none
WCF X.509 Signature questions RRS feed

  • 问题

  • Hi all,

    Can you instruct me to set my configuration, Let WCF service accept the SOAP message as below:

    <soapenv:Envelope xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <soapenv:Header>
          <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
             <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="x509bst_11" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDmTCCAwKgAwIBAgIKE0qeUwABAAALfjANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQWV0bmEgSW5jLjEkMCIGA1UEAxMbQWV0bmEgSW5jLiBTZWN1cmUgU2VydmVyIENBMB4XDTA5MDYxNjE1MTgwMVoXDTExMDYxNjE1MTgwMVowbDELMAkGA1UEBhMCVVMxFDASBgNVBAgTC0Nvbm5lY3RpY3V0MRMwEQYDVQQHEwpNaWRkbGV0b3duMRMwEQYDVQQKEwpBZXRuYSBJbmMuMR0wGwYDVQQDExRJUVMud3MuRGV2LmFldG5hLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoYbUb16+6kZ3g7FICIWnoEm6yx8Kb3hYkAWgpkErcF25QPCDg0B6IhR1OLfoZugs4L1y1UiYbQAevC6PPYx5xPcEU1rekz8kGap4tobSatnG5qpEXn+S3HE2ITUxjLG+LM4X8pk9ku/CpMjCHXhm3N7LrnZxGHEwmb0sdnS78O0CAwEAAaOCAWQwggFgMB0GA1UdDgQWBBT2HOzHqn3j2QZlPSVpXfsNVGpMojAfBgNVHSMEGDAWgBTZLj/Gdp6K2YWTOjEudl6jfecfijAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmFldG5hLmNvbS9hZXRuYXNzbC5jcmwwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzAChiFodHRwOi8vY3JsLmFldG5hLmNvbS9hZXRuYXNzbC5jcnQwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBaAwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUIhsOqQrfhFoWdnQqDwbBWhIG8RIEchq/ZOoH16VECAWQCAQMwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDATAfBgNVHREEGDAWghRJUVMud3MuRGV2LmFldG5hLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBIVaQpLI8bMh9OcOOJd95+Bn5TeBfM0UzU1T8hRWgktTJBwTkGFh16yGAD7fh3n3RWivf8zHR41q0zGC+JRO3hKkBTA8Y2hlGkOQEDLvec/eOOmU41w7vVIot2nJHNb1hL15Botz7wnPBua/OGKkv0EU2S8tDazRLAZO5zuSyQbw==</wsse:BinarySecurityToken>
             <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                      <ec:InclusiveNamespaces PrefixList="wsse ds xsi soapenc xsd soapenv " xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                   </ds:CanonicalizationMethod>
                   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                   <ds:Reference URI="#wssecurity_signature_id_9">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="wsse xsi soapenc xsd wsu soapenv " xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>cS5ZFOcY3cm1OasSQOzgIGbAZoY=</ds:DigestValue>
                   </ds:Reference>
                   <ds:Reference URI="#wssecurity_signature_id_10">
                      <ds:Transforms>
                         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="p937 xsi soapenc p861 xsd p339 wsu p279 soapenv " xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                         </ds:Transform>
                      </ds:Transforms>
                      <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                      <ds:DigestValue>QocWuSvwoGbw1iUWIGSglRKdtQM=</ds:DigestValue>
                   </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>lXfhHFKlHwB2z8DM+j2c6wrPXWbffXyMwbX/fpDRmKh91sUUwqldwLfLMFkyFC6SNwYfNCai1+t9t6sPND1ceLn5mKzKnbPtlIe/WrpAzpNZeTAfvMicHjqnHtGhz5EjTAZMRIAwj2dP/u8dKOY71XtmrAFskA1vqQ/FndZcoOA=</ds:SignatureValue>
                <ds:KeyInfo>
                   <wsse:SecurityTokenReference>
                      <wsse:Reference URI="#x509bst_11" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                   </wsse:SecurityTokenReference>
                </ds:KeyInfo>
             </ds:Signature>
             <wsu:Timestamp wsu:Id="wssecurity_signature_id_9" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsu:Created>2009-11-20T13:46:22.230Z</wsu:Created>
                <wsu:Expires>2009-11-20T13:51:22.230Z</wsu:Expires>
             </wsu:Timestamp>
          </wsse:Security>
       </soapenv:Header>
       <soapenv:Body wsu:Id="wssecurity_signature_id_10" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <p339:individualApplicationStatus xmlns:p339="http://schema.aetna.com/2009/09/aim/IndividualApplication">
             <sourceType>
                <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">HLTC</p937:value>
             </sourceType>
             <sourceReferenceId>
                <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">1012</p937:value>
             </sourceReferenceId>
             <applicationId>A51915</applicationId>
             <applicationStatus>
                <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">4</p937:value>
             </applicationStatus>
             <statusTimeStamp>
                <p861:day xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">23</p861:day>
                <p861:month xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">10</p861:month>
                <p861:year xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">2009</p861:year>
                <p861:hour xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">0</p861:hour>
                <p861:minute xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">0</p861:minute>
                <p861:second xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">0</p861:second>
                <p861:milliSecond xmlns:p861="http://schema.aetna.com/2009/09/aim/BasicDataTypes">0</p861:milliSecond>
             </statusTimeStamp>
             <coveredIndividualStatusList>
                <coveredIndividualStatus>
                   <familyCode>
                      <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">APP</p937:value>
                   </familyCode>
                   <name>
                      <p279:firstName xmlns:p279="http://schema.aetna.com/2009/09/aim/Person">
                         <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">test</p937:value>
                      </p279:firstName>
                      <p279:lastName xmlns:p279="http://schema.aetna.com/2009/09/aim/Person">
                         <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">test</p937:value>
                      </p279:lastName>
                   </name>
                   <status>
                      <p937:value xmlns:p937="http://schema.aetna.com/2009/09/aim/Meta">15</p937:value>
                   </status>
                </coveredIndividualStatus>
             </coveredIndividualStatusList>
          </p339:individualApplicationStatus>
       </soapenv:Body>
    </soapenv:Envelope>

