WCF - 用于签署时间戳、正文和 BinarySecirityToken 的 CustomBinding

Question

我需要打电话给 java/Oracle 有严格格式要求的合作伙伴。

我的请求应该是这样的： sample request

但它实际上是这样的： my request

BinarySecurityToken 由于某种原因重复。

我的自定义绑定：

        UPLVaccinatieGegevensClient client = new UPLVaccinatieGegevensClient(GetBinding(), new EndpointAddress(new Uri("https://...."), EndpointIdentity.CreateDnsIdentity("...")));
        client.ClientCredentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "...");
        client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "...");

        var vs = client.Endpoint.EndpointBehaviors.FirstOrDefault((i) => i.GetType().Namespace == "Microsoft.VisualStudio.Diagnostics.ServiceModelSink");
        if (vs != null)
        {
            client.Endpoint.Behaviors.Remove(vs);
        }
        
        client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;

        //UPLVaccinatieGegevensClient client = new UPLVaccinatieGegevensClient("UPLVaccinatieGegevens1");

        var request = GetRequest();
        var response = client.GetAanleverenVaccinatieGegevens(request);
    }

    private static CustomBinding GetBinding()
    {
        var messageSecurity = new AsymmetricSecurityBindingElement
        {
            MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,
            InitiatorTokenParameters = new X509SecurityTokenParameters
            {
                InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient,
                ReferenceStyle = SecurityTokenReferenceStyle.External,
                X509ReferenceStyle = X509KeyIdentifierClauseType.RawDataKeyIdentifier,
                RequireDerivedKeys = false
            },
            RecipientTokenParameters = new X509SecurityTokenParameters
            {
                InclusionMode = SecurityTokenInclusionMode.Never,
                ReferenceStyle = SecurityTokenReferenceStyle.External,
                X509ReferenceStyle = X509KeyIdentifierClauseType.Any,
                RequireDerivedKeys = false
            },
        };
        messageSecurity.EnableUnsecuredResponse = true;
        messageSecurity.IncludeTimestamp = true;
        messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampFirst;
        messageSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
        messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;

        messageSecurity.SetKeyDerivation(false);
        messageSecurity.EndpointSupportingTokenParameters.Signed.Add(messageSecurity.InitiatorTokenParameters);
        messageSecurity.LocalClientSettings.TimestampValidityDuration = new TimeSpan(0, 1, 0);

        HttpsTransportBindingElement elem = new HttpsTransportBindingElement { RequireClientCertificate = true };
        CustomBinding binding = new CustomBinding(messageSecurity, new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8), elem);

        return binding;
    }

我错过了什么？

Answer 1

当 X509SecurityTokenParameters.InclusionMode 在 InitiatorTokenParameters、RecipientTokenParameters 或 EndpointSupportingTokenParameters.Signed.

中设置为 SecurityTokenInclusionMode.Never 以外的任何其他内容时，似乎正在添加额外的令牌

您可以尝试将InclusionMode的值设为SecurityTokenInclusionMode.Never:

InclusionMode = SecurityTokenInclusionMode.Never