我正在尝试与 WCF 的 Java 服务集成。服务器需要 OASIS WSSE 安全标头用于用户名 + 密码身份验证。传输安全性由服务器端的 SSL 提供(没有用于相互身份验证的客户端证书)。请求正在运行,但 WCF 在处理响应时崩溃了......
使用 Fiddler2,我看到从服务器返回的有效响应没有任何问题,但它看起来像 WCF 阻塞在wsse:UsernameToken服务器响应中回显。
有什么方法可以忽略服务器响应中返回的令牌的客户端身份验证?我想我需要一个虚拟身份验证器并以某种方式将其附加到客户端的响应处理中,但我不确定在哪里挂钩该逻辑。
我不想使用 WSE 3.0,并且所有客户端设置都在代码中(没有外部程序集或配置文件)。
代码
private static IEndPointClient NewProxy(string userName, string password)
{
//Basic SOAP over TLS/SSL with WSSE header for authentication
var baseBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
//Strip the TimeStamp element from the WSSE header - server does not expect it
var elements = baseBinding.CreateBindingElements();
var securityElem = elements.Find<SecurityBindingElement>();
securityElem.IncludeTimestamp = false;
var binding = new CustomBinding(elements);
var address = new EndpointAddress(UATSERVER);
var svc = new EndPointClient(binding, address);
svc.ClientCredentials.UserName.UserName = userName;
svc.ClientCredentials.UserName.Password = password;
}
MessageSecurityException 消息和堆栈跟踪
找不到“System.IdentityModel.Tokens.UserNameSecurityToken”令牌类型的令牌身份验证器。根据当前的安全设置,不能接受该类型的令牌。
Server stack trace:
at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver, IList`1 allowedTokenAuthenticators, SecurityTokenAuthenticator& usedTokenAuthenticator)
at System.ServiceModel.Security.ReceiveSecurityHeader.ReadToken(XmlDictionaryReader reader, Int32 position, Byte[] decryptedBuffer, SecurityToken encryptionToken, String idInEncryptedForm, TimeSpan timeout)
at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
at System.ServiceModel.Security.StrictModeSecurityHeaderElementInferenceEngine.ExecuteProcessingPasses(ReceiveSecurityHeader securityHeader, XmlDictionaryReader reader)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)