SOAP 웹 서비스에 대한 WSSE Usernametoken 통신 올바른 방법
해당 wsdl을 통해 웹 서비스를 사용하려고합니다. 이 서비스는 http://docs.oasis-open.org/wss/2004/01/oasis-200401wss-wssecurity-secext-1.0 의 올바른 xml 네임 스페이스를 포함 하여 Web Services Security Basic Security Profile 1.0 을 준수하는 인증에 의존합니다 . xsd 가 요청에 포함되어야합니다.
예:
<wsse:UsernameToken xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>
Bob
</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>
1234
</wsse:Password>
</wsse:UsernameToken>
내 첫 번째 시도는 Add Service Referencewsdl 을 대상으로 하는 라인 과이를 사용하여 생성 된 프록시에서 발생했습니다.
ServicePointManager.ServerCertificateValidationCallback =
(object s, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) => true;
var basicHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
basicHttpBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Basic;
var endpoint = new EndpointAddress("https://secure-ausomxana.crmondemand.com/..."
using (var client = new ContactClient(basicHttpBinding, endpoint))
{
var credential = client.ClientCredentials.UserName;
credential.UserName = "bob";
credential.Password = "1234";
var input = ...
var output = client.ContactQueryPage(input);
}
그러나 Fiddler로 SOAP 메시지를 조사하려고 시도하면 UsernameToken 요소가 추가되지 않았 음을 알 수 있습니다.
이 계약을 이행하는 올바른 방법은 무엇입니까?
편집 : @John Saunders의 응답에 따라 wsHttpBinding을 사용하도록 코드를 변경하려고 시도했습니다.
var wsHttpBinding = new WSHttpBinding(SecurityMode.Transport);
wsHttpBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Basic;
이 바인딩을 사용하면 SOAP 메시지가
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<a:Action s:mustUnderstand="1">document/urn:crmondemand/ws/ecbs/contact/10/2004:ContactQueryPage</a:Action>
<a:MessageID>urn:uuid:17807f44-1fcasfdsfd</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://secure-ausomxana.crmondemand.com/Services/Integration</a:To>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<ContactQueryPage_Input xmlns="urn:crmondemand/ws/ecbs/contact/10/2004">
<ListOfContact xmlns="urn:/crmondemand/xml/Contact/Query">
<Contact>
<Id>1-asdfd</Id>
</Contact>
</ListOfContact>
</ContactQueryPage_Input>
</s:Body>
</s:Envelope>
이것은 wsse:UsernameTokenBasicHttpBinding을 사용하는 원본 SOAP 메시지를 참조 하기위한 요소 와 반대로 Header 요소를 추가합니다.
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<ContactQueryPage_Input xmlns="urn:crmondemand/ws/ecbs/contact/10/2004">
<ListOfContact xmlns="urn:/crmondemand/xml/Contact/Query">
<Contact>
<Id>1-asdfds</Id>
</Contact>
</ListOfContact>
</ContactQueryPage_Input>
</s:Body>
</s:Envelope>
바인딩을 변경하면
var wsHttpBinding = new WSHttpBinding(SecurityMode.TransportWithMessageCredential);
wsHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
wsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
내가 얻는 SOAP 메시지는
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
<a:MessageID>urn:uuid:eeb75457-f29e-4c65-b4bf-b580da26e0c5</a:MessageID>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://secure-ausomxana.crmondemand.com/Services/Integration</a:To>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2011-05-02T13:30:09.360Z</u:Created>
<u:Expires>2011-05-02T13:35:09.360Z</u:Expires>
</u:Timestamp>
<o:UsernameToken u:Id="uuid-dc3605a0-6878-42f4-b1f2-37d5c04ed7b4-2">
<o:Username>Bob</o:Username>
<o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">1234</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:Entropy>
<t:BinarySecret u:Id="uuid-7195ad74-580b-4e52-9e2c-682e5a684345-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">bI4xuyKwZ8OkQYBRnz2LDNV+zhIOnl0nwP24yI1QAwA=</t:BinarySecret>
</t:Entropy>
<t:KeySize>256</t:KeySize>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
이것은 매우 가까운 것처럼 보이지만 실제로는 내가 일어나고 싶지 않은 SOAP 메시지의 본문을 암호화 한 것으로 보입니다.
wsHttpBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;사용하여 지정하면 SecurityMode.Transport익명이라고 말하는 곳으로 돌아갑니다.
