2

如何对我的 WCF 客户端服务调用进行签名和加密(来自规范:所有消息都应根据 WS-Security X.509 令牌配置文件进行签名和加密。可以在此处找到规范)。

我必须使用 SOAP 1.1 和 WS-Security,该服务是由第 3 方提供的,我很确定他们是使用 Java (IBM DataPower) 编写的(反正不是 WCf)。

我尝试了以下方法,但我认为这是提出错误问题的情况,因为我读过的大部分内容都说客户端不会决定加密什么,这是由服务保护级别(SignAndEncrypt)定义的。我还看到了对我应该用来加密的 X509SecurityToken 的引用,但是我认为这是较旧的 .net。

无论如何,这就是我到目前为止所拥有的:

' Create the binding.
Dim myBinding As New BasicHttpBinding() ' FOR SOAP 1.1
myBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential
myBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate
myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate

' Create the endpoint address. 
Dim ea As New EndpointAddress("https://removed")

' Create the client. 
Dim starClientProxy As New wcfStarServiceProxy.starTransportPortTypesClient(myBinding, ea)

' Specify a certificate to use for authenticating the client.
starClientProxy.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "removed")

'Cert used for encryption
starClientProxy.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.CurrentUser, StoreName.AddressBook, X509FindType.FindBySubjectName, "removed")

所以现在它应该自动加密它?我找不到任何需要设置的东西

'call the service    
Dim response As wcfStarServiceProxy.AcknowledgeRepairOrderPayload = starClientProxy.ProcessMessage(payload)

所以,我认为我已经成功签署了请求,但是,正文没有加密。如何加密正文?

4

2 回答 2

1

我创建了一个自定义绑定来实现 2 级安全性 - 证书和用户名密码。我是这样做的(代码摘录):

        CustomBinding customBinding = new CustomBinding();
        // ...
        HttpsTransportBindingElement httpsBindingElement = new HttpsTransportBindingElement();
        httpsBindingElement.AllowCookies = false;
        httpsBindingElement.BypassProxyOnLocal = false;
        httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
        httpsBindingElement.MaxBufferPoolSize = 20480000;
        httpsBindingElement.MaxBufferSize = 20480000;
        httpsBindingElement.MaxReceivedMessageSize = 20480000;
        httpsBindingElement.RequireClientCertificate = true;
        httpsBindingElement.UseDefaultWebProxy = true;
        TransportSecurityBindingElement transportSecurityElement = new TransportSecurityBindingElement();
        transportSecurityElement.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());
        transportSecurityElement.EndpointSupportingTokenParameters.SetKeyDerivation(false);
        // ...
        customBinding.Elements.Add(transportSecurityElement);
        customBinding.Elements.Add(httpsBindingElement);

这样,客户端使用用户名和密码对消息进行签名和加密,但是您可以修改此示例并完成您需要的操作。

于 2012-05-31T12:21:10.430 回答
1

@Dejan 引导我回答:

Private Function GetCustomBinding2() As Channels.Binding

    Dim httpsBindingElement As New HttpsTransportBindingElement()
    httpsBindingElement.AllowCookies = False
    httpsBindingElement.BypassProxyOnLocal = False
    httpsBindingElement.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard
    httpsBindingElement.MaxBufferPoolSize = 524288
    httpsBindingElement.MaxBufferSize = 65536
    httpsBindingElement.MaxReceivedMessageSize = 65536
    httpsBindingElement.RequireClientCertificate = True
    httpsBindingElement.UseDefaultWebProxy = True



    Dim asbe As New Channels.AsymmetricSecurityBindingElement
    asbe.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11
    asbe.InitiatorTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
    asbe.RecipientTokenParameters = New ServiceModel.Security.Tokens.X509SecurityTokenParameters
    asbe.SecurityHeaderLayout = SecurityHeaderLayout.Strict
    asbe.DefaultAlgorithmSuite = Security.SecurityAlgorithmSuite.Basic128Sha256
    asbe.IncludeTimestamp = True
    asbe.SetKeyDerivation(False)
    'asbe.OnlySignEntireHeadersAndBody = True

    'asbe.EndpointSupportingTokenParameters.SignedEncrypted.Add(New ServiceModel.Security.Tokens.X509SecurityTokenParameters)
    'asbe.EndpointSupportingTokenParameters.SetKeyDerivation(False)

    Dim myBinding As New CustomBinding

    myBinding.Elements.Add(asbe)

    myBinding.Elements.Add(New TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8))
    'myBinding3.Elements.Add(New HttpsTransportBindingElement())
    myBinding.Elements.Add(httpsBindingElement)



    Return myBinding
End Function
于 2012-05-31T15:07:59.560 回答