Мобильная версияКод: Выделить всё
An error occurred when verifying security for the message.Код: Выделить всё
The 'Body', 'http://schemas.xmlsoap.org/soap/envelope/' required message part was not encrypted.Код: Выделить всё
private void RunServiceOasisCompat()
{
Uri baseAddress = new Uri(_config.LocalEndpointSpri);
//Create the ServiceHost
_host = new ServiceHost(typeof(SpriService), baseAddress);
Binding binding = null;
if (_config.LocalEndpointSpri.StartsWith("https"))
{
binding = CreateServiceBindingOasis();
}
else
{
binding = new BasicHttpBinding();
}
ServiceEndpoint serviceEndpoint =
_host.AddServiceEndpoint(typeof(SpriPort), binding, _config.LocalEndpointSpri);
if (_host.Credentials.ServiceCertificate.Certificate != null)
_log.WriteLog(info, "This is the current (default) service credentials certificate's distinguished name: " + _host.Credentials.ServiceCertificate.Certificate.SubjectName.Name);
_host.Credentials.ClientCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
_host.Credentials.ServiceCertificate.Certificate =
GetCertificateFromStore(_config.SpriLocalSignatureCertSubject);
// add client certificate thumbprint for internal authorization
var ccert = GetCertificateFromStore(_config.SpriRemoteSignatureCertSubject);
SpriService.ClientThumbprint = ccert.Thumbprint;
_clientThumbprint = ccert.Thumbprint;
//Enable metadata publishing
ServiceMetadataBehavior smb = _host.Description.Behaviors.Find();
//If not, add one
if (smb != null)
{
_host.Description.Behaviors.Remove(smb);
}
smb = new ServiceMetadataBehavior();
smb = new ServiceMetadataBehavior();
if (_config.LocalEndpointSpri.StartsWith("https"))
{
smb.HttpGetEnabled = false;
smb.HttpsGetEnabled = true;
smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
_host.Description.Behaviors.Add(smb);
// Add MEX endpoint
_host.AddServiceEndpoint(
ServiceMetadataBehavior.MexContractName,
//MetadataExchangeBindings.CreateMexHttpBinding(),
MetadataExchangeBindings.CreateMexHttpsBinding(), // HTTPS
"mex"
);
}
else
{
smb.HttpGetEnabled = true;
smb.HttpsGetEnabled = false;
smb.MetadataExporter.PolicyVersion = PolicyVersion.Policy15;
_host.Description.Behaviors.Add(smb);
// Add MEX endpoint
_host.AddServiceEndpoint(
ServiceMetadataBehavior.MexContractName,
MetadataExchangeBindings.CreateMexHttpBinding(),
"mex"
);
}
SpriService._controlStampIssuer =
_config.SpriOverrideIssuer != null && _config.SpriOverrideIssuer.Length > 0
? _config.SpriOverrideIssuer
: _host.Credentials.ServiceCertificate.Certificate.Subject;
if (_host.Credentials.ServiceCertificate.Certificate != null)
{
SpriService._controlStampSerial = _host.Credentials.ServiceCertificate.Certificate.SerialNumber;
SpriService._controlStampMajorRelease = _config.SpriMajorRelease;
SpriService._controlStampMinorRelease = _config.SpriMinorRelease;
}
else
_log.WriteLog(error, "Could not get service credential certificate.");
// Open the ServiceHost to start listening for messages.
try
{
_host.Open();
_log.WriteLog(info, "host open succesfully");
}
catch (Exception xcp)
{
_log.WriteLog(error, "host open \n" + xcp.Message + Environment.NewLine + xcp.StackTrace);
}
SpriService.EventInboundOrderSpri += SpriService_EventInboundOrderSpri;
SpriService.EventInboundMessageSpri += SpriService_EventInboundMessageSpri;
}
CustomBinding CreateServiceBindingOasis()
{
//Setup custom binding with HTTPS + Body Signing + Soap1.1
CustomBinding binding = new CustomBinding();
//HTTPS Transport
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
var asecb = new AsymmetricSecurityBindingElement();
asecb.IncludeTimestamp = false;
asecb.LocalServiceSettings.DetectReplays = false;
asecb.RecipientTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.SubjectKeyIdentifier, SecurityTokenInclusionMode.AlwaysToInitiator);
asecb.InitiatorTokenParameters = new X509SecurityTokenParameters(X509KeyIdentifierClauseType.SubjectKeyIdentifier, SecurityTokenInclusionMode.AlwaysToRecipient);
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
asecb.SecurityHeaderLayout = SecurityHeaderLayout.Strict;
asecb.AllowSerializedSigningTokenOnReply = true;
asecb.RequireSignatureConfirmation = false;
//asecb.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
asecb.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
asecb.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
switch (_config.WsSecurityAlgorithmSuite.ToLower())
{
case null:
case "":
case "basic256":
// this is the default setting
// binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256;
break;
case "basic128":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128;
break;
case "basic128rsa15":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
break;
case "basic128sha256":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Sha256;
break;
case "basic128sha256rsa15":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Sha256Rsa15;
break;
case "basic192":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic192;
break;
case "basic192rsa15":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic192Rsa15;
break;
case "basic192sha256":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic192Sha256;
break;
case "basic192sha256rsa15":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic192Sha256Rsa15;
break;
case "basic256rsa15":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;
break;
case "basic256sha256":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256;
break;
case "basic256sha256rsa15":
asecb.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256Sha256Rsa15;
break;
default:
_log.WriteLog(error, $"Unknown HashAlgorithm '{_config.WsSecurityAlgorithmSuite}', possible values are: , SHA-1, SHA256");
break;
}
//Setup for SOAP 11 and UTF8 Encoding
TextMessageEncodingBindingElement textMessageEncoding = new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
//Bind in order (Security layer, message layer, transport layer)
binding.Elements.Add(asecb);
binding.Elements.Add(textMessageEncoding);
binding.Elements.Add(transport);
return binding;
}
Кто-нибудь знает, что мне нужно настроить на своей стороне, чтобы моя служба могла получить запрос?
Я использовал CustomBinding, поскольку используется SOAP 1.1, но с дополнительным WS-Security.
Подробнее здесь: https://stackoverflow.com/questions/790 ... uired-mess
