将 SOAP 隐式标头添加到 WSDL

发布于 2024-11-02 03:56:52 字数 907 浏览 8 评论 0原文

我的问题与此类似。 当 WSDL 未定义 Soap 标头时如何传递它?但是不同。

对于我使用的 Web 服务,所有方法都需要身份验证,该身份验证以 SOAP 标头内的明文形式发送。但是,我的 WSDL 不包含任何肥皂标头信息。我有一个自定义平台工具,必须使用它来从 WSDL 生成代码。由于标头信息不可用,我无法直接使用生成的类 - 我不想手动修改代码以适应标头。

我尝试在 WSDL 中指定 SOAP 标头,但未能获得正确的命名空间。 WSDL 位于此处 https://stage.totalcheck.sensis.com.au/service /webservice?wsdl 和 SOAP 标头如下:

    <soapenv:Header>
        <wsse:Security>
            <wsse:UsernameToken>
                <wsse:Username>username</wsse:Username>
                <wsse:Password>password</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
   </soapenv:Header>

有人可以帮助我吗?谢谢!

My question is similar to this. How To Pass Soap Header When WSDL Doesn't Define It? But is different.

For a web service I use, all methods need authentication which is sent in cleartext inside a SOAP header. However, my WSDL doesn't include any soap header information. I have a custom platform tool which I must use to generate code from the WSDL. Since the header info is not available, am unable to use the generated class directly - I do not want to manually modify the code to accommodate the header.

I tried specifying the SOAP header in the WSDL but I failed to get the correct namespaces. The WSDL is here https://stage.totalcheck.sensis.com.au/service/webservice?wsdl and the SOAP header is as follows:

    <soapenv:Header>
        <wsse:Security>
            <wsse:UsernameToken>
                <wsse:Username>username</wsse:Username>
                <wsse:Password>password</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
   </soapenv:Header>

Can someone help me? Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

花辞树 2024-11-09 03:56:52

从概念的角度来看,WSDL 不应该定义标头。 WSDL 仅用于定义服务的功能方面,例如操作、消息、绑定和端点。消息和绑定定义了消息的有效负载应如何编码和格式化。

然而,SOAP 消息的标头不属于有效负载。它们通常用于配置 SOAP 处理器的非功能属性。安全性就是这样一个非功能性的属性。有效负载的功能方面不受影响。只能确保通信是安全的,并且 WS 工具堆栈(而不是服务实现)应该负责这一点。

因此,现在缺少的部分是一个标准,允许将一些非功能性需求附加到 WSDL 服务,以便代码生成器可以自动派生出需要发送和/或理解哪些标头,以便根据需要满足非功能性属性 - - 无需手动处理标头字段。该标准存在,称为 WS-Policy。策略通常包含一组替代方案,这些替代方案公开了提供者和消费者都应该能够满足的一组要求。当两个服务要相互交互时,将采用两种策略并计算所谓的“有效策略”。它定义了常见的非功能性需求。使用此信息,提供者和使用者可以自行配置以添加所需的标头,例如 WS-Security 标头。 WS-SecurityPolicy 还定义了一组可以使用的策略。 WS-PolicyAttachment 定义如何将此类策略附加到 WSDL。

有可以处理 WS-Policies 的代码生成器,例如 Metro 或 Axis2

From a conceptual point of view, WSDL is not supposed to define headers. WSDL is only for defining the functional aspects of a service, like operations, messages, binding and endpoints. Messages and bindings define how the payload of messages should be encoded and formatted.

The headers of SOAP messages however do not belong to the payload. They are typically used for configuring non-functional properties of a SOAP processor. Security is such a non-functional property. The functional aspect of the payload is not affected. It is only assured that the communication is secured and the WS tool stack, not the service implementation, should take care of that.

So the missing piece is now a standard that allows for attaching some non-functional requirements to WSDL services, so that code generators can automatically derive which headers need to be sent and/or understand in order to fulfill the non-functional property as desired -- without having to manually deal with header fields. This standard exists and is called WS-Policy. A policy contains typically a set of alternatives that expose a set of requirements that both, provider and consumer should be able to fulfill. When two services are supposed to interact with each other, both policies are taken and a so called "effective policy" is calculated. It defines the common non-functional requirements. Using this information, provider and consumer can configure themselves to add required headers, like the WS-Security headers. WS-SecurityPolicy also defines a set of policies that can be used. WS-PolicyAttachment defines how such policies can be attached to a WSDL.

