c# - 使用 WCF 生成 SOAP 请求 (RSA-SHA256 PKCS #1 v1.5)
问题描述
我需要一些帮助才能使用 SOAP 使用 Web 服务。我的应用程序使用 .NET 4.0。
SOAP 请求必须遵循以下要求:
- 传输协议:HTTPS
- 通过 SSL v3/TLS v1.0 进行加密和认证
- 消息需要签名。(WS-Security 1.1,http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718,PKCS#1 v1.5,RSA-SHA256)
我必须使用两个不同的证书进行加密和签名。
WCF 配置应该是可配置的(可以停用签名)。所以绑定必须在 c# 代码中创建,而不是在 app.config 中。
服务器期望的请求示例:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-C6D119F21B41F79DBF154885449980234">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="s" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#id-5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo Id="KI-C6D119F21B41F79DBF154885449979232">
<wsse:SecurityTokenReference wsu:Id="STR-C6D119F21B41F79DBF154885449979233">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=..,O=...,C=..</ds:X509IssuerName>
<ds:X509SerialNumber>...</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</s:Header>
<s:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-5">
...
</s:Body>
</s:Envelope>
我的第一次尝试是使用 WCF 生成和发送请求,但我没有找到如何生成符合要求的内容。然后我尝试手动生成签名并使用 IClientMessageFormatter 和 IEndpointBehavior 手动创建标头。此解决方案不起作用,因为 WCF 应用了使签名无效的处理(切换 xml 属性和命名空间......)。我最后一次尝试是完全删除 WCF 并手动发送请求,但 HttpClient 在 .NET 4.0 中不可用,我不知道如何在没有它的情况下发送 TLS 请求。
谁能告诉我如何配置 WCF 以生成正确的 SOAP 请求?如果无法使用 WCF 创建请求,如何使用 .NET 4.0 发送 TLS 请求(并处理响应)?
谢谢。
解决方案
据我所知,header 可以在 web.config 或 app.config 中配置。
<endpoint address="http://ws-wuxipc-5077:4000/calculator" binding="basicHttpBinding"
contract="ServiceInterface.ICalculatorService" name="cal">
<headers>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">monMonDePasse</wsse:Password>
<wsse:Nonce>sdsdsdlojhfdsdM5Nw==</wsse:Nonce>
<wsu:Created>2019-01-21T6:17:34Z</wsu:Created>
</wsse:UsernameToken>
</Security>
</headers>
</endpoint>
您还可以通过 xml 在代码中添加标头。
using (ChannelFactory<ICalculatorService> ChannelFactory = new ChannelFactory<ICalculatorService>("cal"))
{
// ChannelFactory.Endpoint.EndpointBehaviors.Add(new MyEndpointBehavior());
ICalculatorService employeeService = ChannelFactory.CreateChannel();
using (OperationContextScope scope = new OperationContextScope((IContextChannel)employeeService))
{
System.Xml.XmlDocument document = new XmlDocument();
XmlElement element = document.CreateElement("wsse", "UsernameToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
XmlElement newChild = null;
newChild = document.CreateElement("wsse", "Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
newChild.InnerText = "finance";
element.AppendChild(newChild);
newChild = document.CreateElement("wsse", "password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
newChild.SetAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
newChild.InnerText = "387";
element.AppendChild(newChild);
MessageHeader messageHeader = MessageHeader.CreateHeader("security", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", element, false);
OperationContext.Current.OutgoingMessageHeaders.Add(messageHeader);
employeeService.Add(5, 6);
}
// List<Employee> list= employeeService.GetList();
Console.Read();
}
推荐阅读
- serial-port - Unable to connect to xbee device in xctu
- c# - Why Array.Add extension CAN be done in VB.NET and NOT in C#?
- docker - Trouble connecting Kibana to ElasticSearch on CapRover
- shopify - Shopify Webhook Signature Verification in NetSuite
- sql - Joing on SQL table with arrays
- windows - Setting default path with custom variable in windows 10pro
- shell - Map the corresponding values of a file in shell script
- python - 将文本写入画布 python tkinter
- javascript - How do I change the color of this AnchorLink on scroll?
- flutter - Flutter SocketIo Client TimeOut