HTTPS를 통한 WCF 및 본문 서명

Question

연결할 SOAP 서비스가 있습니다. https에 액세스해야하며 인증서가 서명 된 본문이 있어야합니다. 다음과 같이

<basicHttpBinding> 
    <binding name="P4Binding" closeTimeout="00:01:00" openTimeout="00:01:00" 
     receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" 
     bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
     maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
     messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" 
     useDefaultWebProxy="true"> 
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
      maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
     <security mode="TransportWithMessageCredential"> 
     <transport clientCredentialType="None" proxyCredentialType="None" 
      realm="" /> 
     <message clientCredentialType="Certificate" algorithmSuite="Default" /> 
     </security> 
    </binding> 
</basicHttpBinding> 

설정까지 내 고객 :

P4_ServiceReference.P4PortTypeClient client = new P4_ServiceReference.P4PortTypeClient(); 

client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None; 
client.ClientCredentials.ServiceCertificate.DefaultCertificate = new X509Certificate2(@"[..].cer"); 
client.ClientCredentials.ClientCertificate.Certificate = new X509Certificate2(@"[..]", "somepass"); 

는 심지어 ServiceContractAttribute를하고 OperationContractAttribute를에 ProtectionLevel=ProtectionLevel.Sign를 포함하는 내 Reference.cs을 변경

나는 다음과 같은 코드를 시도했습니다.

wse : security 헤더가 생성되었지만 본문에 서명이되지 않은 경우가 발생합니다. 이 서비스는 Element http://schemas.xmlsoap.org/soap/envelope/Body must be signed을 반환합니다.

몸이 제대로 서명되도록하려면 무엇이 누락 되었습니까?

Answer 1

basicHttpBinding 대신 customBinding을 사용하여이 문제를 해결했습니다.

 //Setup custom binding with HTTPS + Body Signing + Soap1.1 
     CustomBinding binding = new CustomBinding(); 

     //HTTPS Transport 
     HttpsTransportBindingElement transport = new HttpsTransportBindingElement(); 

     //Body signing 
     AsymmetricSecurityBindingElement asec = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); 
     asec.SetKeyDerivation(false); 
     asec.AllowInsecureTransport = true; 
     asec.IncludeTimestamp = true; 

     //Setup for SOAP 11 and UTF8 Encoding 
     TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); 

     //Bind in order (Security layer, message layer, transport layer) 
     binding.Elements.Add(asec); 
     binding.Elements.Add(textMessageEncoding); 
     binding.Elements.Add(transport); 

TransportWithMessageCredential은 보안을 위해 전송 만 사용하고 다른 모든 것은 무시합니다.