There are code generators that can deal with WS-Policies, e.g. Metro or Axis2

丘比特射中我 2024-11-09 03:56:52

您可以通过使用 SoapHeader 属性装饰从 wsdl 生成的代理类中的方法,将肥皂头信息添加到方法调用中。

例如,当您“添加 Web 引用”时,wsdl.exe 将为 Web 服务引用生成客户端代理类 Reference.cs。在上面提到的链接中 https://stage.totalcheck.sensis.com.au/ service/webservice?wsdl 有一条消息 suggestAddress,当您从 Visual Studio 添加 Web 引用时,该消息将转换为生成的 Reference.cs 客户端代理代码文件中的方法。默认情况下,当调用此方法时,soap 信封中不会有 Header。要向此请求的信封添加 SoapHeader,请将 [SoapHeader("Security")] 属性添加到 Reference.cs 生成的类中 SuggestAddress 方法的顶部,其中“Security”是从 SoapHeader 基类继承的类。

对于上述所需的 Security SoapHeader 的示例,您将创建以下类,

public partial class Security : SoapHeader
{
    public UserNameToken UserNameToken { get; set; }
}

public partial class UserNameToken
{
    public string UserName { get; set; }
    public string Password { get; set; }
}

然后您将像下面这样装饰 Reference.cs 中的 SuggestAddress 方法,

[SoapHeader("Security")]
public suggestAddressesResult suggestAddresses([System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] addressSearch search) {
        object[] results = this.Invoke("suggestAddresses", new object[] {search});
        return ((suggestAddressesResult)(results[0]));
    }

这将确保调用 suggestAddress 方法时创建的每个信封都包含一个安全标头,该安全标头看起来像上面提到的,

<soapenv:Header>
    <wsse:Security>
        <wsse:UsernameToken>
            <wsse:Username>username</wsse:Username>
            <wsse:Password>password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>

You can add soap header information to method calls by decorating the methods in the proxy class generated from the wsdl with the SoapHeader attribute.

For example wsdl.exe will generate client proxy class Reference.cs for the web service reference when you "Add Web Reference". In the link mentioned above https://stage.totalcheck.sensis.com.au/service/webservice?wsdl there is a message suggestAddress which will translate to a method in the generated reference.cs client proxy code file when you add a web reference from visual studio. By default when this method is called there will be no Header in the soap envelope. To add a SoapHeader to the envelope for this request add a [SoapHeader("Security")] attribute to the top of the SuggestAddress method in the Reference.cs generated class, where "Security" is a class that inherits from SoapHeader base class.

Example for the above required Security SoapHeader you would create the following classes,

public partial class Security : SoapHeader
{
    public UserNameToken UserNameToken { get; set; }
}

public partial class UserNameToken
{
    public string UserName { get; set; }
    public string Password { get; set; }
}

Then you would decorate the SuggestAddress method in the reference.cs like followed,

[SoapHeader("Security")]
public suggestAddressesResult suggestAddresses([System.Xml.Serialization.XmlElementAttribute(Form=System.Xml.Schema.XmlSchemaForm.Unqualified)] addressSearch search) {
        object[] results = this.Invoke("suggestAddresses", new object[] {search});
        return ((suggestAddressesResult)(results[0]));
    }

This will ensure that every envelope created when method suggestAddress is invoked contains a security header that looks like the one mentioned above,

<soapenv:Header>
    <wsse:Security>
        <wsse:UsernameToken>
            <wsse:Username>username</wsse:Username>
            <wsse:Password>password</wsse:Password>
        </wsse:UsernameToken>
    </wsse:Security>

鹤舞 2024-11-09 03:56:52

对我来说,使用这个问题来帮助自己的关键是认识到(正如一些人指出的那样)所讨论的标头是 WS-Security 标准的标头。

如果您的代理生成工具是“自定义”的,那么您可能有一个开关来自动添加 WS-Security 标头,这似乎是合乎逻辑的。但是,如果您使用 WSDL.exe(Visual Studio 中的“添加 Web 引用”),请考虑改用 svcutil.exe(“添加服务引用”)。

如果您使用 WCF 代理,您可以覆盖给定的配置并允许 WCF 为您添加标头:

<security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    <message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

从那里您可以指定密码:

RemoteSvcProxy.TheirClient client = new RemoteSvcProxy.TheirClient();
client.ClientCredentials.UserName.UserName = "uname";
client.ClientCredentials.UserName.Password = "pwd";

我不知道您的自定义工具是什么,但也许它所基于的框架也有类似的配置选项。

Key for me in using this question to help myself was recognizing (as some pointed out) that the headers in question are those of WS-Security standard.

If your proxy generating tool is "custom" it seems logical that you might have a switch to automatically add the headers for WS-Security. However, if you're using WSDL.exe ("Add Web Reference" in Visual Studio), consider svcutil.exe instead ("Add Service Reference").

If you use a WCF proxy, you can override the given config and allow WCF to add the headers for you:

<security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
    <message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

From there you can specify the password:

RemoteSvcProxy.TheirClient client = new RemoteSvcProxy.TheirClient();
client.ClientCredentials.UserName.UserName = "uname";
client.ClientCredentials.UserName.Password = "pwd";

I don't know what your custom tool is, but perhaps the framework it's based on also has similar configuration options.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文