1

所有的极客都会说 WSE 已经过时了。现在对我来说没问题。只是试图为我的问题找到解决方案尝试使用 WSE 使用 Java Web 服务。在传出的soap 请求中有一个安全有附加时间戳的节点。我传出的肥皂请求看起来像这样

 <soap:Header>
    <wsa:Action wsu:Id="Id-6209d12b-20bf-407e-ac72-533d0f671a2c"></wsa:Action>
    <wsa:MessageID wsu:Id="Id-280fe225-2f80-4f37-b5d4-120146fc7dec">urn:uuid:a427b687-6f52-4689-9df2-c2e3c6d9ea1a</wsa:MessageID><
    wsa:ReplyTo wsu:Id="Id-bc623f16-761c-4e03-a23e-aa70bd9b8d34"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo>
    <wsa:To wsu:Id="Id-b8607eed-cb9e-426b-a5dc-51d7855c32e1">https://service100.emedny.org:9047/MHService</wsa:To>
   <wsse:Security soap:mustUnderstand="1">
   <wsu:Timestamp wsu:Id="Timestamp-cbeb0310-93bf-4f39-a44d-3516b32b40e6"><wsu:Created>2013-06-20T20:19:47Z</wsu:Created><wsu:Expires>2013-06-20T20:24:47Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType></BinarySecurityToken>....</soap:Header>

.. 我正在尝试删除操作、消息 ID、回复、时间戳元素

所以传出应该看起来像

   <soap:Header>
    <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:BinarySecurityToken........>
</soap:header>

我将如何从安全性中删除 4 个元素 + 时间戳节点。我正在使用 WSE3.0。抱歉,现在不是 Wcf rt 这是我尝试过的。

Step1

Create a custom policy assertion by deriving from Microsoft.Web.Services3.Design.PolicyAssertion.

        namespace UsernameAssertionLibrary
    {
        public class UsernameClientAssertion : SecurityPolicyAssertion, PolicyAssertion
        {
            private string username;
            private string password;

            public UsernameClientAssertion(string username, string password)
            {
                this.username = username;
                this.password = password;
            }

            public override SoapFilter CreateClientOutputFilter(FilterCreationContext context)
            {
                return new ClientOutputFilter(this, context);
            }

            public override SoapFilter CreateClientInputFilter(FilterCreationContext context)
            {
                // we don't provide ClientInputFilter
                return null;
            }

            public override SoapFilter CreateServiceInputFilter(FilterCreationContext context)
            {
                // we don't provide any processing for web service side
                return null;
            }

            public override SoapFilter CreateServiceOutputFilter(FilterCreationContext context)
            {
                // we don't provide any processing for web service side
                return null;
            }
            public override System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<string, Type>> GetExtensions()
            {
                return new KeyValuePair<string, Type>[] { new KeyValuePair<string, Type>("UsernameClientAssertion", this.GetType()) };
            }

            public override void ReadXml(XmlReader reader, IDictionary<string, Type> extensions)
            {
                reader.ReadStartElement("UsernameClientAssertion");
            }


            #region ClientOutputFilter
            class ClientOutputFilter : SendSecurityFilter
            {
                UsernameClientAssertion parentAssertion;
                FilterCreationContext filterContext;

                public ClientOutputFilter(UsernameClientAssertion parentAssertion, FilterCreationContext filterContext)
                    : base(parentAssertion.ServiceActor, false, parentAssertion.ClientActor)
                {
                    this.parentAssertion = parentAssertion;
                    this.filterContext = filterContext;
                }

                public override void SecureMessage(SoapEnvelope envelope, Security security)
                {
                    X509SecurityTokenManager objCertTokenManager = (X509SecurityTokenManager)SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
                    objCertTokenManager.DefaultKeyAlgorithm = "RSA15";
                    objCertTokenManager.DefaultSessionKeyAlgorithm = "TripleDES";

                    X509Certificate2 cert = GetCertificateFromStore("LMWARD");
                    X509SecurityToken x5091 = new X509SecurityToken(cert);

                    X509Certificate2 cert2 = GetCertificateFromStore("DPMedsHistory");
                    X509SecurityToken x5092 = new X509SecurityToken(cert2);
                    UsernameToken userToken = new UsernameToken(
                        parentAssertion.username,
                        parentAssertion.password,
                        PasswordOption.SendNone); // we don't send password over network
                                                  // but we just use username/password to sign/encrypt message

                    // Add the token to the SOAP header.
                    security.Tokens.Add(x5091);
                    security.Tokens.Add(x5092);
                    security.Tokens.Add(userToken);


                    // Sign the SOAP message by using the UsernameToken.
                    MessageSignature sig = new MessageSignature(x5091);
                    security.Elements.Add(sig);

                    // encrypt BODY
                    EncryptedData data = new EncryptedData(x5092);
                    // add ancrypted data to the security context
                    security.Elements.Add(data);
                }
                private static X509Certificate2 GetCertificateFromStore(string certName)
                {

                    // Get the certificate store for the current user.
                    X509Store store = new X509Store(StoreLocation.LocalMachine);
                    try
                    {
                        store.Open(OpenFlags.ReadOnly);

                        // Place all certificates in an X509Certificate2Collection object.
                        X509Certificate2Collection certCollection = store.Certificates;
                        X509Certificate2Collection signingCert = certCollection.Find(X509FindType.FindBySubjectName, certName, true);

                        if (signingCert.Count == 0)
                            return null;
                        // Return the first certificate in the collection, has the right name and is current. 
                        return signingCert[0];
                    }
                    finally
                    {
                        store.Close();
                    }

                }
            }
            #endregion
        }
    }

Step2
This is my wse3Policy.Config 

    <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
      <extensions>
        <extension name="usernameAssertion" 
          type="UsernameAssertionLibrary.UsernameServiceAssertion, 
                                         UsernameAssertionLibrary" />
      </extensions>
      <policy name="ServerPolicy">
        <usernameAssertion />
      </policy>
    </policies>

 Step3

     namespace.Service1 MHs = new Service1();
            UsernameClientAssertion assert = new UsernameClientAssertion("user", "pwd");

            // create policy
            Policy policy = new Policy();
            policy.Assertions.Add(assert);

            // and set it to web service
            MHs.SetPolicy(policy);
        Mhs.Method();

我没有收到任何错误。它在策略文件中有一个警告元素策略有一个无效的子元素用户名断言。可能的元素列表是.......安全时间戳元素,ActionId,mesageId,replyTo,wsa元素仍然出现在传出的soap中. 我在这里想念什么..

4

0 回答 0