将证书作为签名添加到CustomBinding



我们如何在SOAP Security元素中添加证书作为签名?

我尝试了不同的安全元素,但没有任何运气。

此外,还需要使用soap 1.1。并且该请求包含签名而不加密该请求本身。

自定义绑定代码:

private System.ServiceModel.Channels.Binding GetCustomBinding()
{
var transpor = new HttpsTransportBindingElement();
transpor.RequireClientCertificate = true;
var TextMessageEncoding = new TextMessageEncodingBindingElement();
TextMessageEncoding.MessageVersion = MessageVersion.Soap11;

var security = new TransportSecurityBindingElement();
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;

return new CustomBinding(security, TextMessageEncoding, transpor);
}

我正在寻找的结果:

<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-B96FBA82A6CC8DCE51163645483630171" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="a s" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-B96FBA82A6CC8DCE51163645483629970"><ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="a" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xxxxxx</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>

<ds:SignatureValue>Kj5PmmCMQcrtfHmfsj2I8dQthdMFl2RO0V64ATKNjLYMynPI8RwO0SAMcvOxpclgp9QI8uxwF4OJ
et0MhrwirQ4Qo2plwh2UbMh/xSqxYTW/N7ifeJ=</ds:SignatureValue>
<ds:KeyInfo Id="KI-B96FBA82A6CC8DCE51163645483629968">
<wsse:SecurityTokenReference wsu:Id="STR-B96FBA82A6CC8DCE51163645483629969">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName></ds:X509IssuerName>
<ds:X509SerialNumber></ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>

我使用CreateMutualCertificateBindingElement 解决了这个问题

private System.ServiceModel.Channels.Binding GetCustomBinding()
{
var transpor = new HttpsTransportBindingElement();
transpor.RequireClientCertificate = true;
var TextMessageEncoding = new TextMessageEncodingBindingElement();
TextMessageEncoding.MessageVersion = MessageVersion.Soap11;

var version = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
var security =  SecurityBindingElement.CreateMutualCertificateBindingElement(version, true);
return new CustomBinding(security, TextMessageEncoding, transpor);
}

相关内容

  • 没有找到相关文章

最新更新