4

在我调试这个的许多试验中

    Exception: `System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. 
This might be because the message is an unsecured fault or because there is a
     binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security`

如何调试故障异常

我不确定这是否就是为什么我的回复说“被客户端的政策拒绝”这只是一个猜测,是否可能是因为 soap header 中的额外垃圾。我的代码生成了一个看起来像这样的soap标头

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1" u:Id="_3"/>
    <a:MessageID u:Id="_4">urn:uuid:9659b138-7fc0-4bb6-8c0a-bae00336ba78</a:MessageID>
    <a:ReplyTo u:Id="_5">
      <a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
    </a:ReplyTo>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">
      uIDPo/RnkzjA3fBPjgXUnYt8J3IAAAAAoMwUVXqfw0yigCfFtptf4RNq4s3l6eJLuuLNNdxRoH4ACQAA
    </VsDebuggerCausalityData>
    <a:To s:mustUnderstand="1" u:Id="_6">https://service100.emedny.org:9047/MHService</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <o:BinarySecurityToken u:Id="uuid-8d1465b7-c0fd-4137-9361-d0a818286435-53" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
        <!--Removed-->
      </o:BinarySecurityToken>
      <o:BinarySecurityToken u:Id="uuid-8d1465b7-c0fd-4137-9361-d0a818286435-52" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
        <!--Removed-->
      </o:BinarySecurityToken>
    </o:Security>
  </s:Header>
  ...
</s:Envelope>

这是供应商的示例肥皂请求

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
  <soapenv:Header>
    <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
    <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>

这是我的客户端代码生成的附加内容

<a:Action s:mustUnderstand="1" u:Id="_3"/>
<a:MessageID u:Id="_4">urn:uuid:9659b138-7fc0-4bb6-8c0a-bae00336ba78</a:MessageID>
<a:ReplyTo u:Id="_5">
  <a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">
  uIDPo/RnkzjA3fBPjgXUnYt8J3IAAAAAoMwUVXqfw0yigCfFtptf4RNq4s3l6eJLuuLNNdxRoH4ACQAA
</VsDebuggerCausalityData>
<a:To s:mustUnderstand="1" u:Id="_6">https://service100.emedny.org:9047/MHService</a:To>

我将如何删除它?

互联网推荐使用 Imssageinspector 和 custombehviour

    public class CustomMessageInspector : IClientMessageInspector
    {
        #region IClientMessageInspector Members

        public void AfterReceiveReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
        {
        }

        public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
        {
            request.Headers.RemoveAll("Action", "http://schemas.xmlsoap.org/ws/2004/08/addressing");
            request.Headers.RemoveAll("MessageID", "http://schemas.xmlsoap.org/ws/2004/08/addressing");
            request.Headers.RemoveAll("ReplyTo", "http://schemas.xmlsoap.org/ws/2004/08/addressing");
            request.Headers.RemoveAll("To", "http://schemas.xmlsoap.org/ws/2004/08/addressing");

            return null;
        }
        #endregion
    }

    public class CustomBehavior : IEndpointBehavior
    {
        <--removed some more classes-->      
        public void ApplyClientBehavior(ServiceEndpoint serviceEndpoint, System.ServiceModel.Dispatcher.ClientRuntime behavior)
            {
                //Add the inspector
                behavior.MessageInspectors.Add(new CustomMessageInspector());
            }
     }

然后最后在调用proxyclient

MHSClient proxy = new MHSClient(GetCustomBinding(), 
                                new EndpointAddress(new Uri("https://service100.emedny.org:9047/MHService"),
                                EndpointIdentity.CreateDnsIdentity("DPMedsHistory"));

proxy.Endpoint.EndpointBehaviors.Add(new CustomBehavior());


private static Custombinding GetCustomBinding()
{

            var b = new CustomBinding();
            var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
            sec.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
            sec.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
            sec.MessageSecurityVersion =
                MessageSecurityVersion.
                    WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
            sec.IncludeTimestamp = false;

            sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
            TextMessageEncodingBindingElement textEncBE = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
            HttpsTransportBindingElement httpsBE = new HttpsTransportBindingElement();


            CustomBinding myBinding = new CustomBinding();
            myBinding.Elements.Add(sec);
            myBinding.Elements.Add(textEncBE);
            myBinding.Elements.Add(httpsBE);

            return myBinding;
}

这不起作用,或者更确切地说给了我一个错误:

没有为具有 '' 操作的消息指定签名消息部分。

4

0 回答 0