我正在尝试将此 WSE3.0 代码转换为 WCF:
// we use Microsoft WSE 3.0 to insert the username token in the soap header.
// This strategy takes care of creating and inserting the Nonce and Created elements
// for us, as well as creating a password digest based on Nonce, Created, and
// the password itself. Refer to the WS-Secutiry UsernameToken Profile 1.1
// specification at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
Microsoft.Web.Services3.Security.Tokens.UsernameToken nametoken;
nametoken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(username, password, Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
Microsoft.Web.Services3.Design.Policy ClientPolicy = new Microsoft.Web.Services3.Design.Policy();
ClientPolicy.Assertions.Add(new UsernameOverTransportAssertion());
this._proxy.SetPolicy(ClientPolicy);
this._proxy.SetClientCredential<UsernameToken>(nametoken);
Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed除了以摘要模式发送密码(在上面的代码中)之外,我已经非常接近了:
TransportSecurityBindingElement transportBindingElement =
SecurityBindingElement.CreateUserNameOverTransportBindingElement();
transportBindingElement.AllowInsecureTransport = true;
transportBindingElement.EnableUnsecuredResponse = true;
transportBindingElement.IncludeTimestamp = true;
var binding = new CustomBinding(new BindingElement[] { //
transportBindingElement, //
new TextMessageEncodingBindingElement() {
MessageVersion = MessageVersion.Soap11
}, //
new HttpTransportBindingElement() {
AuthenticationScheme = AuthenticationSchemes.Digest,
}, //
});
上面仍然以纯文本(未散列)发送密码。我发现这个链接指向试图转换类似代码的人,有人说如果不编写自定义令牌序列化程序就无法设置 WCF 来执行此操作。
这个说法准确吗?
如果是,我需要做什么来创建和使用这个自定义序列化程序?
看起来这个链接可能是一个很好的起点,当与评论中链接的站点中的 PDF 结合时,给出以下公式Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ),但如果有人对我需要从中获得什么以及如何让 WCF 使用有更好的解释我很想听听我的新序列化程序。