이것에 대해 해결할 수없는 마지막 장애물은 무엇입니까?
Final Solution: Figured I'd post this incase it helps someone, there's not really much different here other the UserToken object is wrapped in a Security node which is what my service provider required and seems to be how its output from my previous examples from what I could get generated.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="Contact" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="524288" maxBufferPoolSize="524288" maxReceivedMessageSize="524288"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="65536" maxArrayLength="131072"
maxBytesPerRead="32768" maxNameTableCharCount="131072" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://secure-ausomxana.crmondemand.com/Services/Integration"
binding="basicHttpBinding" bindingConfiguration="Contact"
contract="OnDemandContactService.Contact" name="OnDemand.Contact.Endpoint">
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USERNAME</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</client>
</system.serviceModel>
See With C#, WCF SOAP consumer that uses WSSE plain text authentication? for how to configure it using code and not config
If you need to send UserName over HTTPS you can use standard approach (if your WSDL is correctly defined this should be created for you automatically by adding service reference):
<bindings>
<basicHttpBinding>
<binding name="secured">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="..." address="https://..." contract="..." binding="basicHttpBinding"
bindingConfiguration="secured" />
</client>
Ar you can define binding in code:
var basicHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
You will set credentials in proxy as you do it now:
client.ClientCredentials.UserName.UserName = "bob";
client.ClientCredentials.UserName.Password = "1234";
If you only need UserNameToken profile over HTTP without any other WS-Security infrastructure the simplest approach is using ClearUserNameBinding.
If you need same user name and password for all requests from the client you can use simple basicHttpBinding without any security and include the static header from configuration:
<client>
<endpoint ...>
<headers>
<wsse:UsernameToken xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >
<wsse:Username>Bob</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>
1234
</wsse:Password>
</wsse:UsernameToken>
</headers>
</endpoint>
</client>
If you need anything more complex show the relevant part of WSDL (security assertion) or sample SOAP request. Also mention if you are required to use HTTP or HTTPS.
@Ladislav answer is correct. However, I was getting a MessageSecurityException for a SOAP 1.1 web service I was trying to use. Following this blog post from Scott Hanselman, I was able to make it work. This is the code I end up using:
var oldBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
oldBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
//remove the timestamp
BindingElementCollection elements = oldBinding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;
//sets the content type to application/soap+xml
elements.Find<TextMessageEncodingBindingElement>().MessageVersion = MessageVersion.Soap11;
CustomBinding newBinding = new CustomBinding(elements);
Use wsHttpBinding, not basicHttpBinding.
In fact, you should just use "Add Service Reference" and point to the WSDL of the service.
ReferenceURL : https://stackoverflow.com/questions/5836685/correct-way-communicate-wsse-usernametoken-for-soap-webservice
'UFO ET IT' 카테고리의 다른 글
| GOOGLE로 HTML 소스에서 검색 하시겠습니까? (0) | 2021.01.08 |
|---|---|
| std :: vector 대신 QVector (Qt)를 사용하는 이유 (0) | 2021.01.08 |
| Java의 ArrayList의 제거 기능이 비용이 적게 드는 이유는 무엇입니까? (0) | 2021.01.08 |
| manpath가 아닌 .man 파일을 읽는 방법은 무엇입니까? (0) | 2021.01.08 |
| 파이썬 스레딩. (0) | 2021.01.08 |