how to consume java webservice from .net and wcf
https://stackoverflow.com/questions/13076456
-
14-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
I am stuck with an interoperatibility issue. I am from .net and have to consume a Java Secured Service by signing request using x509 certificate. I have WSDL and generated service reference in .net wcf client and added x509 certificate credentials in app.config but the client does not generate the expected SOAP Payload (traced in fiddler) and java service throws error. Is there a way WCF client generate payload as expected by java?
Below is the Working Request Payload given by Java Guys.
<soapenv:Envelope xmlns:smok="http://www.javaServer.org/schemas/SmokeTest" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ds:Signature Id="SIG-53" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="smok soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-52">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="smok" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>dCnj2a+0wptrFSyWzEgwetSTHmM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
WgD3P8DWPG4eWXzXiD9+LZosn7ggRPpIC1OAmq9bn0s1HuGhM/fZozfDhEDn5sAF9RtVFiAZxC03
4tW+cuxC5jAHH4GYQud6s5h5sGwvhLshQNVdI6HBBFQWr+J3mUEBbUCExJ6HEe1i2v0+dMQNWezo
E1Ot7klNGxXedHzrlZw=
</ds:SignatureValue>
<ds:KeyInfo Id="KI-DE6BE13CF8D5419B66135109740345572">
<wsse:SecurityTokenReference wsu:Id="STR-DE6BE13CF8D5419B66135109740345573">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>
<ds:X509SerialNumber>51921456535433584705342517836423530149</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-52" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<smok:HelloRequest>
<smok:Name>Hello from Heruwala</smok:Name>
</smok:HelloRequest>
</soapenv:Body>
</soapenv:Envelope>
解决方案
Use a customBinding with security.mode of "mutualCertificate" as explained here. If this fails please publish how your request looks life (via Fiddler or Wcf logging) so we can compare it. One expected difference is that the certificate will appear as binary token and not X509Data. I do not expect the server to fail because of this. In case it does you can fix that by creating the whole custom binding from code. When you need to create the security element it will be something like this:
SecurityBindingElement sec =
SecurityBindingElement.CreateMutualCertificateBindingElement(
MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, false);
X509SecurityTokenParameters x509Params = new X509SecurityTokenParameters();
x509Params.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
((AsymmetricSecurityBindingElement) sec).InitiatorTokenParameters = x509Params;
or by hard coding the X509Data in a custom encoder.
