WCF клиент с WS-Security

Question

Мне нужно реализовать клиента WCF, который отвечает следующий пример SOAP сообщения:

<soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:msa="http://msa.ebs.health.ontario.ca/" 
xmlns:idp="http://idp.ebs.health.ontario.ca/" 
xmlns:edt="http://edt.health.ontario.ca/" 
xmlns:ebs="http://ebs.health.ontario.ca/"> 
    <soapenv:Header> 
    <ns2:EBS wsu:Id="id-1" xmlns:ns2="http://ebs.health.ontario.ca/" > 
     <SoftwareConformanceKey>444561ee-277f-77b2-c664-7a9923jfgh1b</SoftwareConformanceKey> 
     <AuditId>f68e6ff9-74f7-4022-8618-ec2cf0ee4b6a</AuditId> 
    </ns2:EBS> 
    <ns2:MSA wsu:Id="id-2" xmlns:ns2="http://msa.ebs.health.ontario.ca/" > 
     <ServiceUserMUID>4523394</ServiceUserMUID> 
     <UserID>johndoe</UserID> 
    </ns2:MSA> 
    <wsse:Security SOAP-ENV:mustUnderstand="1"> 
     <wsu:Timestamp wsu:Id="id-3"> 
     <wsu:Created>2012-06-26T16:18:15.185Z</wsu:Created> 
     <wsu:Expires>2012-06-26T16:18:45.185Z</wsu:Expires> 
     </wsu:Timestamp> 
     <wsse:UsernameToken wsu:Id="id-4"> 
     <wsse:Username>72214255</wsse:Username> 
     </wsse:UsernameToken> 
     <wsse:BinarySecurityToken 
     EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
     ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
     wsu:Id="X509-0EE1C2718CEDCA9FC213407274954261"> 
     MIICMzCCAZygAwIBAgIET1e+dDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsGA1UEChMET0hJUDEVMBMGA1UECxMMUmVnaXN0cmF0aW9uMRcwFQYDVQQDEw4xNDIuMTQ1LjcwLjE3NzAeFw0xMjAzMDcyMDAwNTJaFw0xMzAzMDcyMDAwNTJaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ0wCwYDVQQKEwRPSElQMRUwEwYDVQQLEwxSZWdpc3RyYXRpb24xFzAVBgNVBAMTDjE0Mi4xNDUuNzAuMTc3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs/JIP6CE5IkfTnD/c56K+QAYqETdLvW1xXJ6ipkVhjjC2ASKuuH4fvhbyxo2B4VugsL9r4E5jHEKoi+GDKOLlLZRfSy0cB8IcpXonAuGqMzhCoEQ1CdxNb9etMyvQGRKEBgniKKxTvpTyZdpYDi92up5E+FYL3jEejhp+1iDFJQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAHn8VZS169BJMa4E6SNLnY7u80zSh90mbrTUWjM1dEicv3jQMMsrWHfoCt+nRSqfNLUTLc8U0LqiB3jnnNJgJt1T7Sp8eUZPdH0gY3i83ZXA8HDFKMZF3qL8I8ncu8FPcZGYBNhYrGjXXsuqXimiTIjxgm06ErRa/51szOFFxWrB 
     </wsse:BinarySecurityToken> 
     <ds:Signature Id="SIG-6" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > 
     <ds:SignedInfo> 
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
      <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" 
      xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      </ds:CanonicalizationMethod> 
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
      <ds:Reference URI="#id-1"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec:InclusiveNamespaces 
       PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" 
       xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
      <ds:DigestValue>FkhA37COGmsKeEH50LAGhKntvRpD0+xOGsGzXAV210k=</ds:DigestValue> 
      </ds:Reference> 
      <ds:Reference URI="#id-2"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec:InclusiveNamespaces 
       PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse wsu xs xsi" 
       xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
      <ds:DigestValue>RA1O1voUNDV9+hi6IzNNxkTHfEdu2pu6fppiwN23JGI=</ds:DigestValue> 
      </ds:Reference> 
      <ds:Reference URI="#id-3"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsse xs xsi" 
       xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
      <ds:DigestValue>3vVj2VEbLKEvGy4yt7k8i2BeWUOaCygnFMduT7EyP3A=</ds:DigestValue> 
      </ds:Reference> 
      <ds:Reference URI="#id-4"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec soapenv sp tns wsdl wsp wsu xs xsi" 
       xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
      <ds:DigestValue>yFOmFgMDHMBooWIEsB3azib2EX7fR+Ich03J19kFMVE=</ds:DigestValue> 
      </ds:Reference> 
      <ds:Reference URI="#id-5"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
       <ec:InclusiveNamespaces PrefixList="SOAP-ENV ebs soap-sec sp tns wsdl wsp wsse wsu xs xsi" 
       xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </ds:Transform> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
      <ds:DigestValue>zoxMcAQ2WLBIir333NJk52r4axwznflX+KxMQTPFvfQ=</ds:DigestValue> 
      </ds:Reference> 
     </ds:SignedInfo> 
     <ds:SignatureValue> 
      HmOiZS4gZbxv07+sLjyi7Vfg3Rfpvr3IVnaHfRp4aKvg5yBFlLocPIYwhUhmCCs1LXrJxR0hsbe0K2sz3ML5hH+PDEGetlPKSN9R1x9K95w7V1JQcTUULiVgNGLCfxgFV2HNy1iNvlTc7COS+7w4xSgsY4KlVgrBw0T1srhHpUA= 
     </ds:SignatureValue> 
     <ds:KeyInfo Id="KI-0EE1C2718CEDCA9FC213407274954662"> 
      <wsse:SecurityTokenReference wsu:Id="STR-0EE1C2718CEDCA9FC213407274954663"> 
      <wsse:Reference URI="#X509-0EE1C2718CEDCA9FC213407274954261" 
      ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /> 
      </wsse:SecurityTokenReference> 
     </ds:KeyInfo> 
     </ds:Signature> 
    </wsse:Security> 
    </soapenv:Header> 
    <soapenv:Body wsu:Id="id-5" 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
    <edt:upload> 
     <upload> 
     <content> 
      <inc:Include href="cid:2341682853256" xmlns:inc="http://www.w3.org/2004/08/xop/include" /> 
     </content> 
     <description>00123</description> 
     <resourceType>CL</resourceType> 
     </upload> 
    </edt:upload> 
    </soapenv:Body> 
</soapenv:Envelope> 

