2

我已经获得了需要使用 C# 访问的 WSDL 和 Web 服务的 URL。通过 HTTPS 访问 Web 服务,并指示我需要使用已提供给我们的证书对 SOAP 有效负载进行签名。我们还获得了一个示例 SOAP 消息,当我将它插入到 soapUI 中时,它会返回一个有效的响应。该消息如下所示:

<soapenv:Envelope xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xis="http://paymetric/2007-07/XiSecureWS.xsd">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-94D3D696D2D0F9176413124110633037" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICYDCCAcmgAwIBAgIFLtK9XLEwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTExMDQxMjE1MDk1M1oXDTEzMDQwMTE1MDk1M1owgYUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJHQTERMA8GA1UEBxMIQ29sb21idXMxDjAMBgNVBAoTBUFmbGFjMQ4wDAYDVQQLEwVBZmxhYzEWMBQGA1UEAxMNQ2VjaWxsaW8gR2lsbDEeMBwGCSqGSIb3DQEJARYPY2dpbGxAYWZsYWMuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMN5LPHPVzhTWkB/R7qJVNMe/Z9dLsCZ5qlo/m1BRS0nGS+EWSTrjeGj12pGIO7xKg+OMOZMOylvNTzsgrh6U+sCAwEAAaMPMA0wCwYDVR0PBAQDAgP4MA0GCSqGSIb3DQEBBQUAA4GBACwh0KaS6RqMRXY4IDTGfWq2KQ+lLpkjtReAXlnpYr350axV9EoPoDkW3MPwdsKPWeFPll4vZQbOw4+kw07rGXrKLydxp2FpCRRNzoGlMTDyA1HpOtL2zMpokXz7HB7E13Y6SwJjK03KTJSw4wJLw/2AzYmZiYbp6L6OvD1lx0fJ</wsse:BinarySecurityToken><ds:Signature Id="Signature-3" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>0YnXlBdLNSbCMUP0Tuiu3c2ye+g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
LBpI+U/3Q9utuaNR/8j4smX1VGoOCeexbDmL6xM4nrHpHyNys1J6kOJIwGLOW0XEKRzTbdil5JjO
iKR/jzg5hw==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-94D3D696D2D0F9176413124110633038">
<wsse:SecurityTokenReference wsu:Id="STRId-94D3D696D2D0F9176413124110633039" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Reference URI="#CertId-94D3D696D2D0F9176413124110633037" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
   <soapenv:Body wsu:Id="id-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <xis:sEncrypt_Input>
         <xis:MaxUnmaskedDigits>4</xis:MaxUnmaskedDigits>
         <xis:isUnmaskedFromLeft>1</xis:isUnmaskedFromLeft>
         <xis:strRawValue>1234123412341234</xis:strRawValue>
      </xis:sEncrypt_Input>
   </soapenv:Body>
</soapenv:Envelope>

我尝试使用 WSE 3.0 和 WCF 访问此服务。我知道 WSE 已经过时了,我不应该使用它,但是我非常渴望在这一点上有效的东西,而且我对 WCF 的运气也没有更好。

这是我的 WSE 实现:

XiSecureWSService svcXi = new XiSecureWSService();
            SoapContext context = svcXi.RequestSoapContext;

            X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);

            X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
                "certificatelookupinfo", false);

            X509Certificate2 cert;
            X509SecurityToken signatureToken;
            if (certs.Count == 1)
            {
                cert = certs[0];
                signatureToken = new X509SecurityToken(cert);
            }
            else
            {
                signatureToken = null;
            }

            MessageSignature sig = new MessageSignature(signatureToken);

            context.Security.Tokens.Add(signatureToken);
            context.Security.Elements.Add(sig);
            context.Security.MustUnderstand = false;
            context.Security.Timestamp.TtlInSeconds = 60;

            sEncrypt_InputType xiInput = new sEncrypt_InputType();
            xiInput.MaxUnmaskedDigits = 4;
            xiInput.isUnmaskedFromLeft = false;
            xiInput.strRawValue = "1234123412341234";

            sEncrypt_OutputType xiOutput = svcXi.pm_SingleEncrypt(xiInput);

这是我的 WCF 实现:

XiSecureWSPortTypeClient client = new XiSecureWSPortTypeClient("XiSecureWSServicePort",
                                                                           "https://endpointaddress");

            X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
            store.Open(OpenFlags.ReadOnly);

            X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,
                                                                       "certificatelookupinfo",
                                                                       false);

            X509Certificate2 cert;
            X509SecurityToken signatureToken;
            if (certs.Count == 1)
            {
                cert = certs[0];
                signatureToken = new X509SecurityToken(cert);
            }
            else
            {
                cert = null;
                signatureToken = null;
            }

