1

我从第三方 wcf java 客户端接收到标头。我的 .NET svc 服务在收到后抛出异常,因为我在 web.config 中找不到兼容的算法套件值。这是我收到的 signerInfo 标头。

<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
<ds:Reference URI="#Id-8614033b-910c-4a74-abe7-bf44ddf4783b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>IRjrAkRMq+hCcPN4+/Wplx3ztPc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Id-bcc497b1-6ace-4bae-aabf-9e9881715ff2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>Je/XYQPnIn3OZtC8qqWAeTxWibQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>

如您所见,DigestMethod 算法和 SignatureMethod 算法是不同的。

这是我在 web.config 文件上的绑定配置:

binding name="BasicHttpBinding_IAdviserWsV2PortType" 
 maxReceivedMessageSize="2147483647">
          security mode="TransportWithMessageCredential" >
            message clientCredentialType="Certificate" algorithmSuite=""  
          security>
binding>

我找不到标签 algorithmSuite 的适当值。我尝试了微软官方文档中这个标签的大部分值,但没有一个可以同时接受 rsa-sha256 和 sha1 算法。

任何解决方案?,谢谢。

我在服务器端试过这个:

public static void Configure(ServiceConfiguration config)
        {
            config.LoadFromConfiguration(ConfigurationManager.OpenMappedExeConfiguration(new ExeConfigurationFileMap { ExeConfigFilename = @"C:\inetpub\wwwroot\IntegracionAdviser\Web.config" }, ConfigurationUserLevel.None));
            // add an custombinding endpoint at https:///basic
            config.AddServiceEndpoint(typeof(IAdviserWsV2PortType), GetCustomBinding(), "");
        }

        public static CustomBinding GetCustomBinding()
        {
            TransportSecurityBindingElement sec = (TransportSecurityBindingElement)TransportSecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10);
            sec.SetKeyDerivation(false);
            sec.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
            sec.IncludeTimestamp = true;
            sec.DefaultAlgorithmSuite = new SuiteAdviser();
       
            TextMessageEncodingBindingElement enc = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
            HttpsTransportBindingElement trans = new HttpsTransportBindingElement();

            CustomBinding binding = new CustomBinding();
            binding.Name = "CustomBinding_IMyService";
            binding.SendTimeout = new TimeSpan(00, 29, 00);

            binding.Elements.Add(sec);
            binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
            binding.Elements.Add(new HttpsTransportBindingElement());

            return new CustomBinding(binding);
        }

这是我继承自 SecurityAlgorithmSuite 的自定义类:

public class SuiteAdviser : SecurityAlgorithmSuite
{
    public SuiteAdviser() { }

    public override string DefaultAsymmetricSignatureAlgorithm
    {
        get { return SecurityAlgorithms.RsaSha256Signature; }
    }

    public override string DefaultDigestAlgorithm
    {
        get { return SecurityAlgorithms.Sha1Digest; }
    }

    public override string DefaultCanonicalizationAlgorithm
    {
        get { return SecurityAlgorithmSuite.Default.DefaultCanonicalizationAlgorithm; }
    }

    public override string DefaultEncryptionAlgorithm 
    {
        get { return SecurityAlgorithmSuite.Default.DefaultEncryptionAlgorithm; }
    }

    public override int DefaultEncryptionKeyDerivationLength
    {
        get { return SecurityAlgorithmSuite.Default.DefaultEncryptionKeyDerivationLength; }
    }

    public override string DefaultSymmetricKeyWrapAlgorithm
    {
        get { return SecurityAlgorithmSuite.Default.DefaultSymmetricKeyWrapAlgorithm; }
    }

    public override string DefaultAsymmetricKeyWrapAlgorithm
    {
        get { return SecurityAlgorithmSuite.Default.DefaultAsymmetricKeyWrapAlgorithm; }
    }

