https://stackoverflow.com/questions/19874602
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianEDIT: See here a detailed solution to consume this EBS-EDT service
Since you only need signature and not encryption try specifying that in the message contract itself:
[MessageHeader(ProtectionLevel=System.Net.Security.ProtectionLevel.Sign)]
How can i sign soap headers in WCF client
-
30-07-2022 - |
質問
I'm trying to call web service. The well-formed soap message (from service spec) looks like:
<soapenv:Envelope xmlns:ebs="http://ebs.health.ontario.ca/" xmlns:edt="http://edt.health.ontario.ca/" xmlns:idp="http://idp.ebs.health.ontario.ca/" xmlns:msa="http://msa.ebs.health.ontario.ca/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-ED7F771775BF23B4CE137760623417313">MIICDzCCAXigAwIBAgIEUYu//zANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJDQTETMBEGA1UECgwKREVOSVNfVGVzdDEoMCYGA1UEAxMfT05EMkMwMDczMTMwMy5jaWhzLmFkLmdvdi5vbi5jYTAeFw0xMzA1MDkxNTI1NTFaFw0xNDA1MDkxNTI1NTFaMEwxCzAJBgNVBAYTAkNBMRMwEQYDVQQKDApERU5JU19UZXN0MSgwJgYDVQQDEx9PTkQyQzAwNzMxMzAzLmNpaHMuYWQuZ292Lm9uLmNhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBDiEjn5QX0qL9Xgp1t1+y/nGmBke8oYqEybV0/slsffe7nmK//TqMxhDCxxYx1BiU/ddpxI8hlsLGVaGu/QfcBFYeGfTSQBQ+ZQNbp9D8O5I9T7Uds52dOljCq6fIgZ5eMFWKHL1zlm2VUOi19SS++HuhpDDsAgEClUCDYhs1BwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABeuNnUGNWSlLHALdJMCdiU4C40+QXOrOwy5IB5rXA3RsQt0MPU7+FKCBClCcKrIJEKGZFrRg/axN0woiQhKPfcuOT7n1O8dvbXf5cGGR5l/kVDOO6DR2Mguo3jcKndVVpp0AjqI1jpxo1MkROJwbERtBqbjYRdOKyFexICVHN3k</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-30" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ebs edt idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#TS-25">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsse ebs edt idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>vVFQZIFYpfV/qk0X7lZpVuV9ao6Zckl4g78O+UXKCBE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#UsernameToken-26">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ebs edt idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>IqZOA4Ha1Ial3UqDc9Gl6wPLQF18xOSTBPR1/oj0mwY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-27">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="edt idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>qHx6/vbUQhLVSqZmvJZSIEFXwSJ5TQhfgtJ3OfSnhdY=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-28">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ebs edt msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Mm83R8AW0mj1cGq4MwOxMiT9sI5nD8qo4KGcKfr/N8Q=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-29">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ebs edt idp msa" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>f5Rcb1Z6o074KqaJDr7DDuIPIqaYS1OcYnZogVFWln0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Uue2z5y0zbmbiG2qYXm83L5WYTeDL6uMasDMo6Ns7KLUmRndX0Iv+XGuA6EIG4HEpeCpCsjjFaQ8
m1wZbEg+uLjug7QlkdhMCTA6gXEdlzgl7p9IGbnHgTGjPuY+af57ArwMAgktr5FXTKXLEPMQHyg/
Isi6r1c12vFdERUai7w=
</ds:SignatureValue>
<ds:KeyInfo Id="KI-ED7F771775BF23B4CE137760623417314">
<wsse:SecurityTokenReference wsu:Id="STR-ED7F771775BF23B4CE137760623417315">
<wsse:Reference URI="#X509-ED7F771775BF23B4CE137760623417313" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:UsernameToken wsu:Id="UsernameToken-26">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
<wsu:Timestamp wsu:Id="TS-25">
<wsu:Created>2013-08-27T12:23:54Z</wsu:Created>
<wsu:Expires>2013-08-27T12:28:54Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<idp:IDP wsu:Id="id-28" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ServiceUserMUID>282673</ServiceUserMUID>
</idp:IDP>
<ebs:EBS wsu:Id="id-27" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<SoftwareConformanceKey>1111</SoftwareConformanceKey>
<AuditId>2222</AuditId>
</ebs:EBS>
</soapenv:Header>
<soapenv:Body wsu:Id="id-29" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<edt:list>
<resourceType>CL</resourceType>
<pageNo>1</pageNo>
</edt:list>
</soapenv:Body>
</soapenv:Envelope>
In wcf message log I see the following output
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://edt.health.ontario.ca/EDTDelegate/listRequest</Action>
<h:EBS xmlns="http://ebs.health.ontario.ca/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:h="http://ebs.health.ontario.ca/">
<SoftwareConformanceKey xmlns="">1111</SoftwareConformanceKey>
<AuditId xmlns="">2222</AuditId>
</h:EBS>
<h:IDP xmlns="http://idp.ebs.health.ontario.ca/" xmlns:h="http://idp.ebs.health.ontario.ca/">
<ServiceUserMUID xmlns="">user11</ServiceUserMUID>
</h:IDP>
<h:MSA xmlns="http://msa.ebs.health.ontario.ca/" xmlns:h="http://msa.ebs.health.ontario.ca/">
<UserID xmlns="">user</UserID>
</h:MSA>
<ActivityId CorrelationId="a87eb831-b9d2-4333-8cae-f4138320fff1" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">036f870c-b78f-40f7-ba27-7cdc8516f4fe</ActivityId>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"></VsDebuggerCausalityData>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<list xmlns="http://edt.health.ontario.ca/">
<resourceType xmlns="">CL</resourceType>
<pageNo xmlns="">1</pageNo>
</list>
</s:Body>
</s:Envelope>
And I get exception which says
SecurityVersion.WSSecurityJan2004 does not support header encryption. Header with name 'EBS' and namespace 'http://ebs.health.ontario.ca/' is configured for encryption. Consider using SecurityVersion.WsSecurity11 and above or use transport security to encrypt the full message.
解決
所属していません StackOverflow
