我有一个客户端,用于通过WSDL使用Visual Studio服务引用开发的Web服务。它被配置为使用证书签署请求并可以向服务发送请求罚款,但服务会回复400 - 错误请求错误,因为除了我想要的之外还有一个额外的签名,并且有多个<Reference>
标签,它们使用HMAC-SHA1作为其签名方法。 HMAC-SHA1不受Web服务支持,因此请求被拒绝。但是,我甚至不想或不需要这个其他签名,我不确定它来自哪里。以下是我绑定配置:使用WSDL配置签署主体的SOAP服务客户端只有
<customBinding>
<binding name="mainBinding">
<security authenticationMode="MutualCertificate"
allowSerializedSigningTokenOnReply="true"
requireDerivedKeys="false"
requireSignatureConfirmation="false"/>
<httpsTransport />
</binding>
</customBinding>
我也把ProtectionLevel = System.Net.Security.ProtectionLevel.Sign
作为ServiceContractAttribute
的一部分。
我的配置的哪个部分导致第二个签名?我如何更改配置,以便在我的请求中拥有一个签名?
编辑:
下面是发送请求。为了突出我不想要的部分,我将它分成了几个部分,但实际上它们都是连续的。
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_1">[removed]</a:Action>
<a:MessageID u:Id="_2">[removed]</a:MessageID>
<a:ReplyTo u:Id="_3">
<a:Address>[removed]</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_4">[removed]</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="[removed]">
<u:Created>2017-05-11T08:59:25.681Z</u:Created>
<u:Expires>2017-05-11T09:04:25.681Z</u:Expires>
</u:Timestamp>
<e:EncryptedKey Id="[removed]" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
[removed]
</e:EncryptedKey>
<o:BinarySecurityToken u:Id="[removed]" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">[removed]</o:BinarySecurityToken>
开头的一部分,我不想
<Signature Id="_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
<Reference URI="[removed]">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>[removed]</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="[removed]"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
末的一部分,我不想
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>[removed]</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>[removed]</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="[removed]"/>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body>
[removed]
</s:Body>
</s:Envelope>
编辑2:
经过一些挖掘和阅读后,我现在明白,这两个签名是身体和标题的签名。我只想想要签署正文。我已经相应地更改了标题。