4

我试图让 WCF 客户端使用请求的 SOAP 标头中提供的安全信息调用 Web 服务,如下所示。

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
                    xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                    xmlns:ah_etas_order="http://types.defra.gov.uk/ahw/eartagging/order"
                    xmlns:ah_common="http://types.defra.gov.uk/ahw/common/complextypes" 
                    xmlns:ah_assettype="http://types.defra.gov.uk/ahw/asset"
                    xmlns:ah_ref_data_sets="http://types.defra.gov.uk/ahw/common/referencedatasets"
                    xmlns:ah_custtype="http://types.defra.gov.uk/ahw/customer" 
                    xmlns:m5="http://types.defra.gov.uk/bs7666" 
                    xmlns:m6="http://www.govtalk.gov.uk/people/bs7666" 
                    xmlns:m7="http://types.defra.gov.uk/ahw/common/derivedtypes" 
                    xmlns:ah_etas_type="http://types.defra.gov.uk/ahw/eartagging">
    <SOAP-ENV:Header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:Security soap:role="system" soap:mustUnderstand="true">
            <wsse:UsernameToken>
                <wsse:Username>username here</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password here</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>...</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

我正在使用 Visual Studio 2012 和 .NET 4。文档说用于 CARA 服务的 SOAP 消息传递版本是 SOAP 1.2。

我添加了一个服务引用,添加了一个带有端点和以下自定义绑定的 web.config 文件。

<customBinding>
    <binding name="ProcessOrderBinding">
        <textMessageEncoding messageVersion="Soap12" />
        <httpTransport />
    </binding>
</customBinding>

我尝试了很多不同的 web.config 选项,但似乎无法获得正确的肥皂标题。谁能指出我正确的方向?

更新:

@Yaron,这是使用您的绑定的肥皂标题。我添加了一个 includeTimestamp=false 来删除时间戳。

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
            xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <h:Security xmlns:h="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
        <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">
            uIDPoxqYDT0sMwVImscgqVaf7GYAAAAAjin6KftLjkaS2CW99IXxrnWGCjfQnzFFuf4zGaQpeqIACQAA
        </VsDebuggerCausalityData>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:UsernameToken u:Id="uuid-79885712-d6eb-451c-9483-4df2b68722bd-1">
                <o:Username>username here</o:Username>
                <o:Password>password here</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">...</s:Body>
</s:Envelope>

如您所见,密码前缺少以下内容。

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
4

1 回答 1

3

使用此绑定:

<customBinding>
    <binding name="NewBinding0">
        <textMessageEncoding messageVersion="Soap12" />
        <security authenticationMode="UserNameOverTransport">
            <secureConversationBootstrap />
        </security>
        <httpsTransport />
    </binding>
</customBinding>

当然,您还需要在代理上提供用户/通行证:

proxy.ClientCredentials.Username.Username = "user"
proxy.ClientCredentials.Username.Password = "pass"

所有这些都假设您也使用 SSL。如果您不这样做,请查看CUB

于 2013-05-25T13:58:07.070 回答