0
처음에는이 코드가 중복 코드라고 생각 하겠지만 읽은 후에는 타임 스탬프를 삭제하면 문제가 해결되고 다른 코드에서는 그렇지 않다고 말하는 사용자가 있습니다. "는 '와 보안 헤더 요소'타임 스탬프 '타임 스탬프-984 : 나는 닷넷 3.5를 사용하여 인증서 자바 SOAP Webservice를 연결하기 위해 노력하고있어하지만 응답을받을 때 오류가 발생합니다응답에 타임 스탬프에 부호가 있어야합니다.
'신분증에 서명해야합니다.'
var b = new CustomBinding();
b.Name = "AVbinding";
b.CloseTimeout = new TimeSpan(0, 1, 0);
b.OpenTimeout = new TimeSpan(0, 1, 0);
b.ReceiveTimeout = new TimeSpan(0, 10, 0);
b.SendTimeout = new TimeSpan(0, 1, 0);
AsymmetricSecurityBindingElement security = new AsymmetricSecurityBindingElement();
security.IncludeTimestamp = true;
security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12;
security.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToInitiator);
security.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Any, SecurityTokenInclusionMode.AlwaysToRecipient);
security.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
security.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic256Sha256Rsa15;
security.AllowSerializedSigningTokenOnReply = true;
security.AllowInsecureTransport = true;
security.EnableUnsecuredResponse = true;
security.RequireSignatureConfirmation = true;
security.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
ExtensionElement extensionElement = new ExtensionElement();
b.Elements.Add(security);
b.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
HttpsTransportBindingElement httpsBinding = new HttpsTransportBindingElement();
b.Elements.Add(httpsBinding);
string certMapPath = Server.MapPath("~/App_Data");
X509Certificate2 cert = new X509Certificate2(certMapPath + "\\_CERTNAME_", "X");
X509Certificate2 serCert = new X509Certificate2(certMapPath + "\\_CERTNAME2_.cer");
AsymmetricAlgorithm key = new System.Security.Cryptography.RSACryptoServiceProvider();
key.FromXmlString("_KEY_");
cert.PrivateKey = key;
client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
질문, 무엇을해야합니까입니까?
내 요청 :
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<ActivityId CorrelationId="7d9e44cb-cecd-4c49-9a71-79a2ad04a2ec" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">63bde0b8-8953-41b8-b5c2-a69c712346b6</ActivityId>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo3dbGZWnrwhDouJE+VgKu4MAAAAAzmpHur/flUSUy0rxOVAJ8Nk4GsFjc6xOg46yQ3o0ZMQACQAA</VsDebuggerCausalityData>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken>
<!-- Removed-->
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
<Reference URI="#_2">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
<DigestValue>Z4OHoIS/bVCWIROLBFcxjfJuXv0ebA/SO8WQWuPTrQo=</DigestValue>
</Reference>
<Reference URI="#uuid-f52585e9-3358-46f6-8e9f-9a16b5c0f29b-1">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
<DigestValue>Pnp4gaKUnboMFE2LgLdsFzPBL+7fHqXacVg/MR7AS6c=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>NSE/peVOxXheXOqyNT1qx7uZPOhSms35fmJxlf4lBuODD9tz8/TCwzmAAdDArGwc6VJmdw1jVX5tNchYvAqignsPRgTwB+tSbMvUZ6UMwOgHZWRh8rXjYw34EhdEWWBzg0U1ves6ynY88vJW0oFyWiiFcNGkEuy140X7h/Ev+3I=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
