0

我有一个带有 HTTP 和 AD 身份验证的 onPremise Dynamics CRM 实例设置,没有任何 ADFS。

我愿意进行基本的 Web 服务调用(使用 NTLM):

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://schemas.microsoft.com/xrm/2011/Contracts/Services" xmlns:con="http://schemas.microsoft.com/xrm/2011/Contracts" xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays">
   <soap:Header/>
   <soap:Body>
      <ser:Retrieve>
         <!--Optional:-->
         <ser:entityName>?</ser:entityName>
         <!--Optional:-->
         <ser:id>?</ser:id>
         <!--Optional:-->
         <ser:columnSet>
            <!--Optional:-->
            <con:AllColumns>?</con:AllColumns>
            <!--Optional:-->
            <con:Columns>
               <!--Zero or more repetitions:-->
               <arr:string>?</arr:string>
            </con:Columns>
         </ser:columnSet>
      </ser:Retrieve>
   </soap:Body>
</soap:Envelope>

...但是自从我收到此回复以来,我似乎遗漏了一些东西:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action>
   </s:Header>
   <s:Body>
      <s:Fault>
         <s:Code>
            <s:Value>s:Sender</s:Value>
            <s:Subcode>
               <s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value>
            </s:Subcode>
         </s:Code>
         <s:Reason>
            <s:Text xml:lang="en-US">An error occurred when verifying security for the message.</s:Text>
         </s:Reason>
      </s:Fault>
   </s:Body>
</s:Envelope>

到目前为止,我的猜测是我在 SOAP 标头中遗漏了一些东西,但我不知道为什么,也许是在服务器端做些什么?也许有人会有线索?

[2016-03-01 11:12:02.248] Process: w3wp |Organization:00000000-0000-0000-0000-000000000000 |Thread:  146 |Category: Platform.Sdk |User: 00000000-0000-0000-0000-000000000000 |Level: Error |ReqId: a9210b00-7f84-43dc-a794-d8f9697c8b53 | ServiceModelTraceRedirector.TraceData  ilOffset = 0x45
><TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error"><TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier><Description>Throwing an exception.</Description><AppDomain>/LM/W3SVC/2/ROOT-2-131012583114393978</AppDomain><Exception><ExceptionType>System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties.   This can occur if the service is configured for security and the client is not using security.</Message><StackTrace>   at System.ServiceModel.Security.SecurityStandardsManager.CreateReceiveSecurityHeader(Message message, String actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
>   at System.ServiceModel.Security.MessageSecurityProtocol.CreateSecurityHeader(Message message, String actor, MessageDirection transferDirection, SecurityStandardsManager standardsManager)
>   at System.ServiceModel.Security.MessageSecurityProtocol.ConfigureReceiveSecurityHeader(Message message, String actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, IList`1&amp;amp; supportingAuthenticators)
>   at System.ServiceModel.Security.SymmetricSecurityProtocol.VerifyIncomingMessageCore(Message&amp;amp; message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
>   at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
>   at System.ServiceModel.Channels.SecurityChannelListener`1.ServerSecurityChannel`1.VerifyIncomingMessage(Message&amp;amp; message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationState)
>   at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityReplyChannel.ProcessReceivedRequest(RequestContext requestContext, TimeSpan timeout)
>   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.OnInnerReceiveDone()
>   at System.ServiceModel.Channels.SecurityChannelListener`1.ReceiveItemAndVerifySecurityAsyncResult`2.InnerTryReceiveCompletedCallback(IAsyncResult result)
>   at System.Runtime.Fx.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
>   at System.Runtime.AsyncResult.Complete(Boolean completedSynchronously)
>   at System.Runtime.InputQueue`1.AsyncQueueReader.Set(Item item)
>   at System.Runtime.InputQueue`1.Dispatch()
>   at System.Runtime.IOThreadScheduler.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
>   at System.Runtime.Fx.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
>   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
>

这意味着传入的消息应该有一个安全头,它不在 SOAP 请求中,这是真的。

然后我不知道应该在我的 SOAP 请求中添加什么样的安全标头。

4

1 回答 1

0

我建议使用此处提到的 SoapClient 捕获您的 SOAP 调用 - https://msdn.microsoft.com/en-us/library/gg594434(v=crm.7).aspx#BKMK_CaptureHTTPTraffic

于 2016-03-02T16:11:35.287 回答