0

我们需要使用一个运行 SSL 和 WS-Security 的 DataPower Web 服务。

我已经设置了一个运行 HTTP 和自定义用户名密码身份验证的 WCF Web 服务,以便在我们的网络中访问。此 Web 服务从我们的 Oracle 数据库中使用(Oracle 无法与 WS-Security 直接连接)。

当我们的本地 Web 服务被调用时,它会调用外部 Web 服务,并添加所有 WS-Security 标头和证书。

外部 Web 服务需要传输证书身份验证,以及用于对消息进行唱歌和加密的 x509 证书。

我在客户端 app.config 中设置了一个 CustomBinding(Web 服务作为 Windows 服务自托管)并且能够连接到外部 Web 服务。维护外部网络服务的人说他们正在成功接收我的消息,处理数据并发送响应。

问题是当我的客户端尝试处理响应时,我收到“EncryptedKey 子句未使用所需的加密令牌‘System.IdentityModel.Tokens.X509SecurityToken’包装。” 错误。

通过 WCF 日志记录,我可以看到收到的消息,并看到 HTTP OK 状态。

<?xml version="1.0"?>
<configuration>
  <system.web><compilation debug="true" /></system.web>
  <system.serviceModel>
    <client>
      <endpoint address="https://xxx.fff.eee/Service"
        behaviorConfiguration="WSSecBehavior" binding="customBinding"
        bindingConfiguration="Soap11_Secure" contract="xxx.yyy"
        name="ddddddd" />
    </client>
    <behaviors>
      <serviceBehaviors>
        <behavior name="TEST_Service_Behavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom"
                                    customUserNamePasswordValidatorType="Test_Proxy.PasswordValidator, Test_Proxy" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
      <endpointBehaviors>
        <behavior name="WSSecBehavior">
          <clientCredentials>
            <clientCertificate storeLocation="LocalMachine"
                               storeName="TrustedPeople"
                               x509FindType="FindByThumbprint"
                               findValue="dfgasdfgsdgsgfds" />
            <issuedToken defaultKeyEntropyMode="CombinedEntropy" cacheIssuedTokens="True" />
            <serviceCertificate>
              <authentication certificateValidationMode="PeerOrChainTrust"  />
              <scopedCertificates > 
                <add targetUri="https://xxx.fff.eee/Service" 
                     storeLocation="LocalMachine" 
                      storeName="TrustedPeople" x509FindType="FindByThumbprint" findValue="sdfgsdfgsdfgsfdg"  />
             </scopedCertificates>
              <defaultCertificate storeLocation="LocalMachine" 
                      storeName="TrustedPeople" x509FindType="FindByThumbprint" findValue="sdfgsdfgsdfgsdfgsdfg"  />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <services>
      <service behaviorConfiguration="TEST_Service_Behavior" name="Test_Proxy.TEST_Service">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="soap11Binding"
          name="Soap11" bindingName="Soap11" contract="Test_Proxy.ITEST_Service" />
        <endpoint address="mex" binding="mexHttpBinding" name="mex" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8449/GCOS_WebService/" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="soap11Binding" maxBufferPoolSize="2147483647"
          maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
            maxArrayLength="2147483647" maxBytesPerRead="2147483647" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
      <customBinding>
        <binding name="Soap11_Secure">
          <textMessageEncoding messageVersion="Soap11" />
          <security defaultAlgorithmSuite="Basic128Rsa15" allowSerializedSigningTokenOnReply="False"
            enableUnsecuredResponse="false" authenticationMode="MutualCertificate" messageProtectionOrder="SignBeforeEncrypt"
            messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
            securityHeaderLayout="Strict" requireDerivedKeys="False">
          </security>
          <httpsTransport maxReceivedMessageSize="5000000" authenticationScheme="Negotiate"
            maxBufferSize="5000000" requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>
<diagnostics performanceCounters="All" wmiProviderEnabled="True">
  <messageLogging
       logEntireMessage="True"
       logMalformedMessages="True"
       logMessagesAtServiceLevel="True"
       logMessagesAtTransportLevel="True"
       maxMessagesToLog="5000"
       maxSizeOfMessageToLog="50000" logKnownPii="True"/>
</diagnostics>  
  </system.serviceModel>
  <startup>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
  </startup>
<system.diagnostics>
      <trace autoflush="true"/>
<sharedListeners>
  <add name="sharedListener"
       type="System.Diagnostics.XmlWriterTraceListener"
       initializeData="Test_Service_Proxy.svclog" />
</sharedListeners>
<sources>
  <source name="System.ServiceModel" switchValue="Verbose, ActivityTracing" >
    <listeners>
      <add name="sharedListener" />
    </listeners>
  </source>
  <source name="System.ServiceModel.MessageLogging" switchValue="Verbose"  >
    <listeners>
      <add name="sharedListener" />
    </listeners>
  </source>
</sources>
</system.diagnostics>
</configuration>