    public override string DefaultSymmetricSignatureAlgorithm
    {
        get { return SecurityAlgorithmSuite.Default.DefaultSymmetricSignatureAlgorithm; }
    }

    public override int DefaultSignatureKeyDerivationLength
    {
        get { return SecurityAlgorithmSuite.Default.DefaultSignatureKeyDerivationLength; }
    }

    public override int DefaultSymmetricKeyLength
    {
        get { return SecurityAlgorithmSuite.Default.DefaultSymmetricKeyLength; }
    }

    public override bool IsAsymmetricKeyLengthSupported(int length)
    {
        return true;
    }

    public override bool IsSymmetricKeyLengthSupported(int length)
    {
        return true;
    }

    public new static SuiteAdviser Default { get; }


}

不幸的是,我的 customBindig 中包含的 DefaultAlgorithmSuite 属性不接受继承类的新实例。相反,它需要静态属性的值。这是我的 IIS 中的异常。

ExceptionDetail, probablemente creado por IncludeExceptionDetailInFaults=true, cuyo valor es:
System.InvalidOperationException: Se inició una excepción en una llamada a una extensión de exportación de directiva.
Extensión: System.ServiceModel.Channels.HttpsTransportBindingElement
Error: El argumento especificado está fuera del intervalo de valores válidos.
Nombre del parámetro: suite ----> System.ArgumentOutOfRangeException: El argumento especificado está fuera del intervalo de valores válidos.
Nombre del parámetro: suite
   en System.ServiceModel.Security.WSSecurityPolicy.CreateAlgorithmSuiteAssertion(SecurityAlgorithmSuite suite)
   en System.ServiceModel.Security.WSSecurityPolicy.CreateWsspAlgorithmSuiteAssertion(MetadataExporter exporter, SecurityAlgorithmSuite suite)
   en System.ServiceModel.Security.WSSecurityPolicy.CreateWsspTransportBindingAssertion(MetadataExporter exporter, TransportSecurityBindingElement binding, XmlElement transportTokenAssertion)
   en System.ServiceModel.Channels.SecurityBindingElement.ExportTransportSecurityBindingElement(TransportSecurityBindingElement binding, ITransportTokenAssertionProvider transportTokenAssertionProvider, MetadataExporter exporter, PolicyConversionContext policyContext)
   en System.ServiceModel.Channels.SecurityBindingElement.ExportPolicyForTransportTokenAssertionProviders(MetadataExporter exporter, PolicyConversionContext context)
   en System.ServiceModel.Channels.HttpsTransportBindingElement.OnExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
   en System.ServiceModel.Channels.HttpTransportBindingElement.System.ServiceModel.Description.IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext context)
   en System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
   --- Fin del seguimiento de la pila ExceptionDetail interna ---
   en System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
   en System.ServiceModel.Description.WsdlExporter.ExportEndpoint(ServiceEndpoint endpoint, XmlQualifiedName wsdlServiceQName, BindingParameterCollection bindingParameters)
   en System.ServiceModel.Description.WsdlExporter.ExportEndpoints(IEnumerable`1 endpoints, XmlQualifiedName wsdlServiceQName, BindingParameterCollection bindingParameters)
   en System.ServiceModel.Description.ServiceMetadataBehavior.MetadataExtensionInitializer.GenerateMetadata()
   en System.ServiceModel.Description.ServiceMetadataExtension.EnsureInitialized()
   en System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.InitializationData.InitializeFrom(ServiceMetadataExtension extension)
   en System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.GetInitData()
   en System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.TryHandleDocumentationRequest(Message httpGetRequest, String[] queries, Message& replyMessage)
   en System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.ProcessHttpRequest(Message httpGetRequest)
   en System.ServiceModel.Description.ServiceMetadataExtension.HttpGetImpl.Get(Message message)
   en SyncInvokeGet(Object , Object[] , Object[] )
   en System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   en System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage41(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(MessageRpc& rpc)
   en System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
4

0 回答 0