我正在尝试配置我的 WCF 客户端以创建包含 WS-Addressing、WS-Security 和 TLS 的 SOAP 1.1 请求。
安全要求是消息包含用户名令牌、时间戳,并且时间戳使用包含的 BinarySecurityToken 进行签名。
我已使用以下链接中的示例来创建我的 WCF 客户端绑定。我稍微修改了示例(见下文),以便使用 HTTPS 作为传输机制,而 MessageSecurity 基于 UsernameOverTransport。
HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement();
// the message security binding element will be configured to require 2 tokens:
// 1) A username-password encrypted with the service token
// 2) A client certificate used to sign the message
// Instantiate a binding element that will require the username/password token in the message (encrypted with the server cert)
TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
// Create supporting token parameters for the client X509 certificate.
X509SecurityTokenParameters clientX509SupportingTokenParameters = new X509SecurityTokenParameters();
// Specify that the supporting token is passed in message send by the client to the service
clientX509SupportingTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
// Turn off derived keys
clientX509SupportingTokenParameters.RequireDerivedKeys = false;
// Augment the binding element to require the client's X509 certificate as an endorsing token in the message
messageSecurity.EndpointSupportingTokenParameters.Endorsing.Add(clientX509SupportingTokenParameters);
// Create a CustomBinding based on the constructed security binding element.
return new CustomBinding(messageSecurity, httpsTransport);
此客户端生成的 SOAP 消息非常接近于满足我正在调用的服务的要求,唯一的问题是 wsa:To 地址和 TimeStamp 地址正在被签名。
有没有办法准确指定哪些 WCF 标头已签名?因为我需要限制客户端只签署 TimeStamp 标头。