请提供任何帮助或指导。

已发送请求:

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="uuid-1717e10e-8265-4ada-9dee-d01782ed03a9-1">
                <u:Created>2013-10-27T18:14:45.248Z</u:Created>
                <u:Expires>2013-10-27T18:19:45.248Z</u:Expires>
            </u:Timestamp>
            <o:BinarySecurityToken>
                <!-- Removed-->
            </o:BinarySecurityToken>
            <e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <o:SecurityTokenReference>
                        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">5ldE9AdwhGZ/xckWL9rimuji1eY=</o:KeyIdentifier>
                    </o:SecurityTokenReference>
                </KeyInfo>
                <e:CipherData>
                    <e:CipherValue>HPG3N2VwCSqS3ImLrKLzodnK/I23oPFk097vp8Iru2ZVmR7EotdnL9tU61C6/b8fUU36ntkDVnsECdp0nYqSSbgu9Hoo6LUIEXVLEySqjcj7M3YNeutHwuY1SK5FKdcfFcTuT7a5drxXHzkpJAEyiW7PAxF4c7BF/iVNYXhgcm0lZDpAct2cGhzdSx6gq+K4SMUVq44Vg6Z89yUVyQsERN3nY++DuJC4yn0Z718fD1+tiNlNXNuX2d1JAP1kh9UO0sYIb06lgg5lXmHAzU2XC5MFcPoK6w0HmKH3cyVThFDfnCMeB//xtVcUS7lgDo81o6YF2sstpH+aLHUemuhQTg==</e:CipherValue>
                </e:CipherData>
            </e:EncryptedKey>
            <c:DerivedKeyToken u:Id="_1" xmlns:c="http://schemas.xmlsoap.org/ws/2005/02/sc">
                <o:SecurityTokenReference>
                    <o:Reference URI="#_0"/>
                </o:SecurityTokenReference>
                <c:Offset>0</c:Offset>
                <c:Length>16</c:Length>
                <c:Nonce>
                    <!-- Removed-->
                </c:Nonce>
            </c:DerivedKeyToken>
            <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:DataReference URI="#_3"/>
            </e:ReferenceList>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#_2">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>eBkrZ4r7IEHLDZANylfLVRCNnrc=</DigestValue>
                    </Reference>