            SecurityHeaderType security = new SecurityHeaderType();
            client.ClientCredentials.ClientCertificate.Certificate = cert;

            sEncrypt_InputType xiInput = new sEncrypt_InputType();
            xiInput.MaxUnmaskedDigits = 4;
            xiInput.isUnmaskedFromLeft = false;
            xiInput.strRawValue = "1234123412341234";

            sEncrypt_OutputType xiOutput = client.pm_SingleEncrypt(security, xiInput);

我的 .config 文件如下所示:

<?xml version="1.0"?>
<configuration>
  <startup>
  <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup>
  <system.serviceModel>
    <protocolMapping>
      <add scheme="https" binding="customBinding"/>
    </protocolMapping>
    <bindings>
      <customBinding>
        <binding name="MyCustomBinding">
          <textMessageEncoding messageVersion="Soap11" />
          <security authenticationMode="CertificateOverTransport" includeTimestamp="true" />
          <httpsTransport keepAliveEnabled="false" />
        </binding>
      </customBinding>
    </bindings>
    <client>
      <endpoint address="https://endpointaddress" binding="customBinding"
        bindingConfiguration="MyCustomBinding" contract="XiSecureWSPortType"
        name="XiSecureWSServicePort" />
    </client>
  </system.serviceModel>
</configuration>

通过 WSE 生成的 SOAP 调用如下所示:

    <?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soap:Header>
        <wsa:Action wsu:Id="Id-c93385e7-4e68-4e65-b73f-e0d6040b407a">http://endpoint.wsdl/pm_SingleEncrypt</wsa:Action>
        <wsa:MessageID wsu:Id="Id-dbdda6fd-6d3f-4b1d-8b30-34b87567d865">urn:uuid:054e3fdd-c1ab-4ef8-9e45-d6edbf462272</wsa:MessageID>
        <wsa:ReplyTo wsu:Id="Id-5704430b-7323-468d-9073-ce6f4adb03c6">
            <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
        </wsa:ReplyTo>
        <wsa:To wsu:Id="Id-795dab74-1cab-44ed-8c1e-6cf5db6d89c5">https://endpointaddress</wsa:To>
        <wsse:Security>
            <wsu:Timestamp wsu:Id="Timestamp-5c742cc5-9653-45f3-81cf-691d5e76861c">
                <wsu:Created>2013-03-08T19:53:18Z</wsu:Created>
                <wsu:Expires>2013-03-08T19:54:18Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="SecurityToken-d1c1eee1-4eaa-4418-8d80-4416b05b4745">MIICrDCCAhWgAwIBAgIFLtjzLRAwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTEyMDgzMTE1NTYyOFoXDTE0MDgyMTE1NTYyOFowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzETMBEGA1UEBwwKQ2hhcmxlc3RvbjESMBAGA1UECgwJQmxhY2tiYXVkMQwwCgYDVQQLDANVQVQxFjAUBgNVBAMMDUxpbmRhIENvbGxpbnMxIjAgBgkqhkiG9w0BCQEWE25vb25lQGJsYWNrYmF1ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvvNxFm5pXQepTeBkonadC9AHAlZrwyJheNewJ7gaS+jGNAFPHOabiUHS99TIo5Qp9+iwkKBeHuCiiJCeBzhBUVjTJ+CQFbJc12IhVRvOeW5xnyawbe+025BkK+xfjDFvTU2LIZjAV+3y+TADVWUV4VSALlwARKHH2EOu0JaZqfAgMBAAGjDzANMAsGA1UdDwQEAwID+DANBgkqhkiG9w0BAQUFAAOBgQCGQfBXqMe/Qmr3LIItBzHFyP+qu8+/IA7x+//xOFFm/GpJg8FWd8uHiuWOVNHjxLKzN/o+oKRPs1rBamCjB4CDI9BhKDDi6ZmA2uvSJV2pdEeKL63mgPBb0o8QrFrUWSqoDEGqa8d6vlgXrQSzojIK3rxjd71xfoPcdrcBwHqJCw==</wsse:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <ds:CanonicalizationMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <Reference URI="#Id-c93385e7-4e68-4e65-b73f-e0d6040b407a">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>kOQUVB/DeBZJiM5sOBtjdtuxXlg=</DigestValue>
                    </Reference>
                    <Reference URI="#Id-dbdda6fd-6d3f-4b1d-8b30-34b87567d865">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>pJRl5c7txgnw4rXEWzrFrmOBVPE=</DigestValue>
                    </Reference>
                    <Reference URI="#Id-5704430b-7323-468d-9073-ce6f4adb03c6">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>YBG6XGu50bEz+yGcUl6LSflpegM=</DigestValue>
                    </Reference>
                    <Reference URI="#Id-795dab74-1cab-44ed-8c1e-6cf5db6d89c5">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>LOUX6dBXgV0UI+2Xz2SbvXCjLZg=</DigestValue>
                    </Reference>
                    <Reference URI="#Timestamp-5c742cc5-9653-45f3-81cf-691d5e76861c">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>tUlKm/sCne9jjjlg/oOtycdFUhI=</DigestValue>
                    </Reference>
                    <Reference URI="#Id-44ed0eaf-f408-45ac-b703-fff9b3fdd638">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>ekZF3fuslJcNRjuXNekGZ49Hdq8=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>K1MfLOS6sHmPxVsaLgTHoS9/Kisy/T07Um0/qlpV+246F+jPy1HbU+K0/pnAGESgLnzzA8bbGp7fZxmoIOx6oAONtI7sqM6E6OxY9g0aw+b+XAL65JT+9cXIKLNOUs9O9f301PGmlJ0ldocz0TkAX9NQTxdv8e8zqhsBLsH9kKo=</SignatureValue>
                <KeyInfo>
                    <wsse:SecurityTokenReference>
                        <wsse:Reference URI="#SecurityToken-d1c1eee1-4eaa-4418-8d80-4416b05b4745" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
                    </wsse:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </wsse:Security>
    </soap:Header>
    <soap:Body wsu:Id="Id-44ed0eaf-f408-45ac-b703-fff9b3fdd638">
        <sEncrypt_Input xmlns="http://endpoint/xsdname.xsd">
            <MaxUnmaskedDigits>4</MaxUnmaskedDigits>
            <isUnmaskedFromLeft>false</isUnmaskedFromLeft>
            <strRawValue>1234123412341234</strRawValue>
        </sEncrypt_Input>
    </soap:Body>
</soap:Envelope>

