 和安全服务。

我正在尝试使用安全 HTTPS 传输连接到 java web 服务，并且它使用 WS-Security 用户名密码令牌身份验证。

我尝试使用以下绑定连接 WCF 客户端，但没有成功。

<bindings>
  <wsHttpBinding>
    <binding name="OperationsEndpoint1Binding" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferPoolSize="524288" maxReceivedMessageSize="1015536"
        messageEncoding="Text" textEncoding="utf-8"
        useDefaultWebProxy="true">

      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />

        <security  mode="TransportWithMessageCredential">
          <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
          <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

有谁有连接到 java webservice HTTPS 传输并使用 WS-Security UsernamePassword Token Authentication 的解决方案，非常感谢。

原文

I'm new at using WCF with secure services.

I'm trying to connect to a java webservice with secure HTTPS transport and it uses WS-Security UsernamePassword Token Authentication.

I've trying to connect with WCF client using the following binding with no luck.

<bindings>
  <wsHttpBinding>
    <binding name="OperationsEndpoint1Binding" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferPoolSize="524288" maxReceivedMessageSize="1015536"
        messageEncoding="Text" textEncoding="utf-8"
        useDefaultWebProxy="true">

      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />

        <security  mode="TransportWithMessageCredential">
          <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
          <message clientCredentialType="UserName" algorithmSuite="Default" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

Does anyone have a solution to connecting to java webservice HTTPS transport and use WS-Security UsernamePassword Token Authentication much appreciated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

孤独难免 2024-10-11 06:27:07

我是用wcf做的。
这对我来说可以通过 WS-Security 用户名令牌身份验证连接到 WebSphere ssl Soap Web 服务。

如果您可以使用.NET4.5+，并且服务器支持它，请务必避免使用默认的tls1.0并使用tls.1.1或1.2。

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress, 
                                                                String userName, 
                                                                X509Certificate2 clientCertificate, 
                                                                X509Certificate2 serviceCertificate, 
                                                                Int32 sendTimeoutMinutes){

// Custom Binding 
var myBinding = new CustomBinding
{
    SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0),
};
myBinding.Elements.Clear();

// asymmetric security
var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
mutual.AllowInsecureTransport = true;
mutual.AllowSerializedSigningTokenOnReply = true;
mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
mutual.EnableUnsecuredResponse = true;
mutual.IncludeTimestamp = false;
mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator};
mutual.RequireSignatureConfirmation = false;
mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
mutual.SetKeyDerivation(false);
// Sets in header the certificate that signs the Username
mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
myBinding.Elements.Add(mutual);


var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true };
httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
myBinding.Elements.Add(httpsBindingElement);


var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress);
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
factory.Endpoint.Behaviors.Remove(defaultCredentials);

var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = userName;
clientCredentials.ClientCertificate.Certificate = clientCertificate; 
clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

factory.Endpoint.Behaviors.Add(clientCredentials);

return factory;}

I did it using wcf.
This worked for me to connect to a WebSphere ssl soap web service with WS-Security Username Token Authentication.

If you can use .NET4.5+, and server supports it, be sure to avoid the default tls1.0 and use tls.1.1 or 1.2.

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress, 
                                                                String userName, 
                                                                X509Certificate2 clientCertificate, 
                                                                X509Certificate2 serviceCertificate, 
                                                                Int32 sendTimeoutMinutes){

// Custom Binding 
var myBinding = new CustomBinding
{
    SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0),
};
myBinding.Elements.Clear();

// asymmetric security
var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
mutual.AllowInsecureTransport = true;
mutual.AllowSerializedSigningTokenOnReply = true;
mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
mutual.EnableUnsecuredResponse = true;
mutual.IncludeTimestamp = false;
mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator};
mutual.RequireSignatureConfirmation = false;
mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
mutual.SetKeyDerivation(false);
// Sets in header the certificate that signs the Username
mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
myBinding.Elements.Add(mutual);


var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true };
httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
myBinding.Elements.Add(httpsBindingElement);


var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress);
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
factory.Endpoint.Behaviors.Remove(defaultCredentials);

var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = userName;
clientCredentials.ClientCertificate.Certificate = clientCertificate; 
clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

factory.Endpoint.Behaviors.Add(clientCredentials);

return factory;}

回复收藏 0 原文