1. 首页
  2. 问答
  3. WCF客户端使用JAVA Web服务 - 我应该使用WCF还是创建自定义分析器/消​​息工厂?

WCF客户端使用JAVA Web服务 - 我应该使用WCF还是创建自定义分析器/消​​息工厂?

2012-04-24 42 views
7

我们的业务合作伙伴要求我们创建带有SAML 2.0断言的服务请求消息。合作伙伴为其JAVA web服务提供了两个证书和一个测试工具。WCF客户端使用JAVA Web服务 - 我应该使用WCF还是创建自定义分析器/消​​息工厂?

我已经创建了一个WCF客户端,用CustomBinding来尝试重新创建请求并使用服务,但是我对WCF的细微差别感到沮丧(并且缺乏对SAML 2.0的固有支持)我想我最好使用类似WebClientHttpWebRequest的东西,并且加密/构建&对XML Web请求进行签名,并对响应进行相同操作。我知道有很多这方面的工作,但至少我会完全掌控。

您的意见将非常感谢,我正在与下方显示

注意工作:我用了SoapUI测试工具提供的Java服务

的供应商提供了我与此请求(RAN虽然SOAPUI和经由提琴手萃取)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
    <SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> 
    <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
     <xenc:EncryptedKey Id="EncKeyId-29B98C291D1FDFB39113352984774895"> 
     <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> 
     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
      <wsse:SecurityTokenReference> 
      <ds:X509Data> 
       <ds:X509IssuerSerial> 
       <ds:X509IssuerName>CN=test_server</ds:X509IssuerName> 
       <ds:X509SerialNumber>12356789</ds:X509SerialNumber> 
       </ds:X509IssuerSerial> 
      </ds:X509Data> 
      </wsse:SecurityTokenReference> 
     </ds:KeyInfo> 
     <xenc:CipherData> 
      <xenc:CipherValue> 
      <!--Omitted --> 
      </xenc:CipherValue> 
     </xenc:CipherData> 
     <xenc:ReferenceList> 
      <xenc:DataReference URI="#EncDataId-3"/> 
     </xenc:ReferenceList> 
     </xenc:EncryptedKey> 
     <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-29B98C291D1FDFB39113352984773591" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><!--Omitted --></wsse:BinarySecurityToken> 
     <ds:Signature Id="Signature-1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <ds:SignedInfo> 
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
      <ds:Reference URI="#id-2"> 
      <ds:Transforms> 
       <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      </ds:Transforms> 
      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
      <ds:DigestValue> 
       <!--Omitted --> 
      </ds:DigestValue> 
      </ds:Reference> 
     </ds:SignedInfo> 
     <ds:SignatureValue> 
      <!--Omitted --> 
     </ds:SignatureValue> 
     <ds:KeyInfo Id="KeyId-29B98C291D1FDFB39113352984773792"> 
      <wsse:SecurityTokenReference wsu:Id="STRId-29B98C291D1FDFB39113352984773893" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
      <wsse:Reference URI="#CertId-29B98C291D1FDFB39113352984773591" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> 
      </wsse:SecurityTokenReference> 
     </ds:KeyInfo> 
     </ds:Signature> 
    </wsse:Security> 
    <saml:Assertion ID="_54d0c8395de26c3e44730df2c9e8d3e9" IssueInstant="2012-02-17T10:40:36.806Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> 
     <saml:Issuer>CN=test_client</saml:Issuer> 
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
     <SignedInfo> 
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
      <Reference URI="#_54d0c8395de26c3e44730df2c9e8d3e9"> 
      <Transforms> 
       <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
       <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      </Transforms> 
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
      <DigestValue> 
       <!--Omitted --> 
      </DigestValue> 
      </Reference> 
     </SignedInfo> 
     <SignatureValue> 
      <!--Omitted --> 
     </SignatureValue> 
     <KeyInfo> 
      <X509Data> 
      <X509Certificate> 
       <!--Omitted --> 
      </X509Certificate> 
      </X509Data> 
     </KeyInfo> 
     </Signature> 
     <saml:Subject> 
     <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml:NameID> 
     </saml:Subject> 
     <saml:Conditions NotBefore="2012-02-17T10:40:21.806Z" NotOnOrAfter="2012-02-17T10:41:06.806Z"/> 
    </saml:Assertion> 
    <wsa:Action SOAP-ENV:mustUnderstand="1">http://www.xxxxxxx.xxx/ws/schemas/xxxxxx1/xxxx/xxxxxxxxxxxxxx</wsa:Action> 
    <wsa:MessageID SOAP-ENV:mustUnderstand="1">uuid:bffc27ba-68d9-44e6-b1f0-e2f852df7715</wsa:MessageID> 
    </SOAP-ENV:Header> 
    <SOAP-ENV:Body wsu:Id="id-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
    <xenc:EncryptedData Id="EncDataId-3" Type="http://www.w3.org/2001/04/xmlenc#Content"> 
     <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> 
     <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
      <wsse:Reference URI="#EncKeyId-29B98C291D1FDFB39113352984774895"/> 
     </wsse:SecurityTokenReference> 
     </ds:KeyInfo> 
     <xenc:CipherData> 
     <xenc:CipherValue> 
      <!--Omitted --> 
     </xenc:CipherValue> 
     </xenc:CipherData> 
    </xenc:EncryptedData> 
    </SOAP-ENV:Body> 
</SOAP-ENV:Envelope>

