我会收到以下错误:
传入的消息是用一个令牌签名的,该令牌与用来加密身体的信息不同。这不是预期的。
我知道这个问题在我尝试了他们询问的一切之前就已经问过。不知道我还需要做什么。
我认为它必须对我的app.config文件做点什么:
<system.serviceModel>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
<client>
<endpoint address="https://xxxxxx/ESARWS/CORETransactionService"
behaviorConfiguration="endpointCredentialBehavior" binding="customBinding"
bindingConfiguration="esar" contract="ESAR.CORETransaction"
name="CoreSoapPort">
<identity>
<dns value="xxxxx" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointCredentialBehavior">
<clientCredentials>
<clientCertificate findValue="xxxxx"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust"/>
<defaultCertificate findValue="xxxxxxxxx"
storeLocation="CurrentUser"
storeName="AddressBook"
x509FindType="FindBySubjectName" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="esar" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00">
<security
defaultAlgorithmSuite="Basic128"
authenticationMode="MutualCertificate"
requireSecurityContextCancellation="false"
allowSerializedSigningTokenOnReply="true"
enableUnsecuredResponse="true"
allowInsecureTransport="false"
requireDerivedKeys="false"
includeTimestamp="false"
securityHeaderLayout="Strict"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap />
<localClientSettings detectReplays="false"/>
</security>
<!--<mtomMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8" maxBufferSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</mtomMessageEncoding>-->
<!--<mixedMessageEncoding messageVersion="Soap12"/>-->
<swaMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
<extensions>
<bindingElementExtensions>
<!--<add name="mixedMessageEncoding" type="CustomEncoderProject.MyNewEncodingBindingExtensionElement, CustomEncoderProject"/>-->
<add name="swaMessageEncoding"
type="Microsoft.Austria.WcfHelpers.SoapWithAttachments.SwaMessageEncodingElement, Microsoft.Austria.WcfHelpers.SoapWithAttachments" />
</bindingElementExtensions>
</extensions>
</system.serviceModel>
如果服务器端在Java中开发,则有关C#的实现有所不同。
我更喜欢尝试使用SAOP UI服务,并检查成功请求/响应。然后使用工具(例如提琴手(记录C#流量并检查差异。通常C#以不同格式发送证书,然后是Java。
您可以尝试使用自定义令牌身份验证器。如果您检查响应,也许您将成为二进制策略的证书(#Base64Binary格式(。这不是SSL证书。这是标志证书。然后,您可以将其用作凭据上的服务证书。
因此,请按照此操作:https://learn.microsoft.com/en-us/dotnet/framework/wcf/wcf/extending/how-to-to-create-a-custom-custom-security-security-token-authenticator然后自定义这样做:
Public Overrides Function CreateSecurityTokenProvider(ByVal p_oRequirement As SecurityTokenRequirement) As SecurityTokenProvider
Dim oRes As SecurityTokenProvider = Nothing
If p_oRequirement.TokenType = SecurityTokenTypes.X509Certificate Then
Dim direction = p_oRequirement.GetProperty(Of MessageDirection)(ServiceModelSecurityTokenRequirement.MessageDirectionProperty)
If direction = MessageDirection.Output Then
If p_oRequirement.KeyUsage = SecurityKeyUsage.Signature Then
oRes = New X509SecurityTokenProvider(Me._oCredenciales.ClientCertificate.Certificate)
Else
oRes = New X509SecurityTokenProvider(Me._oCredenciales.ServiceCertificate.DefaultCertificate())
End If
End If
Else
oRes = MyBase.CreateSecurityTokenProvider(p_oRequirement)
End If
Return oRes
End Function
我认为这会对您有所帮助。