使用消息安全性的 WCF 服务 TLS 握手
我正在尝试实现自定义 WCF 服务客户端。服务器使用 wsHttpBinding 和消息安全性,无需客户端凭据。我必须以编程方式形成一个适当的肥皂信封才能开始 TLS 握手。我已经捕获了来自标准 WCF 客户端的初始请求。该消息如下所示:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:f88d1721-29ce-4418-994e-a3796f053e63</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">http://localhost:56635/Service1.svc</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" Context="uuid-6549ee11-0349-4dbc-8686-6b7f0b079251-1">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFoBAABWAwFPQ8mbvU/nL8Cgu/CRIhhvVyRAYNdppNpdUY2UEi/GLQAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAABX/AQABAAAKAAYABAAXABgACwACAQA=</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
问题是,我无法弄清楚应该编码什么值并将其插入到 BinaryExchange 标记中。任何帮助将不胜感激。
I'm trying to implement a custom WCF service client. Server uses wsHttpBinding and message security with no client credentials. I have to programically form a proper soap envelope to begin TLS handshake. I've captured initial request from standard WCF client. The message looks like this:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:MessageID>urn:uuid:f88d1721-29ce-4418-994e-a3796f053e63</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">http://localhost:56635/Service1.svc</a:To>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" Context="uuid-6549ee11-0349-4dbc-8686-6b7f0b079251-1">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:KeySize>256</t:KeySize>
<t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFoBAABWAwFPQ8mbvU/nL8Cgu/CRIhhvVyRAYNdppNpdUY2UEi/GLQAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAABX/AQABAAAKAAYABAAXABgACwACAQA=</t:BinaryExchange>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
The problem is, I can't figure out what value I should encode and insert into the BinaryExchange tag. Any help would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你不想走那条路。涉及两个复杂的标准(ws-secureconversation 和 ssl nego)。每一个都包含多个消息交换。您需要非常努力才能使所有签名和加密部分正确无误。您应该使用常规 WCF 客户端。
you do not want to go that path. there are two complex standards involved (ws-secureconversation and ssl nego). each one includes multiple message exchanges. You will need to work really hard to get all the signed and encrypted parts right. You should use the regular WCF client.