                    <Reference URI="#uuid-1717e10e-8265-4ada-9dee-d01782ed03a9-1">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>EqW8YFzg8XMFLjUNfDlxY6fQR5k=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>CGzogpiUa6jTUmLdd9EiqQdd7VeV3naM59raFqjtjtEf5pPk1a4uwk0ihuzWR7RZTXCa+oieqEE/oEQgEdXzjvDxXUUrmEcIV+be5HSBRw0GPj52Cp55kBHV5hfOCUfsmXcgGQ2mxFNyFQchbKQ20sAGgse+z/GzLnkFnGy/RWQ=</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-1bb3eb61-bd9e-42a9-9d0d-81de76cbbe73-3"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <e:EncryptedData Id="_3" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <o:Reference ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" URI="#_1"/>
                </o:SecurityTokenReference>
            </KeyInfo>
            <e:CipherData>
                <e:CipherValue>OC8ylIHfJ/QZs9HRTD+SMuYAsGdNTtn6iS/2Lo4GLzxqaOqfOl4dxqCM/0Vp2lwkOldDW3zZR90yiVbK58bdMrRwjJ5HeJop/NtM9e7ysrOeJjroyuVXtMdhRj5bUkz+scM+KsUgSLLCasm0NzWqFRK60CrqZFhTApQN5+EMlQm4HAUGkhW4Fg9C4bYodxR25FTqiTI3VEuAAB3mx1AAvhqnxttI2ghEl9D9Yvm70bl+Z5VfQxQ4DZbFipnSxpZCp3+29rgH4aa6yCYzc2qd630BYJ8ikzZM1YcWQCBsCxU5RB6Y8TF6G9f2Oi97glPeOIXjRaSzj0Vp7f42aappL1dmO6tNpogYOrh9GUsJdNr2CeNzxNGbpYNXmWi/CSOxNjKv8BvpLa12k22va0iHZt0NoOYwzsvY2mhbScUO0rkgLtYuRR4Hvf/rDwjdCjjusNodIEkQXmGxh9tg2vRGZaWounm8DFDlVcscGxeli8wFN1u8jpNeVy4k95sSKzvixqfvNDRZbL3hah7oiWaSYdwbyGl21xGqhuo8yI2T2iax7BZ2v/a02bqF9uj5sjvAnjxCpJK8iADPbbNrzCmL2i2Mo2yjgYyqCx3Jr3VylsymxBCVZqVO8pU8yoU/fYJJJtYQ0FMQs5VoD+yUhXcC5mxqOeMAVUPSntNJ/NhzOtZvMz7FGMR2EitPZ69a9utQfyOzfQzUW3xyE+iJcXxnBLzRAfQoguM0Tj8rBCqNvGTkyljz4URJnVe+a8diaO1YanZAq8K/u/Ei0I7GXDWl3hlE3aBP3wLPHce4eQZxRbZnlezF78H9XDlb3vqLsJ0ynFaS0oLcQ1SRhf1vV0XzTvNdphNRoaAH7EBQvUdj5z6zYjoP1ubndMtFKw+d/WVF7bc72NLR9vHHHiYQ3VN4dsFmH4R2G7mcD44LQgx0UKgwlbF5uixUXW/I4VHzHwehM4DdH8P/euy+KrmjFPrSyhMqPbaKwjIJswJjavUYdKkYJpLpCp8hfb0FvwGNC9Zyzafko5zuRheX/+f7P4kB1ZjXWC9QVb5Q8YaqIYTPXG53W+9usdxeQvPXXwx1lN7odz7OVrGGlvSN1TRybHDn9ysM+zhSwhggeoGkKtWsRoO6RKT9G3lVVuo7tcCXDJHXbPFE0gor1G5mh0iZZtwKagvNZr+TRp9WCh+nXTwU/GZh+utBl49euPA7hNVuunf/RE4ZDvnop0IVe+2f8CkM6ABy7R+T47w51r9NCMuSG7BnPHDfVFZc/ZhRee2eEyEyu4T+HnbRRyd3YJnU6+Y1wu9YTKFrbMLFjq3byZxBJgs70lW7PDXbFk1jegwg0CckjU+oTOyt9RK8iHUgniFEkAd6Z5NgCysoT0PZgOBn7wCeopTyA5ZRp9dFbeOn4vBEUcnP9iegg7nB27Pqi8HY3rgtOrIf0d8Ix2z5J1FRNZY=</e:CipherValue>
            </e:CipherData>
        </e:EncryptedData>
    </s:Body>
</s:Envelope>

收到的回复:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Header>
        <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
                <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <wsse:SecurityTokenReference>
                        <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">y1cWMPtJ5ta+ZXxOOHKhkAwG5zM=</wsse:KeyIdentifier>
                    </wsse:SecurityTokenReference>
                </dsig:KeyInfo>
                <xenc:CipherData xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
                    <xenc:CipherValue>T1TGYnixXqFJcR82RDV9t43jzD6w31zg8uV3Yv84ZG2+wXms2ajayviZ9Ps7+ak4nPVd8uP4u/zYl2jLCpCwEquA2mJ13P6guqcLQt4091ndJAjnBv1EljANCUB7sE4+W6VLZ6zZLhU7kzdH8dF1SUiDS4soSv8/hfWjK3OOrS4=</xenc:CipherValue>
                </xenc:CipherData>
                <xenc:ReferenceList>
                    <xenc:DataReference URI="#body"/>
                </xenc:ReferenceList>
            </xenc:EncryptedKey>
            <wsu:Timestamp wsu:Id="Timestamp-3c6a0000-8873-44a3-a1ce-7020c285baed" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsu:Created>2013-10-27T18:14:55Z</wsu:Created>
                <wsu:Expires>2013-10-27T18:19:55Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:BinarySecurityToken>
                <!-- Removed-->
            </wsse:BinarySecurityToken>
            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#Id-9c1b48c4-0bde-48af-9086-f8ce71eb74dd">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>F3pP+zcm2Iq8GewW/A4GX5kK8aU=</DigestValue>
                    </Reference>
                    <Reference URI="#Timestamp-3c6a0000-8873-44a3-a1ce-7020c285baed">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>MiDu5ZphIhMIAb9ISBj1EKOIfOY=</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>gEjjen88BeWVuTD7t2txOCFXfEOE2g2bvDbWnxS24tSJYpvywl+PEzif5Is/AXTzgmL/McU8/GOgxt8ZKTLe1k3Ux4ZlGCFQiuEyk/1rmEJ1UYt4wn6O0k3PU34HOgCJDjC/0CYjdNFEgG9rwFk6+H8nldCcbI8ZMsM+6OwvECthB5CNgwM3FZcIIZJmTUkEQLEsszw08xaao7kyZCMbs5HBvUr5kNrIiim0pbYO0o5eFF2A59NBfNugo8EYwvC9mkcy8/RJv7aDflxoLxPNgyV7HCFTyt5lwApo1yzOQFVFduGxCyQACBJdR5kevkmfiqBWTYWk6+/YcqaacNXKPg==</SignatureValue>
                <KeyInfo>
                    <wsse:SecurityTokenReference xmlns="">
                        <wsse:Reference URI="#SecurityToken-1e313a32-f22f-43bf-a2d7-a2a24b98a3ef" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                    </wsse:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </wsse:Security>
    </soap:Header>
    <soapenv:Body wsu:Id="Id-9c1b48c4-0bde-48af-9086-f8ce71eb74dd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <xenc:EncryptedData Id="body" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
            <xenc:CipherData>