Наиболее близким я получил уже со следующей связывающей конфигурации и пользовательские привязки изменения к включают UserNameSecurityTokenParameter:

<bindings> 
     <wsHttpBinding> 
     <binding name="EDTDelegate" 
       closeTimeout="00:01:00" 
       openTimeout="00:01:00" 
       receiveTimeout="00:10:00" 
       sendTimeout="00:10:00" 
       allowCookies="false" 
       bypassProxyOnLocal="false" 
       hostNameComparisonMode="StrongWildcard" 
       maxBufferPoolSize="524288" 
       maxReceivedMessageSize="655360" 
       messageEncoding="Mtom" 
       textEncoding="utf-8" 
       useDefaultWebProxy="true"> 
      <security mode="TransportWithMessageCredential"> 
      <transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/> 
      <message clientCredentialType="Certificate" algorithmSuite="Default" establishSecurityContext="false" negotiateServiceCredential="false" /> 
      </security> 
     </binding> 
     </wsHttpBinding> 
    </bindings> 

Это код, я использую, чтобы добавить UsnerNameSupportingToken:

public static Binding AddUserNameSupportingTokenToBinding(Binding binding) 
{ 
    var elements = binding.CreateBindingElements(); 
    var security = elements.Find<SecurityBindingElement>(); 
    if (security != null) 
    { 
     var tokenParameters = new UserNameSecurityTokenParameters(); 
     tokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; 
     tokenParameters.RequireDerivedKeys = false; 
     security.EndpointSupportingTokenParameters.SignedEncrypted.Add(tokenParameters); 

     return new CustomBinding(CollectionUtils.GetArray<BindingElement>(elements)); 
    } 

    throw new ArgumentException("Binding contains no SecurityBindingElement"); 
} 

Тем не менее, не может подключиться и или получить другой ответ от сервера, чем внутренняя ошибка сервера (я предполагаю, что из-за не соответствие сообщения с ожидаемым сервером)

Этим сообщение Я отправляю.

