如何解决.NET Core中可以通过用户名和签名进行身份验证的Microsoft.Web.Services3的替代品是什么?
我们当前正在将SOAP客户端移植到.NET Core,但是在身份验证方面遇到了问题。根据我们的发现,所有这些都归结为在SOAP标头中同时添加了Usernametoken
和Signature
。在.NET Framework中,我们像这样进行身份验证:
WebServicesClientProtocol client;
X509SecurityToken token;
client.RequestSoapContext.Security.Tokens.Add(new Usernametoken("myusername","mypassword",PasswordOption.SendplainText);
client.RequestSoapContext.Security.Tokens.Add(token);
client.RequestSoapContext.Security.Elements.Add(new MessageSignature(token));
我们向.NET Core项目添加了WCF连接服务,并尝试了客户端的不同配置。我们最接近的是这样的:
// this adds Usernametoken only
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
var client = new MyClient(binding,new EndpointAddress("https://myservice.com/foo");
client.ClientCredentials.UserName.UserName = "myusername";
client.ClientCredentials.UserName.Password = "mypassword";
---
// this adds Signature only
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.Certificate;
var client = new MyClient(binding,new EndpointAddress("https://myservice.com/foo"));
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My,X509FindType.FindBySubjectName,"mycert");
不幸的是,将两者结合不会同时添加Usernametoken和Signature。我们尝试了许多其他配置变化,但没有成功。
我们的工作SOAP请求看起来像这样:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-867b67fc-b2c7-4ca3-bcbb-fdf74ae04baf">http://myservice.com/foo/services/my_request</wsa:Action>
<wsa:MessageID wsu:Id="Id-e8c0e394-e80f-453b-b5d6-10369c186b02">urn:uuid:1aad204d-a5f4-4b33-986c-56011dc27ade</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-790537dd-870a-45e0-9873-427684db6ea1">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-791bacd6-af9b-4c45-ad13-e7297a8c8ea2">https://myservice.com/foo/services/abcServices</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-6a6fb289-7878-413c-b88d-42f0522faa31">
<wsu:Created>2020-09-29T22:56:15Z</wsu:Created>
<wsu:Expires>2020-09-29T22:57:15Z</wsu:Expires>
</wsu:Timestamp>
<wsse:Usernametoken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-2cca8c34-352c-4301-8bb5-da46a8c70746">
<wsse:Username>myusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypassword</wsse:Password>
<wsse:Nonce>ikb=nqrsp+OH=jEMDl+a1fgC</wsse:Nonce>
<wsu:Created>2020-09-29T22:56:15Z</wsu:Created>
</wsse:Usernametoken>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-7068c9fb-9793-451e-b462-aedf192c57aa">DcipwRsnJhRAOZCeZAwGCV9OzzucIYwvgAVbX46MIQAZNGSgQBcNcEMDDylCc90RdwAV/9XwDB30mJgiV5M8o6ImCggQogABgp0XNTBJnrugnYIGIAj+QUZ0zZivg9Uu/0BxKScQqcGbK43AwEAgwjNPGQ+AXwBAQVMsgFA80OIsQ1IwIwzxGApSzX2A5gY0cVx9rjnMrv+9ctmoqELA91fAgVBcVkATBUTnwQZExrHfxzAwYxAL5jBrngrgK9A2YYDBFDCVrDajRrCdcHM5RQhIwPbBBWMQZTQCAtwuDBsOCkYJKwSbUjvx3Ypg7nTsskyJeP3DPYVtOxpUkEIRYwuisEwANlGMBzmWEbNxMRUQGL2R1/BPFCzXbC/RMMQAVAVlAFB4MwaXYwdopUdMSAzT4F00YswQLf6MMxWDWqlCFwQ98GdHE1K0MnS1weWa+FQ0DVXQVK/JwUukgHvfvplVBPScuWjQAemmiTSEa94Y5ES5dNdafc5cKIbzbkJCGCsVxxAQl8guEdJQH0cWKC9gROZYqYYFVGjBPkmLi9QgaEpPdBToRtDgTacqty1XyBdhDY3ntJYyxMaAHDeI0KIdKvDBIMCsX2xA8bQ2O8pCdFwQ37GUy1bMfTul7+JQfyyFZknHuVxuiWvNUsoGo0sQn2H3NODdLjMpLgVp3P3MmNc9AuSBzQw3WAGzNR7FnB1fU4VaLzciAAHFiA1LMwbMoIH2FcB907QjFNy08c8BBDoSgdUIp+BxGKyHATeqmHHI7irsX0BuNv1VuSfnrjAANIWoQNA97DAKnSId5IEG39SaSesXunHQUsCrAMvA9yjcsljXAxUT7DD2iQgINBLuMmqCz1Y9zUQggC7/I5NUDXO94jAxUg1gVgZZHcbA53SMsA57VwCAUI6AslwA7pGHq2YwbwBTg0Mb+cnEZjA9SuGVeuDnHmVZxgUjWds5snOH+enkMA+BhTzNR7HGNM1AElK0BkfCrgwyqAq22kdc7DnUYGEISIaDm0NYIA1Qwbf+J7dwXaBHLmcG7ANAClBXfAQQXAN0g2/zGgFYNKhcgK2HoggNlByd2T0md0Rje00BG9QZlY5DXFNEArT+BPw1TqHYGHEgJhupWG7tsDg/DjANqUVyVEWp4xVjOh9YDIuq8U0TqmD4HVNbbIi2rMTVhZACYoscERM5guBoW4b2u2CCArlFVw1MOELOETnJQKQGNWNaWNVVDjYTsCqmkbqwRU59ijlZIUzhKDFgk098vCDCIwUMhEdA0VYLJvhuNc0QRp9Lakposm9LTKPZAz7yiSF5gwGsjqMACBDwOQMSBEQAaMGN3HNYMFABJQDl1UAbCBZa5gbWwLNdHZhzaawoARcul0Cn6QPQT7BGZGdUcYAlFVMl6k1n3dB70JzcWMapJpZFlI6Bn3IB/RhGDMIQ3D3E/n9wbQZKMDEAbR3VB8WMGZ3lzuHTaUbo2wB5l8Z2I5kt2DsmG7+9DkEYCGCzFA1mGlnIRQmcLBwHJxMRNyPgt0r3XFbIg8+EgzmaFm0M9lbSUVmb5ExAL5++kWxjIzE2oco1kY8sdOtB8OBfQlMyPv9+rEZrz+EDCkxAAIAtkaDRAqwBHpnM7gZmlQObRtgkWhAEbHnQ0Uk9p6geUwqQFAW14vG9Jge/ALNNAdw0AFw0VXmRgCYpLVFFgQoYBWWYH4CBFGidBAAhlDK5/MAjcZMR7S3RRpwvYUNBEorAcNmw1BEv3AjNawWPoI0gANGAHxrAR7Qm6cDIGNoYBLzUCGDfdxASw5gt9wvaN0mpu+JMARO/VfAMd7GY0TGmdDgImtbIKWE6Nnw0bIFi1XCH9AIDHb06Q8ufOxuxM0vz5IBnQLXWyEMQsRiJOBga4Mn0CBhQtciAwQmiqCqxAEj3ywDau2xAEvnEIOoEoxwyWQDHjYrCmSGUUbfM1Pd3WRYgAhTzYwz9fMF3AH0DcapF/IQdILuPBXxIpIGbbgwaCaM+LB4mZo5lBAROlBQrjYiYLjAVBU2zwH70EW49PAoA4GEwEpBIimD4ErDVLDk909BS8QH2y5Bq/BQMYOMIzUvbQkPOjR8EKRA0A+Gkvl8gMRwWYT17RipgAFENrrdSYsYooM5CdQAxs3NJRQLoegJRDcCMKAjjTWC4/AErgoTR1YmDdBBANzcP5ZVFUKOBEA3fvmkBQWnxOjBEjiQzSggLv+m12YsAjx0RdCqwW5VgUw=IAgRGRPVLWBIBVdNP0wWtHBt7esoIOSjDDLAxhftDgMY78oWkxMM8lxRm</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-157ede06-c0ff-4092-861c-74b7ed541bda">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>GMl851P/=af8OP8gf45n8xsL3fg/</DigestValue>
</Reference>
<Reference URI="#Id-ae995838-928a-452e-be22-633ca120855b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>=VADYKMj8xOqZJZyReClqof3Ve3S</DigestValue>
</Reference>
<Reference URI="#Id-583f212c-afe0-4b2a-8f24-94a61ab01c11">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>OUa3ZYsm9=soUTrZ/51ko8YZ1UeX</DigestValue>
</Reference>
<Reference URI="#Id-3549607b-958f-4a73-887a-6e25c400368d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>RCAWZo4o=R3wGfSUZhnA0VSxccEm</DigestValue>
</Reference>
<Reference URI="#Timestamp-814589a1-8fa8-4d05-bcb5-2cd5e59e4f95">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>nrSGxl2bQ6Ul2Wzgl27nb3ME8=p1</DigestValue>
</Reference>
<Reference URI="#Id-c4508205-7502-451a-b57c-ef3bae807828">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>IO5AN6rcQ7gmf+oyZ=YX+hcXamHa</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>wad2UgTSA/1JONW+s1gv/CVHJ85nwuRdakOx57Fpg+jS7R+LWHCAqXljtNS07OdFMHYrrpObgIIs5aSKXJfcdZy/bPuRkQKV=23GUMB3E90c2n42nHFn99ZqMGQJfHpukT71g1exbtlLwQgtCHq903ttBXEB/tkzvfKbQgbR+46gxRCjwlKiDvpUQBngcMOhyf8TZ6dgOWThIMZubJhzd7eXP5rLEl+L4qpOBosFJm6I5HcRSZaF/b/=4JT7U0KmcclkEaUG+XdGmUyPcdLLGUpOhVh9P74rC7gBxnnyY9+djdu9qu7ibyRjGhngqjNOYu1wNI+Bi5ptK5vjgPwFa15H</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-61f81057-6b05-43c1-9b51-75a9a554f9f0" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-82864924-6cd8-44d4-955d-cd6ed8bf8067">
<myRequest xmlns="http://myservice.com/foo/params">
<foo>12345</foo>
<bar>baz</bar>
</myRequest>
</soap:Body>
</soap:Envelope>
感谢任何帮助!谢谢!
解决方法
核心不支持消息层的安全性,您可以将消息层的安全性更改为传输层或使用.net框架:
有关核心中的WCF的更多信息,请参考以下链接:
https://github.com/dotnet/wcf/blob/master/release-notes/SupportedFeatures-v2.1.0.md
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。