更新时间:2022-04-30 18:58:59
来源:网络转载

为CXF Web服务的.NET客户端身份验证和SOAP凭证头

情景

我有一个.NET客户端来访问Web服务。
该服务是一个Apache CXF Web服务。
用户名和密码验证是必需的。
我创建了代理。
我已经设置了证书。

I have to access a web service with a .NET client. The service is an Apache CXF Web Service. Username and password authentication is required. I have created the proxy. I have set up the credential.

MyServiceReference proxy = new MyServiceReference();
proxy.Credentials = new NetworkCredential("username", "password");
string res = proxy.Method1();

当我运行客户端,下面抛出异常:

When I run the client, the following exception is thrown:

System.Web.Services.Protocols.SoapHeaderException: An error was discovered processing the <wsse:Security> header

该服务发行商告诉我,凭据不在SOAP头present。
所以,我想这 IWebProxy.Credentials 是不成立的认证的正确方法。

The service publisher told me that the credentials are not present in the SOAP headers. So, I guess that IWebProxy.Credentials is not the correct way to set up the authentication.

所以,我怎么可以设置为验证所需的SOAP头?

So, how can I set up the SOAP header required for the authentication?


 1 条回答

网友1解答:

  • 最后,我不得不调用服务创造了整个SOAP消息并作出的HttpWebRequest 。在SOAP消息我手动指定安全标头:

    Eventually I had to invoke the service creating the whole SOAP message and making an HttpWebRequest. In the SOAP message I manually specify the security header:

    <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
     <wsse:UsernameToken wsu:Id='UsernameToken-1' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
        <wsse:Username>Foo</wsse:Username>
        <wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>Bar</wsse:Password>
        <wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>qM6iT8jkQalTDfg/TwBUmA==</wsse:Nonce>
        <wsu:Created>2012-06-28T15:49:09.497Z</wsu:Created>
     </wsse:UsernameToken>
  </wsse:Security>
</soapenv:Header>

    和这里的服务客户端:

    String Uri = "http://web.service.end.point"
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Uri);
req.Headers.Add("SOAPAction", "\"http://tempuri.org/Register\"");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";

String SoapMessage = "MySoapMessage, including envelope, header and body"
using (Stream stm = req.GetRequestStream())
{
    using (StreamWriter stmw = new StreamWriter(stm))
    {
        stmw.Write(SoapMessage);
    }
}


try
{
    WebResponse response = req.GetResponse();
    StreamReader sr = new StreamReader(response.GetResponseStream());
    log.InfoFormat("SoapResponse: {0}", sr.ReadToEnd());
}
catch(Exception ex)
{
    log.Error(Ex.ToString());
}

    有关Web服务安全性(WSS)有趣的资源:

    Interesting resources about Web Service Security (WSS):

    • Wikipedia
    • OASIS
c#
web-services
authentication
cxf
soapheader