这是尽可能接近心中已经用我的WCF客户端获得。我可以立即解决的问题是<o:SecurityTokenReference>元素应该包含发行者和串行,而不是它包含一个KeyIdentifier元素?

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
    <s:Header> 
    <a:Action s:mustUnderstand="1" u:Id="_3"/> 
    <a:MessageID u:Id="_4">urn:uuid:fc8ef84b-dbf5-4150-a0c3-d4cc986333d1</a:MessageID> 
    <ActivityId CorrelationId="a9e1fec4-32bc-4633-909e-3d601c809b3c" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">d1909115-8922-46f3-a96c-db15bf91c599</ActivityId> 
    <a:ReplyTo u:Id="_5"> 
     <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> 
    </a:ReplyTo> 
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo27oY4/3mnBOry0YL4StqvcAAAAA0UM+eVt4fU2AOe9/B3lPDZNf/2HmAuNEvzAoW0eKVSUACQAA</VsDebuggerCausalityData> 
    <a:To s:mustUnderstand="1" u:Id="_6">https://localhost:8089/ws</a:To> 
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
     <u:Timestamp u:Id="uuid-e5592f06-32af-40fb-996e-a0a469c7ed5e-2"> 
     <u:Created>2012-04-24T20:41:50.447Z</u:Created> 
     <u:Expires>2012-04-24T20:46:50.447Z</u:Expires> 
     </u:Timestamp> 
     <e:EncryptedKey Id="uuid-e5592f06-32af-40fb-996e-a0a469c7ed5e-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
     <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> 
     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 
      <o:SecurityTokenReference> 
      <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">lU10DQn4lSpE4fRpE9gslm5QDt0=</o:KeyIdentifier> 
      </o:SecurityTokenReference> 
     </KeyInfo> 
     <e:CipherData> 
      <e:CipherValue> 
      <!--Omitted--> 
      </e:CipherValue> 
     </e:CipherData> 
     <e:ReferenceList> 
      <e:DataReference URI="#_2"/> 
      <e:DataReference URI="#_7"/> 
      <e:DataReference URI="#_8"/> 
     </e:ReferenceList> 
     </e:EncryptedKey> 
     <o:BinarySecurityToken u:Id="uuid-fad0c01f-ab4b-4a5f-bec6-93aa8c2d5a52-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"><!--Omitted--></o:BinarySecurityToken> 
     <e:EncryptedData Id="_7" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
     <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> 
     <e:CipherData> 
      <e:CipherValue> 
      <!--Omitted--> 
      </e:CipherValue> 
     </e:CipherData> 
     </e:EncryptedData> 
     <e:EncryptedData Id="_8" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
     <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> 
     <e:CipherData> 
      <e:CipherValue><!--Omitted--></e:CipherValue> 
     </e:CipherData> 
     </e:EncryptedData> 
    </o:Security> 
    </s:Header> 
    <s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
    <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
     <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> 
     <e:CipherData> 
     <e:CipherValue><!--Omitted--></e:CipherValue> 
     </e:CipherData> 
    </e:EncryptedData> 
    </s:Body> 
</s:Envelope>

