0

我正在访问一个我无法从 WCF 客户端控制的基于 Java 的外部 Web 服务,它使用双重证书进行加密和签名以及自定义绑定。我从服务器获得了成功的响应,但 WCF 抛出 MessageSecurityException:“操作”、“ http://www.w3.org/2005/08/addressing ”所需的消息部分未签名。

我的自定义绑定:

private CustomBinding GetCustomBinding()
{
    CustomBinding binding = new CustomBinding();
    binding.OpenTimeout = new TimeSpan(0, 0, 20);
    binding.CloseTimeout = new TimeSpan(0, 0, 20);
    binding.SendTimeout = new TimeSpan(0, 5, 0);
    binding.ReceiveTimeout = new TimeSpan(0, 5, 0);

    var userNameToken = new UserNameSecurityTokenParameters();
    userNameToken.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;

    var securityElement = new AsymmetricSecurityBindingElement();
    securityElement.EnableUnsecuredResponse = true;
    securityElement.IncludeTimestamp = true;
    securityElement.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.Never);
    securityElement.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.IssuerSerial, SecurityTokenInclusionMode.AlwaysToRecipient);
    securityElement.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
    securityElement.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
    securityElement.SetKeyDerivation(false);
    securityElement.EndpointSupportingTokenParameters.Signed.Add(userNameToken);
    securityElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt;
    securityElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
    binding.Elements.Add(securityElement);

    var encodingElement = new TextMessageEncodingBindingElement();
    encodingElement.MessageVersion = MessageVersion.Soap11WSAddressing10;
    encodingElement.WriteEncoding = Encoding.UTF8;
    encodingElement.ReaderQuotas.MaxArrayLength = 50000000;
    encodingElement.ReaderQuotas.MaxStringContentLength = 50000000;
    binding.Elements.Add(encodingElement);

    var httpsElement = new HttpsTransportBindingElement();
    httpsElement.MaxBufferSize = 50000000;
    httpsElement.MaxReceivedMessageSize = 50000000;
    httpsElement.MaxBufferPoolSize = 50000000;
    httpsElement.UseDefaultWebProxy = true;
    binding.Elements.Add(httpsElement);

    return binding;
}

现在我不在乎该 Action 元素是否已签名,或者即使它根本不存在,但是破解响应以完全删除标签会导致“没有为具有 '' 操作的消息指定签名消息部分. ' 例外。

如何配置我的客户端以按原样接受响应消息中的操作和其他寻址元素?或者,我可以将它们更改为什么,以便 WCF 让它们通过?

4

1 回答 1

0

要覆盖用于身份验证的远程安全套接字层 (SSL) 证书的默认检查,请在客户端上指定:

ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return true; });

要调查证书错误,请检查RemoteCertificateValidationCallback委托的sslPolicyErrors参数(链接到 MSDN 手册页)。

于 2014-03-14T08:32:47.563 回答