<o:Reference URI="#uuid-da5ccb9b-2c40-4ede-9079-c94abf912843-2"></o:Reference>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
<u:Timestamp u:Id="uuid-f52585e9-3358-46f6-8e9f-9a16b5c0f29b-1">
<u:Created>2013-03-04T09:27:15.087Z</u:Created>
<u:Expires>2013-03-04T09:32:15.087Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<getAvailabilityRequest xmlns="_url_">
<userID xmlns="">_UserID_</userID>
<password xmlns="">_pass_</password>
<requestID xmlns="">_request_</requestID>
<SystemIdentifier xmlns="">?</SystemIdentifier>
</getAvailabilityRequest>
</s:Body>
</s:Envelope>
응답 :
이<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-932">
<wsu:Created>2013-03-04T09:27:24.013Z</wsu:Created>
<wsu:Expires>2013-03-04T09:32:24.013Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken>
<!-- Removed-->
</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-930">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
<ds:Reference URI="#id-931">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>+/NJN562AUh5U5T4VXGRbdU28+JLmW2bdHg1gLf/SWg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#SigConf-929">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>uzljMoX3dAm90+8P10b2/xE5OooNeP81NDtlefCBoc8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Fixb+0TnwQ2KfLqywusmwcKF8OvoBP/bLqIKfLadyV1U97+NZKzcMrSJjSD0a0sDhJZ+lo/KoHVE
KBY12ZZDP9xE+k9LHAlWZIq3a2gvBkTFR3p5NcYFQM4cbA/x/bvpEqDyzqYSoXnXMOG46DFn5klo
DO0PJkMiXKvLBhrCpZtM26AovD5WQlD694EeIXt4jey15zvGzKz88eNfHqNiYa1Wu2HuOTcnSJRv
hQKHmJKpDzn9+ZSohsULVR5xtGFQD7GWL6LLFEMqthD2a10KMan43Qd62SMUcB64o+l/M+l89+Oo
AbE0S2GXP3vvSa3ZoGduktWlyNlC7Qz/Iww0Qg==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-83F04DBB53B92E8E1F1362389243499698">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-83F04DBB53B92E8E1F1362389243499699" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#CertId-83F04DBB53B92E8E1F1362389243499697" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="NSE/peVOxXheXOqyNT1qx7uZPOhSms35fmJxlf4lBuODD9tz8/TCwzmAAdDArGwc6VJmdw1jVX5tNchYvAqignsPRgTwB+tSbMvUZ6UMwOgHZWRh8rXjYw34EhdEWWBzg0U1ves6ynY88vJW0oFyWiiFcNGkEuy140X7h/Ev+3I=" wsu:Id="SigConf-929"></wsse11:SignatureConfirmation>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-931">
<ns3:getAvailabilityResponse xmlns:ns3="_URL_" xmlns="">
<RequestID>_requestID_</RequestID>
<Status>Available</Status>
<Version>1.32.0</Version>
</ns3:getAvailabilityResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
독서 용 Thx! 요청 및 응답으로 내 게시물을 편집했지만 제 3 자 서비스는 요청에 타임 스탬프가 필요합니다. 4.0에 이식하면 (핫픽스가 더 이상 설치되지 않기 때문에) 내 키가 존재하지 않는다고 알려줍니다. –
EnableUnsecuredResponse는 응답이 전혀 보안되지 않음을 의미합니다. 당신은 그것을 사용하기 위해 응답으로부터 모든 보안을 제거하기 위해 커스텀 인코더를 추가해야 할 것입니다. 이것은 응답이 서명을 위해 유효성이 검사되지 않는다는 것을 의미합니다. 이는 원하는 것이 아닐 수도 있습니다 (비록 ssl이 있으면 괜찮을 수도 있고 어떤 이유로 든 상관하지 않을 수도 있음). 그렇지 않으면 서버에서 요청에 타임 스탬프가 있어야하며 서명을 요청해야합니다. 그렇지 않으면 서명이 작동하지 않습니다. 그러면 서버는 응답에 서명되지 않은 타임 스탬프를 반환합니까? –
우리가 타임 스탬프를 포함하지 않으면 작동하지 않을 것입니다. 그래서 추측하는 응답을 제거하는 것 외에는 다른 옵션이 없습니까? –