    Please contact me via email if you have any questions. My Email: calvin.zhu@jetvin.com. Thanks.




    CalvinChu
    2009年11月21日 18:34

答案

  • Hi,
    你能看中文吧?
    你使用的是消息安全模式。
    wss-soap-message-security
    如果服务对客户端采用证书身份验证。此SOAP消息必须包含此证书的指纹哈希值。

    我现在不知道你WCF服务端是否对这个客户端提供的证书是否能通过授权?
    消息其它部分的内容都是对消息体做的加密或者Hash计算的信息。也有密钥的信息。

    你现在能对WCF服务的安全设置做些简要的介绍吗?


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    2009年11月23日 2:14
    版主

全部回复

  • Hi,
    你能看中文吧?
    你使用的是消息安全模式。
    wss-soap-message-security
    如果服务对客户端采用证书身份验证。此SOAP消息必须包含此证书的指纹哈希值。

    我现在不知道你WCF服务端是否对这个客户端提供的证书是否能通过授权?
    消息其它部分的内容都是对消息体做的加密或者Hash计算的信息。也有密钥的信息。

    你现在能对WCF服务的安全设置做些简要的介绍吗?


    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    2009年11月23日 2:14
    版主
  • Frank,
          谢谢你的回复,方便的话可以看一下我在英文论坛上发一问题。如下:

          http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/b3553f3a-f013-417e-9d09-bf4a738261df

          另: WCF service (us) <- (Http) <- IBM Websphere client (customer)    <SOAP 11>
    CalvinChu
    2009年11月23日 2:19
  • 好的,我会去看看的
    Frank Xu Lei--谦卑若愚,好学若饥
    专注于.NET平台下分布式应用系统开发和企业应用系统集成
    Focus on Distributed Applications Development and EAI based on .NET
    欢迎访问老徐的中文技术博客:Welcome to My Chinese Technical Blog
    欢迎访问微软WCF中文技术论坛:Welcome to Microsoft Chinese WCF Forum
    欢迎访问微软WCF英文技术论坛:Welcome to Microsoft English WCF Forum
    2009年11月30日 16:09
    版主