我正在尝试使用 WCF 客户端通过 https 调用基于 Java、启用 WS-Security 的 Web 服务,但似乎无法正确配置安全性。使用 SvcTraceViewer,我没有看到我尝试过的任何安全配置的预期安全标头。
我最近的安全配置是:
<wsHttpBinding>
<binding name="MySoapBinding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport/>
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false"/>
</security>
</binding>
</wsHttpBinding>
我在这样的代码中设置用户名/密码:
svc.ClientCredentials.UserName.UserName = TestBase.userName;
svc.ClientCredentials.UserName.Password = TestBase.password;
Java Web 服务需要这样的安全标头:
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-bf41c571-7d32-438c-937e-7d83a3ac2d14">
<wsu:Created>2010-12-27T16:43:16Z</wsu:Created>
<wsu:Expires>2010-12-27T16:48:16Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-4c9b30b1-d697-4c64-89cb-a6d7e857aebf">
<wsse:Username>MyUserName</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">MyPassword</wsse:Password>
<wsse:Nonce>pzLdD4S+OCDG6Ut9Ur1oOQ==</wsse:Nonce>
<wsu:Created>2010-12-27T16:43:16Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
我根本看不到安全标头。
我在网上阅读了很多关于传输与消息级安全和安全模式的信息,但似乎找不到合适的选项集。我应该如何配置我的绑定
- https 通讯
- SOAP 标头中的用户名/密码,纯文本 (WS-Security)
- 需要时间戳
- 需要随机数