WCF SOAP 请求如下所示:

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo8nVLrfiqatEmo8IboHWGp0AAAAA1E1NtzXJZEGIoAvEM9FGvDB0fAYl39xBpJzQdMwSA8IACQAA</VsDebuggerCausalityData>
        <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
            <u:Timestamp u:Id="_0">
                <u:Created>2013-03-08T21:13:18.546Z</u:Created>
                <u:Expires>2013-03-08T21:18:18.546Z</u:Expires>
            </u:Timestamp>
            <o:BinarySecurityToken u:Id="uuid-ecc8d8b8-ede9-46f6-b589-5d3b606a051a-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIICrDCCAhWgAwIBAgIFLtjzLRAwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTEyMDgzMTE1NTYyOFoXDTE0MDgyMTE1NTYyOFowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzETMBEGA1UEBwwKQ2hhcmxlc3RvbjESMBAGA1UECgwJQmxhY2tiYXVkMQwwCgYDVQQLDANVQVQxFjAUBgNVBAMMDUxpbmRhIENvbGxpbnMxIjAgBgkqhkiG9w0BCQEWE25vb25lQGJsYWNrYmF1ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvvNxFm5pXQepTeBkonadC9AHAlZrwyJheNewJ7gaS+jGNAFPHOabiUHS99TIo5Qp9+iwkKBeHuCiiJCeBzhBUVjTJ+CQFbJc12IhVRvOeW5xnyawbe+025BkK+xfjDFvTU2LIZjAV+3y+TADVWUV4VSALlwARKHH2EOu0JaZqfAgMBAAGjDzANMAsGA1UdDwQEAwID+DANBgkqhkiG9w0BAQUFAAOBgQCGQfBXqMe/Qmr3LIItBzHFyP+qu8+/IA7x+//xOFFm/GpJg8FWd8uHiuWOVNHjxLKzN/o+oKRPs1rBamCjB4CDI9BhKDDi6ZmA2uvSJV2pdEeKL63mgPBb0o8QrFrUWSqoDEGqa8d6vlgXrQSzojIK3rxjd71xfoPcdrcBwHqJCw==</o:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <Reference URI="#_0">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>8Jq254k3Mqm2AZ58M/7SZ0Oj9hY=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>oUQgQmYxq+RvetZYGBzHMg953V+w0hxoT5BAICFs1xDuNoJi2SYIO2nvyHrywVGpvqMLeY+K89FI9SdfMyPJx6iReZm/QB8gTP5ZwkY9YQxyEEn6hlVnU+CUYaQmBtnAXMJJkQxS+OAzz3SfGBcXZSulGMwRS1fJtbC3tNtBfF4=</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference URI="#uuid-ecc8d8b8-ede9-46f6-b589-5d3b606a051a-1" />
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <sEncrypt_Input xmlns="http://vendor/xsdfile.xsd">
            <MaxUnmaskedDigits>4</MaxUnmaskedDigits>
            <isUnmaskedFromLeft>false</isUnmaskedFromLeft>
            <strRawValue>4100123412341234</strRawValue>
        </sEncrypt_Input>
    </s:Body>
</s:Envelope>