                <xenc:CipherValue>5kvgGglS7ayNXv9LvFILgJjsw8IZ1wCkEZUPCAUakHuxEOpt/gsQ3KNdFkcwZr2rYrnZmrjKctbpAYpBbIXt1HJSAXu6AQQalMkn5B9o28uRfyvRt3Lvkt/lFcBdxGgIufGGPCJPvQlQ8WKmJ2jdolWKeufr/9UfV9m/zpkbycUdUQVfs0h9GQ4TML65ll+HKX2oQuMuHS1TjR6EgXvZThk3TDKf+GuyGkULH8ce60vrGi7qvMMDsfyh20YvJIUmnwHt9HxzMEK5IulM09czz90iyY1jet3GxCkB4x0l8mOO7IGJhQWTzyyD+Kh+rCnc67B+oRf/rgpOQbfcW8P3xnPwmoErGEscDoUa8LPcDBejd6vyKXIPZdNVtccqqarKkKyuhpF9g4uHD810VPcPQe7oKo84yk8YcaejavkKp7/svtAC6nCUJpszZDvhXBml1Qh8pzBMUbg+fnsMY/PRdpCYRvUYfBGx7NymCYTfY5jOaSEYUmHXPTYR1f1f9FckDoTMhMsVk/0TsPJyl8PbRExo91qrBpcJPZRBAUWUwU7Unx6gOqhzYadQ5d/0tp6C5gmBdg1b007TooPUOtGMJygc78lbXFPRxQaV81+hpMRbr4pJyTWpbHdu9dGx+XO+8edR78feB16N4XvxZtqX+HoxjWCE0tlYT8woFVYw8S0OW31XczzW/HuDVBqhTaozKny8CqUW/MU/NoR0jMGqhuK8S5vWHFl2Hv8YttaXlhRUy8aepKPtdNK8GOrjHtShKdkg30fpheFBSi4bjIbnv7VK2xpKgOklfTs14minc28kKxEbvrzQ56d9hKPgOydjU273GmWwudtSRVfuhUWpDkYDxAviaDYfnslSEY5GbPMW0dIXwr8miUZ7HFe4nHv397GAESCELlJ2cjDFwwcmKxnq5sPo7YYFaVqBZAnbdT0bpCsgieK6Vq8Ih/tm9BSXYod2q8NTaIzmhqDFgirgsyt4leEJy0zkGy7Cdd1PYVWOr9JJVsWFnl1laxhoaVDYzjrioP7k2Nk6gPCHjyOEK8LgqOecy6h4bJ2/Ui0Ce2nO1pvl4Za4ehvK5bQrZ6GxrvEa7gS5Mde2B+8BPZCDgehRt3SUy16ha1LxlTNFHRB5Ybzo+AMytAaNSF9zwSy71U5NOhsUdNUslKb7aj7VyOoUvayKMnHfESQIYIj57sH0AOqJzRzbDOpTV3BqXyYX2OIT2hkoSft1JuO0rSJd3mCRKwVDRbS+HufM3dmIn98VAsfYlsWLyd7zbRc7WsqlUzIhD5tVRkqeDS0R8cBR35mv4LV4NbvhvVK6CuI6i4ZL2UgyNQto3HQ5RMqohZFOtA1Lfl4W6WILSF51D1TNRZtbLwCmNAAWJFS/22BiGNN9TyOneFyrmalLYcRUeJ0bN9OZG7oG808noOUxtIIx9zPlHnjUO83/q573GmPK7nrtZJss4U7jeeLef1g08Iq9t6dyh1VViLeX6aCdMKTdmZ+HyQmR5IDe2gQ7N6bosnmZZURezvJUjpeulsJ6u5SVYP9tyGTZjPOwuO3mAxMtPWcuVfotT5qqE6Z6QJziRfIIEh4xp3m46mEalLKLphmm4uRGXmqMWHXWtitgFE2L9qDJoRVW++4ext6/q3cmWhj0qX97g/nHTU0bg42RJ2441Oj1rZtkbMcnwT0Wp3sn1dhkiPbax7XhmHA/l9wNYRE29sJP/M3jxOq8s/RWFTgZJAYtWjDK+uRncyvaSpNfeAlO53Flt25yFSoB1ybC1y+0Mdrd9xrhgh2GlzHmOnlQG0kKGjuc4mzvpgPIuTmM2kgduUXBpUh/gPV2JrFIxNxjkIp6gGG0Yq3mUpfL02ulWrdzhcvvPvAAvintHE3vjC7G9vmcw5T2/jU14LhF5/jLtP31hx3k+G4Re7NKMww9kbjOM/SC8w+tsNLEyVsDOLB2GMWzswkU8EER8Hqxm4ZIqYfDQOu5o+zxmOW9wtE8x43lk7Rt10BSbCPBIjLMGPomZBhVGh2R5HKINHwS/Vz0VDiq9O1MbO2lVKE02IC4</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </soapenv:Body>
</soap:Envelope>
4

3 回答 3

1

原来它与证书有关。一旦我们获得了带有数字签名和密钥加密的有效证书,一切就开始工作了。

不要认为我的自签名(自生成)证书具有所有必要的用途。

@Yaron - 谢谢你的帮助。

于 2013-11-07T08:32:49.290 回答
0

我建议您使用相同的设置设置 WCF 服务并验证它是否与客户端一起工作,然后将其响应的结构与失败的响应进行比较。

假设它们是相同的结构(否则需要更改绑定),一种选择是响应使用的加密证书与您在请求中用来签名的证书不同。验证响应 keyInfo 中的值确实是您用于签名的证书的 subjectKeyIdentifier。

<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">y1cWMPtJ5ta+ZXxOOHKhkAwG5zM=</wsse:KeyIdentifier>
于 2013-10-27T20:34:54.030 回答
0

有类似的问题。原来这是由于生成了没有主题密钥标识符(SKI)的自签名证书。检查这个答案:

WCF:EncryptedKey 子句未使用所需的加密令牌“System.IdentityModel.Tokens.X509SecurityToken”包装

于 2017-12-21T14:42:48.797 回答