我收到以下错误:
传入的消息使用令牌进行签名,该令牌与用于加密正文的令牌不同。这不是预期的。
我知道在我尝试他们所要求的一切之前已经问过这个问题了。不知道我还需要做什么。
我认为它必须对我的app.config文件做一些事情:
<system.serviceModel>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
<client>
<endpoint address="https://xxxxxx/ESARWS/CORETransactionService"
behaviorConfiguration="endpointCredentialBehavior" binding="customBinding"
bindingConfiguration="esar" contract="ESAR.CORETransaction"
name="CoreSoapPort">
<identity>
<dns value="xxxxx" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointCredentialBehavior">
<clientCredentials>
<clientCertificate findValue="xxxxx"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="ChainTrust"/>
<defaultCertificate findValue="xxxxxxxxx"
storeLocation="CurrentUser"
storeName="AddressBook"
x509FindType="FindBySubjectName" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="esar" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00">
<security
defaultAlgorithmSuite="Basic128"
authenticationMode="MutualCertificate"
requireSecurityContextCancellation="false"
allowSerializedSigningTokenOnReply="true"
enableUnsecuredResponse="true"
allowInsecureTransport="false"
requireDerivedKeys="false"
includeTimestamp="false"
securityHeaderLayout="Strict"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap />
<localClientSettings detectReplays="false"/>
</security>
<!--<mtomMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8" maxBufferSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</mtomMessageEncoding>-->
<!--<mixedMessageEncoding messageVersion="Soap12"/>-->
<swaMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
<extensions>
<bindingElementExtensions>
<!--<add name="mixedMessageEncoding" type="CustomEncoderProject.MyNewEncodingBindingExtensionElement, CustomEncoderProject"/>-->
<add name="swaMessageEncoding"
type="Microsoft.Austria.WcfHelpers.SoapWithAttachments.SwaMessageEncodingElement, Microsoft.Austria.WcfHelpers.SoapWithAttachments" />
</bindingElementExtensions>
</extensions>
</system.serviceModel>
如果服务器端是用java开发的,那么C#的实现就有区别。
我更喜欢使用SAOP UI尝试服务并检查成功请求/响应。然后使用工具(例如fiddler)记录C#流量并检查差异。通常C#以不同的格式发送证书然后java。
您可以尝试使用自定义令牌身份验证器。如果您检查响应,可能您将成为BinarySecurityToken(#Base64Binary格式)的证书。这不是ssl证书。这是标志证书。然后,您可以将其用作凭据上的服务证书。
所以,请按照:https://docs.microsoft.com/en-us/dotnet/framework/wcf/extending/how-to-create-a-custom-security-token-authenticator然后自定义这样:
Public Overrides Function CreateSecurityTokenProvider(ByVal p_oRequirement As SecurityTokenRequirement) As SecurityTokenProvider
Dim oRes As SecurityTokenProvider = Nothing
If p_oRequirement.TokenType = SecurityTokenTypes.X509Certificate Then
Dim direction = p_oRequirement.GetProperty(Of MessageDirection)(ServiceModelSecurityTokenRequirement.MessageDirectionProperty)
If direction = MessageDirection.Output Then
If p_oRequirement.KeyUsage = SecurityKeyUsage.Signature Then
oRes = New X509SecurityTokenProvider(Me._oCredenciales.ClientCertificate.Certificate)
Else
oRes = New X509SecurityTokenProvider(Me._oCredenciales.ServiceCertificate.DefaultCertificate())
End If
End If
Else
oRes = MyBase.CreateSecurityTokenProvider(p_oRequirement)
End If
Return oRes
End Function
我想这会对你有所帮助。