2

我被分配为 Web 服务创建客户端。我以前没有使用 Web 服务的经验,我一直在尝试但没有成功。Web 服务托管在https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService 我能够使用 Visual Studio 2012 创建代理类并创建一个被拒绝的基本客户端服务,因为它不包括服务所需的任何安全规范。以下是文档的摘录,可在http://www.health.gov.on.ca/en/pro/publications/ohip/default.aspx获得

WS-Security 部分包括: WSS 1.1 的技术规范 • 身份要求;• 签约要求;• 加密要求;和 • 时间戳

IDP 为确保消息中敏感信息的机密性和完整性,发送方软件必须使用公钥技术对 SOAP 标头和正文进行签名。签名证书可以是任何可用的证书,并且可以是自签名的。如果任何响应数据被指定为加密,则根据特定的 Web 服务技术规范,将至少使用 AES128-CBC 对称加密算法对数据进行加密,公钥属于初始 SOAP 请求的签名者。加密算法可以根据具体的网络服务技术规范增加。

我的目标是创建一个可以访问该服务的 wcf 客户端。到目前为止,这是我所做的,但它不起作用:此示例尝试将文件上传到服务器:

        EndpointAddress address = new EndpointAddress("https://ws.conf.ebs.health.gov.on.ca:1441/EDTService/EDTService");
        //MCEDT userID and password
        string userId = "abcdefg";
        string password = "password";
        //MOH Id
        string mohId = "123456";
        //Vendor Conformance Key
        string key = "1234abcd-eeee-aaaa-ffff-abcdef123456";

public void upload()
        {
            Console.WriteLine("Uploading....");
            //Specify the binding to be used for the client.
            WSHttpBinding binding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);          

            binding.SendTimeout = new TimeSpan(0, 10, 0);
            UsernameToken ut = new UsernameToken(userId, password, PasswordOption.SendHashed);

            EDTDelegateClient client = new EDTDelegateClient(binding,address);            

            //Capture before send and after receive events
            client.Endpoint.Behaviors.Add(new InspectorBehavior());            

            ebs_header EBS = new ebs_header();
            EBS.AuditId = "123456789";
            EBS.SoftwareConformanceKey = confomanceKey;

            //The MCEDT service will only support the IDP security model in its first release.
            idp_header IDP = new idp_header();
            IDP.ServiceUserMUID = mohId;

            msa_header MSA = new msa_header();
            MSA.UserID = userId;

            //data to upload
            //sample claim provided by OHIP
            uploadData data = new uploadData();
            data.description = claim_file;
            data.content = File.ReadAllBytes(@"..\..\" + claim_file);

            uploadRequest ur = new uploadRequest();
            ur.upload = new uploadData[1];
            ur.upload[0] = data;

            try
            {
                resourceResult result = client.upload(EBS, MSA, IDP, ur.upload);

            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
         }
    }

我认为我目前所做的符合技术要求:“电子系统使用适当的值构造 SOAP 消息,并将 EBS 和 IDP 头插入带有用户名和密码的 SOAP 消息头中(对于 IDP在 WS-Security 用户名令牌中)。然后对 SOAP 标头和正文进行数字签名,以保证消息的完整性和来源。如果指定要加密的任何请求数据,根据特定的 Web 服务技术规范,它将使用EBS 系统。” 但我不知道如何签署标题和正文以及如何加密数据。证书随所有技术规格一起提供,我们拥有正确的用户和密码信息。只是我缺乏知识,是什么阻止了完成这个项目。
提前感谢社区的帮助。

编辑#1:来自文档的示例消息:

<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:msa="http://msa.ebs.health.ontario.ca/"
xmlns:idp="http://idp.ebs.health.ontario.ca/"
xmlns:edt="http://edt.health.ontario.ca/"
xmlns:ebs="http://ebs.health.ontario.ca/">
  <soapenv:Header>
    <ebs:EBS wsu:Id="id-4"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <SoftwareConformanceKey>444361ee-277f-7732-c684-7a9923jfgh1b</SoftwareConformanceKey>
      <AuditId>124355467675</AuditId>
    </ebs:EBS>
    <idp:IDP wsu:Id="id-3"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <ServiceUserMUID>1111222</ServiceUserMUID>
    </idp:IDP>
    <wsse:Security soapenv:mustUnderstand="1"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:BinarySecurityToken
      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"     
      ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
      wsu:Id="X509-04FD51796CB607011413612828891871">MIIF0zCCBLugAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBzzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAm9uMREwDwYDVQQHEwhraW5nc3RvbjEpMCcGA1UEChMgSGVhbHRoIFNvbHV0aW9ucyBEZWxpdmVyeSBCcmFuY2gxJTAjBgNVBAsTHEVsZWN0cm9uaWMgQnVzaW5lc3MgU2VydmljZXMxJzAlBgNVBAMTHkVCUyBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWc2Vhbi5jYXJzb25Ab250YXJpby5jYTAeFw0xMjA0MjkxNjAyMjNaFw0xNDA0MzAxNjAyMjNaMIGUMQswCQYDVQQGEwJDQTELMAkGA1UECBMCb24xETAPBgNVBAcTCGtpbmdzdG9uMSkwJwYDVQQKEyBIZWFsdGggU29sdXRpb25zIERlbGl2ZXJ5IEJyYW5jaDElMCMGA1UECxMcRWxlY3Ryb25pYyBCdXNpbmVzcyBTZXJ2aWNlczETMBEGA1UEAxQKRUJTX0NsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEEvvZ96t117651bJXIa8AaE69N1klliJvhrXFxtV2JcKoJHZG19Em6nFtxznvrfjHjQCOJXgREq0YLJmIHgIaIggug9g4oZhZoSXm11b0k+l9sI0uV1UQxSPvKZbptLw3JuY3E8iHoBTBY4TZDg0yfuuk5kpwT0JCqn8Pcoi2Oq2rQtEdnQ0TG5/lofJAMDRzBpK1ETnNOjzCeAkR3wHPec++q2nTuY9QFYntpOyk5JksRVuuIsR5OCW6rjFXTF7CJ84qxWloXmWl4M3yKDTi3ouD36Gplgo8fi2HLpNqVBDLCm7Acv8klkc0EyiFOpBzhEYWAVIIwC9ovybXRjg0CAwEAAaOCAfEwggHtMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMEsGCWCGSAGG+EIBDQQ+FjxTU0wgQ2xpZW50IGNlcnRpZmljYXRlIHZhbGlkIG9ubHkgZm9yIE1PSExUQy9IU0MgRUJTIFRlc3RpbmcwHQYDVR0OBBYEFKV6tGi2SztsTcIPYFkZcKr4yLJMMIIBBAYDVR0jBIH8MIH5gBT/qI53Ggvfsdz34whLQ2gDg+PhW6GB1aSB0jCBzzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAm9uMREwDwYDVQQHEwhraW5nc3RvbjEpMCcGA1UEChMgSGVhbHRoIFNvbHV0aW9ucyBEZWxpdmVyeSBCcmFuY2gxJTAjBgNVBAsTHEVsZWN0cm9uaWMgQnVzaW5lc3MgU2VydmljZXMxJzAlBgNVBAMTHkVCUyBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGCSqGSIb3DQEJARYWc2Vhbi5jYXJzb25Ab250YXJpby5jYYIJAOnNHCT34+b/MCEGA1UdEgQaMBiBFnNlYW4uY2Fyc29uQG9udGFyaW8uY2EwJgYDVR0RBB8wHYEbZGVyZXlrLmZlcm5hbmRlc0BvbnRhcmlvLmNhMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAJqCht181F8rUUNQ8jHa42kdKH+FDF0ISuklbg5MARHo+wt1laltaMeaXdESnLJBNGvcgxPZ4StYMdCH8mOEWYftCy5nkyGQCuOd2GpaJ3Hj50bjZ9vZUYyUBPUmwIEP2v75QQe62fHTqza/VjA0I5eMGMKa3URHsTdfNdnEJjtmHdxWRjAjjrHpHQWE0e1QtG+ZV1ved0f5OzDvdylbvrm4S0mgCifk8qEvZtNSoDp37MmSFr5fFmo91BqT23xAgzUKra428dw4T1EKJYEd6pNssNS4XCQ6bTx0Au3mW5iINtiaYQP8rlSykwaJ+dFAtBG00kdGpebf1prvq4H91eA==</wsse:BinarySecurityToken>
      <ds:Signature Id="SIG-6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces PrefixList="ebs edt idp msa soapenv"
            xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
          <ds:Reference URI="#UsernameToken-2">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="ebs edt idp msa soapenv"
                xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <ds:DigestValue>peTHpiEd5ujPqxNuKGN0k4p7up8c0dFPuRXbpQ+eMwI=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#TS-1">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="wsse ebs edt idp msa soapenv"
                xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <ds:DigestValue>DqLqNQVHwzHRx7amwoYxEMwxN2g0/rND2I13WPP1Vhw=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-3">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="ebs edt msa soapenv"
                xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <ds:DigestValue>K4IrndAA4zBmkumIfgKcluiKA8dmzwgGdKo5aq45LHg=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-4">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="edt idp msa soapenv"
                xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <ds:DigestValue>o92xRJQNwGz0Hv7DX87vSYUScX0qHL/bFGE3GmtUzQg=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#id-5">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces PrefixList="ebs edt idp msa"
                xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <ds:DigestValue>svNyvvP+MrjIYlZFsg+bgw//8IPNVvIO9px3vYUfW3I=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
          qDSZlgY/aTFOzzo1C4tx+1E8ertrbmBySRxEK6sJ1JCt/77TLV5PBGnAme9Ttdmzf6h7/qb4rBGL 76LM0PaCQ9xm3DTsSQOz/So82G+/kX8M9TPY9D44+dvlB+cXm9rPn2BLMSVwtJf0kwI22SmRzMTR 6a6jfNYkGga6ZwZC9NLfG5/KTvsyZ39vOdO3T5GYc15RSjHKVBggoWmKm7x5PHrhU+3gClEbtHP8+Fgmmd9PJOtl9WunzR7NpY79xRNGxmDmL8hLvE4+uIc//b6TvrbGB2t8IWb5e5Wdz+ssHgMm0802 wFwGXlVxvSHpEJroHz5OvRgh7PKGlUSZP9fWkg==
        </ds:SignatureValue>
        <ds:KeyInfo Id="KI-04FD51796CB607011413612828892812">
          <wsse:SecurityTokenReference wsu:Id="STR-04FD51796CB607011413612828892813">
            <wsse:Reference
            URI="#X509-04FD51796CB607011413612828891871"
            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsse:UsernameToken wsu:Id="UsernameToken-2">
        <wsse:Username>johndoe@examplemail.com</wsse:Username>
        <wsse:Password
        Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
      </wsse:UsernameToken>
      <wsu:Timestamp wsu:Id="TS-1">
        <wsu:Created>2013-02-19T14:08:08Z</wsu:Created>
        <wsu:Expires>2013-02-19T14:08:38Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body wsu:Id="id-5"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <edt:upload>
      <upload>
        <content>
          <inc:Include href="cid:2341682853256" xmlns:inc="http://www.w3.org/2004/08/xop/include" />
        </content>
        <description>00123</description>
        <resourceType>CL</resourceType>
      </upload>
    </edt:upload>
  </soapenv:Body>
</soapenv:Envelope>
4

1 回答 1

5

编辑:在此处查看使用此 EBS-EDT 服务的详细解决方案

由于您同时拥有用户名 auth 和 x.509 签名,因此您需要从代码创建绑定:

var sec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
            sec.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
            sec.MessageSecurityVersion =
                MessageSecurityVersion.
                    WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10;
            sec.IncludeTimestamp = false;
            sec.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;

            b.Elements.Add(sec);
            b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
            b.Elements.Add(new HttpsTransportBindingElement());

然后你需要在标题上签名。假设您使用消息协定(不是数据协定),其中标头使用 MessageHeader 属性显式标记,然后向其添加属性“ProtectionMode=ProtectionMode.Sign”。

于 2013-09-25T21:25:40.880 回答