Setting up authentication for SSL protected WSIT / Metro web service and client

↘锁芯ラ 提交于 2019-12-12 00:36:37

问题


I'm kind of confused about setting up standard authentication for my SSL protected service. I have tried the HTTP header way, but that's non standard, and WS-I is important for me. It is possible to set up the Authentication Token to be Username on method level. This is the resulted BindingPolicy in the WSIT XML:

<wsp:Policy wsu:Id="DataStoreWSPortBindingPolicy">
    <wsp:ExactlyOne>
        <wsp:All>
            <wsam:Addressing wsp:Optional="false"/>
            <sp:TransportBinding>
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic128/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:Wss10/>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DataStoreWSPortBinding_hello_Input_Policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SupportingTokens>
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken10/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

SvcUtil warnings:

<!--    WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://webServices/':    -->
          <!--    <wsdl:binding name='DataStoreWSPortBinding'>    -->
          <!--        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">..</sp:SupportingTokens>    -->

I want to set credentials in the WCF client via ClientCredentials and then authenticate on the service side via database. What are the steps to achieve that?


回答1:


If you want to have standard way on transport level why don't you use HTTP Basic authentication? That is the common standardized authentication mechanism for HTTP protocol and it works with web services as well.

The error you got is most probably because of SupportingTokens assertion. Even it is correct assertion WCF doesn't support it. Try to use SignedSupportingTokens or SignedEncryptedSupportingTokens. If you are not able to modify your service to produce such WSDL you can even try to modify the WSDL you got manually.

What you meant by WS-I? There are multiple WS-I standards and some of them don't expect policies at all - just plain SOAP services where headers are described in WSDL directly.



来源:https://stackoverflow.com/questions/7645895/setting-up-authentication-for-ssl-protected-wsit-metro-web-service-and-client

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!