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
    <s:Header> 
    <a:Action s:mustUnderstand="1">http://edt.health.ontario.ca/EDTDelegate/uploadRequest</a:Action> 
    <h:EBS xmlns:h="http://ebs.health.ontario.ca/" xmlns="http://ebs.health.ontario.ca/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
     <SoftwareConformanceKey xmlns="">444361ee-277f-7732-c684-7a9923jfgh1b</SoftwareConformanceKey> 
     <AuditId xmlns="">124355467675</AuditId> 
    </h:EBS> 
    <h:IDP xmlns:h="http://idp.ebs.health.ontario.ca/" xmlns="http://idp.ebs.health.ontario.ca/"> 
     <ServiceUserMUID xmlns="">1111222</ServiceUserMUID> 
    </h:IDP> 
    <h:MSA xmlns:h="http://msa.ebs.health.ontario.ca/" xmlns="http://msa.ebs.health.ontario.ca/"> 
     <ServiceUserMUID xmlns="">1111222</ServiceUserMUID> 
     <UserID xmlns="">johndoe@examplemail.com</UserID> 
    </h:MSA> 
    <a:MessageID>urn:uuid:5e622e7a-ec98-4ee3-b7c8-1cfaec188136</a:MessageID> 
    <a:ReplyTo> 
     <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> 
    </a:ReplyTo> 
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo86225XKzvdDstW/QNIEkkkAAAAAUbXx6AYITkSuseKiCyJ3EndgEcfrnxtMkRLZu91buJMACQAA</VsDebuggerCausalityData> 
    <To a:mustUnderstand="1" u:Id="_1" xmlns="http://www.w3.org/2005/08/addressing" xmlns:a="http://www.w3.org/2003/05/soap-envelope">https://ws.ebs.health.gov.on.ca:1441/EDTService/EDTService</To> 
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
     <u:Timestamp u:Id="_0"> 
     <u:Created>2013-10-07T14:47:11.687Z</u:Created> 
     <u:Expires>2013-10-07T14:52:11.687Z</u:Expires> 
     </u:Timestamp> 
     <o:UsernameToken u:Id="uuid-5ee937ee-c1c6-404c-a827-1ca0ee22cfe1-1"> 
     <o:Username>johndoe@examplemail.com</o:Username> 
     <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">54321</o:Password> 
     </o:UsernameToken> 
     <o:BinarySecurityToken u:Id="uuid-5ee937ee-c1c6-404c-a827-1ca0ee22cfe1-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIB0TCCATqgAwIBAgIQZSTkN52mXZFGuZfVCPPu4TANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTMwMTA0MTcwMTQxWhcNMTgwMTA0MDAwMDAwWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN+FQSfgZuCELM+dfMLM+JUecV9313wmgFRMKVWHlgGml/9QrSCXmSoiiTZl+5n7DLmjTnB7RbrAu/rva6KPPulN5QOBrYQDvea0Iw0eUXsZw2DYKGMpeCOnZI73g4LXSTq7MsOUc+6U579Sca0clPjXTJwZ/wO0E1aq/x5OJjhDAgMBAAGjJDAiMAsGA1UdDwQEAwIEsDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAVxQTfRI26bqJthHgETMLPmtMPaUwRQEcy7Kn1GQdPKXBaSHbN8iUkUoUBRvWCBVd+PilCgNXPMyK52WZJEqGyNdBzVR9oXa1sYWeXm3Nic0Qp2uZ7cMA5t/TLLdb7L03QdJ2OWtaPc29yClquas5OOTQtDBL79Nzm+/z45M12DQ==</o:BinarySecurityToken> 
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
     <SignedInfo> 
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
      <Reference URI="#_0"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
      <DigestValue>nJu/wqr3l9c+bsczWgNkoqR9orc=</DigestValue> 
      </Reference> 
      <Reference URI="#_1"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
      <DigestValue>YwVphhmJ70apQiykWlMqZ7dv2S4=</DigestValue> 
      </Reference> 
     </SignedInfo> 
     <SignatureValue>BpulyIHAVry9TW8T2mZvPv9yP8FEGa21UdedB3KZWo7xQ4fbYrewAuOkacm2NN2q+a9jlc5iHRIQ9Ktdb0EieHzXQne2PNiIl2E1QXT5NG/MDAfnczvkXxbG2hrCdP0ZXbMIwtA2znv0u1/UwrFEjm5ILqUd+wgTlqDaEpgCpBU=</SignatureValue> 
     <KeyInfo> 
      <o:SecurityTokenReference> 
      <o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-5ee937ee-c1c6-404c-a827-1ca0ee22cfe1-2"/> 
      </o:SecurityTokenReference> 
     </KeyInfo> 
     </Signature> 
    </o:Security> 
    </s:Header> 
    <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
    <upload xmlns="http://edt.health.ontario.ca/"> 
     <upload xmlns=""> 
     <content> 
      <xop:Include href="cid:http%3A%2F%2Ftempuri.org%2F1%2F635167396385870396" xmlns:xop="http://www.w3.org/2004/08/xop/include"/> 
     </content> 
     <description>C:\CL\1\HI155614.018</description> 
     <resourceType>CL</resourceType> 
     </upload> 
    </upload> 
    </s:Body> 
</s:Envelope> 

Может кто-нибудь, пожалуйста, скажите мне, что я делаю неправильно? Первое, что я видел, это то, что у меня есть только 2 раздела ссылок в Signature/SignedInfo, в то время как в примере есть 5.: -S Пожалуйста, помогите !!! Заранее спасибо.

Answer 1

Решение было работать в соответствии с этой должности:

12 common wcf interop confusions из Ярон Навех

В 18 декабря 2013 г. Ярон также опубликовано: this post объяснения деталей для Министерства здравоохранения Онтарио и долгосрочных Уход WebServices