2

我已经在元素中添加了一个自定义的soap header<MyApp:FOO>元素,<soap:Header>并且要求我必须签署这个元素,如何做到这一点? <MyApp:FOO>包含许多在更高级别上识别用户的东西(用户名、偏好等)。我已经成功地使用了一个策略文件,现在使用了一个带有 CertificateAssertions 和 SoapFilters 的 policyClass 来签署 wsu:Timestamp、wsu:action、wsu:MessageId 等。但是现在该<MyApp:FOO>元素也需要签名。

到目前为止我所理解的是,需要签名的元素必须使用 wsu:Id 属性进行标识,然后使用 xml-exc-c14n 进行转换。

那么,我如何指定也应该对soap标头进行签名?这是我用于签署消息的当前类。

internal class FOOClientOutFilter: SendSecurityFilter
{
X509SecurityToken clientToken;

public FOOClientOutFilter(SSEKCertificateAssertion parentAssertion)
: base(parentAssertion.ServiceActor, true)
{
// Get the client security token.
clientToken = X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=TestClientCert");

// Get the server security token.
serverToken = X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My, "CN=TestServerCert");
}

public override void SecureMessage(SoapEnvelope envelope, Security security)
{
// Sign the SOAP message with the client's security token.
security.Tokens.Add(clientToken);

security.Elements.Add(new MessageSignature(clientToken));
}
}
4

2 回答 2

3

My current version of SecureMessage seems to do the trick..

    public override void SecureMessage(SoapEnvelope envelope, Security security)
    {
        //EncryptedData data = new EncryptedData(userToken);
        SignatureReference ssekSignature = new SignatureReference();
        MessageSignature signature = new MessageSignature(clientToken);
        // encrypt custom headers

        for (int index = 0; index < envelope.Header.ChildNodes.Count; index++)
        {
            XmlElement child =
              envelope.Header.ChildNodes[index] as XmlElement;

            // find all FOO headers
            if (child != null && child.Name == "FOO")
            {
                string id = Guid.NewGuid().ToString();
                child.SetAttribute("Id", "http://docs.oasis-" +
                      "open.org/wss/2004/01/oasis-200401-" +
                      "wss-wssecurity-utility-1.0.xsd", id);
                signature.AddReference(new SignatureReference("#" + id));
            }
        }

        // Sign the SOAP message with the client's security token.
        security.Tokens.Add(clientToken);

        security.Elements.Add(signature);
    }
于 2008-09-30T10:29:55.783 回答
1

包括来自 MSDN 的补充文章

如何:将 Id 属性添加到 SOAP 标头

如何:对自定义 SOAP 标头进行数字签名

于 2009-01-12T13:11:22.733 回答