.net - 需要帮助 - .NET 中带有 WS-Security Oasis 的 Soap 服务

Question

我正在尝试创建一个要从客户端使用的服务。它必须符合 WS-Security Oasis 标准，并且响应必须类似于：

<soapenv:Envelope xmlns:ns="http://inti.notariado.org/XML" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                    <wsu:Timestamp wsu:Id="TS-3E29AD5728CD9B921B14555351279296">
                        <wsu:Created>2016-02-15T11:18:47.928Z</wsu:Created>
                        <wsu:Expires>2016-02-15T11:23:47.928Z</wsu:Expires>
                    </wsu:Timestamp>
                    <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
                                              ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" 
                                              wsu:Id="X509-3E29AD5728CD9B921B14555351276791">MIIH6zCCB+cw...OMMITED...2lpK
                    </wsse:BinarySecurityToken>
                    <ds:Signature Id="SIG-3E29AD5728CD9B921B14555351277955" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <ds:SignedInfo>
                            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                            <ds:Reference URI="#id-3E29AD5728CD9B921B14555351277904">
                                <ds:Transforms>
                                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                        <InclusiveNamespaces PrefixList="ns" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                    </ds:Transform>
                                </ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                                <ds:DigestValue>jBhSy8vJGQtkVx9ok+aiLklTMaU=</ds:DigestValue>
                            </ds:Reference>
                        </ds:SignedInfo>
                        <ds:SignatureValue>ui...OMMITED...eLzGcWA==
                        </ds:SignatureValue>
                        <ds:KeyInfo Id="KI-3E29AD5728CD9B921B14555351277502">
                            <wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" 
                                                         wsu:Id="STR-3E29AD5728CD9B921B14555351277533" 
                                                         xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
                                                         <wsse:Reference URI="#X509-3E29AD5728CD9B921B14555351276791" 
                                                         ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
                            </wsse:SecurityTokenReference>
                        </ds:KeyInfo>
                    </ds:Signature>
    </wsse:Security>
    <ns:SERVICE_DISPATCHER>
        <ns:TIMESTAMP>2008-09-29T03:49:45</ns:TIMESTAMP>
        <ns:TIPO_MSJ>1</ns:TIPO_MSJ>
        <ns:EMISOR>TEST</ns:EMISOR>
        <ns:RECEP>CGN</ns:RECEP>
        <!--Optional:-->
        <ns:SERVICIO>CTREEF</ns:SERVICIO>
        </ns:SERVICE_DISPATCHER>
</soapenv:Header>
<soapenv:Body wsu:Id="id-3E29AD5728CD9B921B14555351277904" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <ns:SERVICE_DISPATCHER_REQUEST>
        <con:ConsultaTitularidadRealRequest xmlns:con="http://ancert.notariado.org/XML/ConsultaTitularidadReal/Terceros">
            <con:TipoConsulta>EMPRESAS_ACTUAL</con:TipoConsulta>
            <con:TipoResultado>XML_PDF</con:TipoResultado>
            <con:DatosConsulta>
                <con:Identificacion>
                    <con:TipoDocumento>1</con:TipoDocumento>
                    <con:NumeroDocumento>N4361258I</con:NumeroDocumento>
                </con:Identificacion>
            </con:DatosConsulta>            
        </con:ConsultaTitularidadRealRequest>
    </ns:SERVICE_DISPATCHER_REQUEST>
</soapenv:Body>

我尝试使用 WSE 3.0 和 WCF 来做到这一点，但我总是卡住，找不到关于如何保护服务的好的教程。

所以问题是......开发它的最佳方法是什么？有什么好的教程可以帮助我吗？我应该通过代码还是通过 web.config 配置安全性？

提前致谢。