我正在设置现有的WCF服务以满足某些客户要求。要求之一是在WS-Addressing disabled的服务上使用USERNAMETOKEN身份验证,以及在"支持Tokens"格式的WSDL上生成的策略,如下所示。
<wsp:Policy wsu:Id="wss_username_token_service_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>
我尝试了许多配置,但始终获得标签" sp:spainedsupportingtokens"或其他" sp:spectingtokens"。
在文档中似乎并不具体。
根据Ladislav mrnka在这篇文章中的说法,似乎不支持这种主张类型。
如果这是正确的,则不可能使用WCF生成WSDL?
遵循绑定和行为配置。
绑定:
<customBinding>
<binding name="httpsBinding" openTimeout="00:10:00" closeTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true" />
<mtomMessageEncoding messageVersion="Soap12" >
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</mtomMessageEncoding>
<httpsTransport maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
行为:
<behavior name="svcSslAndUserNamePasswordBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceSecurityAudit auditLogLocation="Application" suppressAuditFailure="true" serviceAuthorizationAuditLevel="Failure"
messageAuthenticationAuditLevel="Failure" />
<serviceCredentials>
<serviceCertificate findValue="certificateInfo" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="UserManagement.UserNameValidator" />
</serviceCredentials>
</behavior>
它取决于其他必需的策略。WCF不支持普通的辅助风格,但是如果您使用https和用户纳米语,则没有其他特殊要求。它可以在WSDL中使用签名的供应商制作策略,而是因为没有其他消息安全性,并且由于使用了HTTPS,因此您将在消息中没有签名,但是"签名"的要求将通过Transport(HTTPS)来满足。