我正在尝试使用 .Net 通过 Http 而不是 Https 调用 Java Web 服务。我从 Web 服务团队得到的唯一提示是在 SOAP 消息或端点设置中传递凭据。
我创建了一个简单的控制台应用程序,并向 Web 服务添加了服务引用。以下是生成的绑定(bind)(我看到有关于无法识别的策略的警告,但无法弄清楚它的含义或是否相关):
<customBinding>
<binding name="CurrencyInformationServiceSoapBinding">
<!-- WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://www.openuri.org/': -->
<!-- <wsdl:binding name='CurrencyInformationServiceSoapBinding'> -->
<!-- <ns1:SupportingTokens xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512">..</ns1:SupportingTokens> -->
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<!--<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>-->
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
这是我的试验:
线索#1:
-----------
使用以下代码:
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
或在 Windows 属性中提供凭据
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential("crmuser", "welcome1");
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
或在 UserName 属性中提供凭据
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient();
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
结果
System.ServiceModel.FaultException: Error on verifying message against security policy Error code:1000
线索#2:
-----------
根据我看到的一条评论,我尝试在绑定(bind)中添加以下标签,并通过在 ClientCredentials 的 UserName 属性中传递凭据来调用 Web 服务
<security authenticationMode="UserNameOverTransport" allowInsecureTransport="true"/>
但结果是
System.ServiceModel.Security.MessageSecurityException: Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.
线索#3:
-----------
我尝试使用 WSHttpBinding 而不是 VS 生成的 CustomBinding,如下所示:
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
EndpointAddress ea = new EndpointAddress("http://someurl/CurrencyInformationService.jws");
CurrencyInformationServiceClient client = new CurrencyInformationServiceClient(binding, ea);
client.ClientCredentials.UserName.UserName = "someuser";
client.ClientCredentials.UserName.Password = "somepassword";
foreignCurrencyDTO[] results = client.getAllForeignCurrencies();
但结果是
System.ServiceModel.ProtocolException: Content Type application/soap+xml; charset=utf-8 was not supported by service http://someurl/CurrencyInformationService.jws. The client andservice bindings may be mismatched. ---> System.Net.WebException: The remote server returned an error: (415) Unsupported Media Type.
更新:
-----------
我收到了供应商的工作请求,并在soapUI 中进行了尝试,它给出了正确的响应。
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Header>
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="SecurityToken-35598fb7-5aa2-4623-b07b-3277c6578beb" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>someuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">somepassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<getAllForeignCurrencies xmlns="http://www.openuri.org/">
</getAllForeignCurrencies>
</soap:Body>
</soap:Envelope>
有人可以提示我如何生成这样的 SOAP 请求吗?
最佳答案
我在使用 .Net 使用 Java Web 服务时遇到了同样的问题,这个线程部分帮助我能够使用 Web 服务。
但是,不知怎的,我偶然发现了这篇文章,它对我来说是最终的解决方案:http://weblog.west-wind.com/posts/2012/Nov/24/WCF-WSSecurity-and-WSE-Nonce-Authentication
以下设置对我来说效果很好:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomSoapBinding">
<security includeTimestamp="false"
authenticationMode="UserNameOverTransport"
defaultAlgorithmSuite="Basic256"
requireDerivedKeys="false"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
</security>
<textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
<httpsTransport maxReceivedMessageSize="2000000000"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://notrealurl.com:443/services/RealTimeOnline"
binding="customBinding"
bindingConfiguration="CustomSoapBinding"
contract="RealTimeOnline.RealTimeOnline"
name="RealTimeOnline" />
</client>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0"
sku=".NETFramework,Version=v4.0"/>
</startup>
</configuration>
关于java - 从 .Net 调用 Java Web 服务时出现安全策略错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18871449/