使用的WCF CustomBinding

<system.serviceModel>   
     <bindings> 
      <customBinding> 
      <binding name="WSHttpBinding_IEnquiryRequest" > 
       <transactionFlow /> 
       <security defaultAlgorithmSuite="TripleDesRsa15" 
         authenticationMode="MutualCertificate" 
         messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" 
         requireDerivedKeys="false" 
         > 

         <secureConversationBootstrap authenticationMode="CertificateOverTransport" 
              messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" 
              requireDerivedKeys="false" /> 
       </security> 
       <textMessageEncoding messageVersion="Soap11WSAddressing10" /> 
       <!--<mtomMessageEncoding messageVersion="Soap11WSAddressing10" />--> 
       <httpsTransport requireClientCertificate="true" /> 
      </binding> 
      </customBinding>    
     </bindings> 
     <behaviors> 
     <endpointBehaviors> 
      <behavior name="certBehaviour">    
       <clientCredentials> 
       <!-- clientCertificate not defaultCertificate --> 
       <clientCertificate x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" findValue="test_client" /> 
       <serviceCertificate> 
        <defaultCertificate x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" findValue="test_server"/> 
        <authentication revocationMode="NoCheck" certificateValidationMode="None" /> 
       </serviceCertificate> 
       </clientCredentials>    
      </behavior> 
     </endpointBehaviors> 
     </behaviors> 
     <client> 
      <endpoint 
       address="https://localhost:8089/pvs/ws" 
       binding="customBinding" 
       bindingConfiguration="WSHttpBinding_IEnquiryRequest" 
       contract="XXXService.enquiryRequest" 
       name="WSHttpBinding_IEnquiryRequest" 
       behaviorConfiguration="certBehaviour" 
       > 
      <identity> 
       <dns value="test_server"/> 
      </identity> 
      </endpoint> 
     </client> 
    </system.serviceModel>

我不知道如何插入SAML 2.0断定在那里它之前签署此配置。这和上述关键发行人/系列问题是我的主要问题在于请求所在的地方。

任何和所有帮助赞赏

来源

2012-04-24 StickyMcGinty

+0

如果你能得到它与WCF的工作,与那肯定去。您可以添加自己的自定义地址标头,我必须为WCF WS-Security客户端执行此操作。 或尝试其他Web服务客户端框架。除非是最后的手段,否则不要实现你自己的目标。 – jrummell 2012-04-24 21:00:01

+0

您是否尝试过使用_classic_服务引用而不是新的标准服务引用?有关更多信息,请参阅请参阅[如何将引用添加到Web服务](http://msdn.microsoft.com/zh-cn/library/bb628649.aspx)。我发现这个方法生成的代理与非.NET服务更兼容,并且在需要时可以更好地编辑它们。 – 2012-04-24 21:09:44

+0

谢谢约书亚。我认为代理类只是生成数据共享合同等? - 我已经有了这个工作,我认为。问题与SOAP头没有包含在WSDL – StickyMcGinty 2012-04-24 21:17:57

回答

0

我使用了一个示例XML模板,而不是在代码中完成所有工作,但这也是可能的。

注意:您需要使用Custom Encoder把它添加到消息 - 你可以在SAML令牌到页眉插槽方式(只有头元素进行签名,而不是内容)