无论我尝试使用 WSE 做什么,都会收到一条错误消息,提示“签名或解密无效”。如果我尝试 WCF 实现,我会得到“元素 'o:Security' 中的数据必须被理解但无法处理”。我一直在为此烦恼-有人有什么想法吗?

编辑:当前 SOAP 请求:

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" u:Id="_2" />
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo9KISySaFjJMiAw5zk9o3qYAAAAAxhoAIROo00iQikvZBzGIH8wpfBfX1e1Kg29TMjN6keYACQAA</VsDebuggerCausalityData>
        <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
            <o:BinarySecurityToken u:Id="uuid-bf6b0577-5466-4726-ac5e-2ba07665475f-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIICrDCCAhWgAwIBAgIFLtjzLRAwDQYJKoZIhvcNAQEFBQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEQMA4GA1UEBxMHSG91c3RvbjEYMBYGA1UEChMPUGF5bWV0cmljLCBJbmMuMQ0wCwYDVQQLEwRTYWFTMRswGQYDVQQDExJQTUNBLnBheW1ldHJpYy5jb20xIDAeBgkqhkiG9w0BCQEWEW1pc0BwYXltZXRyaWMuY29tMB4XDTEyMDgzMTE1NTYyOFoXDTE0MDgyMTE1NTYyOFowgY0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJTQzETMBEGA1UEBwwKQ2hhcmxlc3RvbjESMBAGA1UECgwJQmxhY2tiYXVkMQwwCgYDVQQLDANVQVQxFjAUBgNVBAMMDUxpbmRhIENvbGxpbnMxIjAgBgkqhkiG9w0BCQEWE25vb25lQGJsYWNrYmF1ZC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKvvNxFm5pXQepTeBkonadC9AHAlZrwyJheNewJ7gaS+jGNAFPHOabiUHS99TIo5Qp9+iwkKBeHuCiiJCeBzhBUVjTJ+CQFbJc12IhVRvOeW5xnyawbe+025BkK+xfjDFvTU2LIZjAV+3y+TADVWUV4VSALlwARKHH2EOu0JaZqfAgMBAAGjDzANMAsGA1UdDwQEAwID+DANBgkqhkiG9w0BAQUFAAOBgQCGQfBXqMe/Qmr3LIItBzHFyP+qu8+/IA7x+//xOFFm/GpJg8FWd8uHiuWOVNHjxLKzN/o+oKRPs1rBamCjB4CDI9BhKDDi6ZmA2uvSJV2pdEeKL63mgPBb0o8QrFrUWSqoDEGqa8d6vlgXrQSzojIK3rxjd71xfoPcdrcBwHqJCw==</o:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                    <Reference URI="#_1">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>zFBRC19YqaNfiONdpUCbcr4DQxs=</DigestValue>
                    </Reference>
                    <Reference URI="#_2">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                        <DigestValue>IkDHDcU8EXvtVZTidHKQd1q1g3s=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>a377DsYAjfklKE14NT1NjGWKNQaW2CCBXRpb08tzNcJKHPF07226AxqoA589y+IscFxwzlsQ+S5g4a5DkcXG25HYyNnXktHlQWzn9B1mvElQwY1pgq02hJ5g+Z3/ctyruqu4m1gKexYAtKthor06Zf800L4QNQlfYLDVawawwnc=</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-bf6b0577-5466-4726-ac5e-2ba07665475f-2" />
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" u:Id="_1">
        <sEncrypt_Input xmlns="http://vendor/xsdfile.xsd">
            <MaxUnmaskedDigits>4</MaxUnmaskedDigits>
            <isUnmaskedFromLeft>false</isUnmaskedFromLeft>
            <strRawValue>1234123412341234</strRawValue>
        </sEncrypt_Input>
    </s:Body>
</s:Envelope>
4

1 回答 1

2

您发布的最后一个soap 看起来像WSE 生成的那个。wcf 的外观如何?我建议将 wcf 与authenticatioMode 为“mutualCertificate”的自定义绑定一起使用,而不是像您使用的那样。有关您可能会看到的消息的更多详细信息,请参见此处。

于 2013-03-08T20:31:04.837 回答