问题
All the geeks will say WSE is outdated.. Thats ok for me right now.. Just trying to find a solution for my problem Trying to consume a Java webservice using WSE. In the outgoing soap request has an security has additional time stamp node. My outgoing soap request looks like this
<soap:Header>
<wsa:Action wsu:Id="Id-6209d12b-20bf-407e-ac72-533d0f671a2c"></wsa:Action>
<wsa:MessageID wsu:Id="Id-280fe225-2f80-4f37-b5d4-120146fc7dec">urn:uuid:a427b687-6f52-4689-9df2-c2e3c6d9ea1a</wsa:MessageID><
wsa:ReplyTo wsu:Id="Id-bc623f16-761c-4e03-a23e-aa70bd9b8d34"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo>
<wsa:To wsu:Id="Id-b8607eed-cb9e-426b-a5dc-51d7855c32e1">https://service100.emedny.org:9047/MHService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-cbeb0310-93bf-4f39-a44d-3516b32b40e6"><wsu:Created>2013-06-20T20:19:47Z</wsu:Created><wsu:Expires>2013-06-20T20:24:47Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType></BinarySecurityToken>....</soap:Header>
.. I am trying to remove the action, messageid, replyto, timestamp elements
So the outgoing should look like
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken........>
</soap:header>
How would I remove the 4 elements + timestamp node from security.I am using WSE3.0. Sorry not Wcf rt now This is what I tried.
Step1
Create a custom policy assertion by deriving from Microsoft.Web.Services3.Design.PolicyAssertion.
namespace UsernameAssertionLibrary
{
public class UsernameClientAssertion : SecurityPolicyAssertion, PolicyAssertion
{
private string username;
private string password;
public UsernameClientAssertion(string username, string password)
{
this.username = username;
this.password = password;
}
public override SoapFilter CreateClientOutputFilter(FilterCreationContext context)
{
return new ClientOutputFilter(this, context);
}
public override SoapFilter CreateClientInputFilter(FilterCreationContext context)
{
// we don't provide ClientInputFilter
return null;
}
public override SoapFilter CreateServiceInputFilter(FilterCreationContext context)
{
// we don't provide any processing for web service side
return null;
}
public override SoapFilter CreateServiceOutputFilter(FilterCreationContext context)
{
// we don't provide any processing for web service side
return null;
}
public override System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<string, Type>> GetExtensions()
{
return new KeyValuePair<string, Type>[] { new KeyValuePair<string, Type>("UsernameClientAssertion", this.GetType()) };
}
public override void ReadXml(XmlReader reader, IDictionary<string, Type> extensions)
{
reader.ReadStartElement("UsernameClientAssertion");
}
#region ClientOutputFilter
class ClientOutputFilter : SendSecurityFilter
{
UsernameClientAssertion parentAssertion;
FilterCreationContext filterContext;
public ClientOutputFilter(UsernameClientAssertion parentAssertion, FilterCreationContext filterContext)
: base(parentAssertion.ServiceActor, false, parentAssertion.ClientActor)
{
this.parentAssertion = parentAssertion;
this.filterContext = filterContext;
}
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
X509SecurityTokenManager objCertTokenManager = (X509SecurityTokenManager)SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
objCertTokenManager.DefaultKeyAlgorithm = "RSA15";
objCertTokenManager.DefaultSessionKeyAlgorithm = "TripleDES";
X509Certificate2 cert = GetCertificateFromStore("LMWARD");
X509SecurityToken x5091 = new X509SecurityToken(cert);
X509Certificate2 cert2 = GetCertificateFromStore("DPMedsHistory");
X509SecurityToken x5092 = new X509SecurityToken(cert2);
UsernameToken userToken = new UsernameToken(
parentAssertion.username,
parentAssertion.password,
PasswordOption.SendNone); // we don't send password over network
// but we just use username/password to sign/encrypt message
// Add the token to the SOAP header.
security.Tokens.Add(x5091);
security.Tokens.Add(x5092);
security.Tokens.Add(userToken);
// Sign the SOAP message by using the UsernameToken.
MessageSignature sig = new MessageSignature(x5091);
security.Elements.Add(sig);
// encrypt BODY
EncryptedData data = new EncryptedData(x5092);
// add ancrypted data to the security context
security.Elements.Add(data);
}
private static X509Certificate2 GetCertificateFromStore(string certName)
{
// Get the certificate store for the current user.
X509Store store = new X509Store(StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
// Place all certificates in an X509Certificate2Collection object.
X509Certificate2Collection certCollection = store.Certificates;
X509Certificate2Collection signingCert = certCollection.Find(X509FindType.FindBySubjectName, certName, true);
if (signingCert.Count == 0)
return null;
// Return the first certificate in the collection, has the right name and is current.
return signingCert[0];
}
finally
{
store.Close();
}
}
}
#endregion
}
}
Step2
This is my wse3Policy.Config
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="usernameAssertion"
type="UsernameAssertionLibrary.UsernameServiceAssertion,
UsernameAssertionLibrary" />
</extensions>
<policy name="ServerPolicy">
<usernameAssertion />
</policy>
</policies>
Step3
namespace.Service1 MHs = new Service1();
UsernameClientAssertion assert = new UsernameClientAssertion("user", "pwd");
// create policy
Policy policy = new Policy();
policy.Assertions.Add(assert);
// and set it to web service
MHs.SetPolicy(policy);
Mhs.Method();
I am not getting any error. It has a warning in the policy file that The element policy has an invalid child element usernameassertion.List of possible elements are ....... The security timestamp element, ActionId, mesageId, replyTo, wsa elements still appear in the outgoing soap. What am I missing here..
来源:https://stackoverflow.com/questions/17223156/remove-timestamp-element-from-security