我在有点仓促,让我知道如果你需要更多的信息

private void SignSaml() 
    { 
     RSACryptoServiceProvider rsaProvider = (RSACryptoServiceProvider)SecurityController.ClientCertificate.PrivateKey; 


     //Load the private key from xml file 
     XmlDocument xmlDocument = new XmlDocument(); 
     xmlDocument.LoadXml(_samlTextWithElementValues);    

     // Create a SignedXml object. 
     SignedXml signedXml = new SignedXml(xmlDocument); 

     //Specify the canonicalization method 
     signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NTransformUrl; 
     // Add the key to the SignedXml document. 
     signedXml.SigningKey = rsaProvider; 

     // Add the x509 data to the signature 
     KeyInfo keyInfo = new KeyInfo(); 
     KeyInfoX509Data keyInfoClause = new KeyInfoX509Data(SecurityController.ClientCertificate, X509IncludeOption.None); 
     keyInfoClause.AddCertificate(SecurityController.ClientCertificate); 
     keyInfo.AddClause(keyInfoClause); 
     signedXml.KeyInfo = keyInfo; 
     // Create a reference to be signed. 
     Reference reference = new Reference("#_54d0c8395de26c3e44730df2c9e8d3e9"); 

     //reference.Uri = ; 

     // Add an enveloped transformation to the reference. 
     XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform(); 
     reference.AddTransform(env); 
     reference.AddTransform(new XmlDsigExcC14NTransform()); 

     // Add the reference to the SignedXml object. 
     signedXml.AddReference(reference); 

     // Compute the signature. 
     signedXml.ComputeSignature(); 

     // Get the XML representation of the signature and save 
     // it to an XmlElement object. 
     XmlElement xmlDigitalSignature = signedXml.GetXml(); 

     // Append the element to the XML document. 
     xmlDocument.DocumentElement.AppendChild(xmlDocument.ImportNode(xmlDigitalSignature, true)); 
     _samlSignedWithCertificate = xmlDocument.InnerXml; 
    }

新增配置为每个请求

<customBinding> 
    <binding name="BINDING" > 
     <transactionFlow /> 
     <security defaultAlgorithmSuite="TripleDesRsa15" 
       authenticationMode="MutualCertificate" 
       messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" 
       requireDerivedKeys="false" 
       messageProtectionOrder="SignBeforeEncrypt"> 
     <secureConversationBootstrap authenticationMode="CertificateOverTransport" 
       messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" 
       requireDerivedKeys="false" /> 
     </security> 
     <httpsTransport requireClientCertificate="true" /> 
    </binding> 
    </customBinding>

来源

2012-11-08 16:53:27 StickyMcGinty

0

WIF支持SAML 2.0令牌格式,如果你没有在XP上运行。

来源

2012-04-24 22:39:08

+0

谢谢。一直在看WIF的文件,而不是最好的。再看看 – StickyMcGinty 2012-04-25 09:16:08

2

能够从亚龙那里到底有帮助了在WCF论坛

http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/9a1db0bb-d632-4f11-80b4-fab78be3a3ee

是困难的,但到底到了那里,以为我是打算把它从头在写一点!

来源

2012-04-27 11:04:30 StickyMcGinty

+0

你好@StickyMcGinty,我有同样的情况。您是否有可能通过安全令牌分享您的解决方案示例? – Quintium 2012-11-07 15:52:54

+0

我简单地通过XML创建了示例SAML令牌并签名,示例如下 – StickyMcGinty 2012-11-08 16:47:01

+0

谢谢您的回复。我会看看它。在您回复之前,我们能够让一个客户端正常工作,但现在遇到了另一个Java Web服务中的问题,这些服务不像WCF如何在签名块中引用自定义标头。 SoapUI创建一个“InclusiveNamespaces PrefixList”到主体参考块内的头部。 – Quintium 2012-11-09 20:31:35

相关问题

 相关问题