Usuń element Timestamp z Security
Wszyscy maniacy powiedzą, że GPW jest przestarzała. W tej chwili jest to dla mnie OK. Próbuję znaleźć rozwiązanie dla mojego problemu. Próbuję wykorzystać serwis WWW Java przy użyciu GPW. W wychodzącym żądaniu mydła jest zabezpieczony dodatkowy węzeł znacznika czasu. Moja prośba o mydło wychodzące wygląda tak
<soap:Header>
<wsa:Action wsu:Id="Id-6209d12b-20bf-407e-ac72-533d0f671a2c"></wsa:Action>
<wsa:MessageID wsu:Id="Id-280fe225-2f80-4f37-b5d4-120146fc7dec">urn:uuid:a427b687-6f52-4689-9df2-c2e3c6d9ea1a</wsa:MessageID><
wsa:ReplyTo wsu:Id="Id-bc623f16-761c-4e03-a23e-aa70bd9b8d34"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address></wsa:ReplyTo>
<wsa:To wsu:Id="Id-b8607eed-cb9e-426b-a5dc-51d7855c32e1">https://service100.emedny.org:9047/MHService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-cbeb0310-93bf-4f39-a44d-3516b32b40e6"><wsu:Created>2013-06-20T20:19:47Z</wsu:Created><wsu:Expires>2013-06-20T20:24:47Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken ValueType></BinarySecurityToken>....</soap:Header>
.. Próbuję usunąć akcję, messageid, replyto, timestamp
Więc wychodzące powinny wyglądać
<soap:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken........>
</soap:header>
Jak usunąć 4 elementy + węzeł znacznika czasu z zabezpieczeń. Używam WSE3.0. Przykro mi nie Wcf rt teraz To właśnie próbowałem.
Step1
Create a custom policy assertion by deriving from Microsoft.Web.Services3.Design.PolicyAssertion.
namespace UsernameAssertionLibrary
{
public class UsernameClientAssertion : SecurityPolicyAssertion, PolicyAssertion
{
private string username;
private string password;
public UsernameClientAssertion(string username, string password)
{
this.username = username;
this.password = password;
}
public override SoapFilter CreateClientOutputFilter(FilterCreationContext context)
{
return new ClientOutputFilter(this, context);
}
public override SoapFilter CreateClientInputFilter(FilterCreationContext context)
{
// we don't provide ClientInputFilter
return null;
}
public override SoapFilter CreateServiceInputFilter(FilterCreationContext context)
{
// we don't provide any processing for web service side
return null;
}
public override SoapFilter CreateServiceOutputFilter(FilterCreationContext context)
{
// we don't provide any processing for web service side
return null;
}
public override System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<string, Type>> GetExtensions()
{
return new KeyValuePair<string, Type>[] { new KeyValuePair<string, Type>("UsernameClientAssertion", this.GetType()) };
}
public override void ReadXml(XmlReader reader, IDictionary<string, Type> extensions)
{
reader.ReadStartElement("UsernameClientAssertion");
}
#region ClientOutputFilter
class ClientOutputFilter : SendSecurityFilter
{
UsernameClientAssertion parentAssertion;
FilterCreationContext filterContext;
public ClientOutputFilter(UsernameClientAssertion parentAssertion, FilterCreationContext filterContext)
: base(parentAssertion.ServiceActor, false, parentAssertion.ClientActor)
{
this.parentAssertion = parentAssertion;
this.filterContext = filterContext;
}
public override void SecureMessage(SoapEnvelope envelope, Security security)
{
X509SecurityTokenManager objCertTokenManager = (X509SecurityTokenManager)SecurityTokenManager.GetSecurityTokenManagerByTokenType(WSTrust.TokenTypes.X509v3);
objCertTokenManager.DefaultKeyAlgorithm = "RSA15";
objCertTokenManager.DefaultSessionKeyAlgorithm = "TripleDES";
X509Certificate2 cert = GetCertificateFromStore("LMWARD");
X509SecurityToken x5091 = new X509SecurityToken(cert);
X509Certificate2 cert2 = GetCertificateFromStore("DPMedsHistory");
X509SecurityToken x5092 = new X509SecurityToken(cert2);
UsernameToken userToken = new UsernameToken(
parentAssertion.username,
parentAssertion.password,
PasswordOption.SendNone); // we don't send password over network
// but we just use username/password to sign/encrypt message
// Add the token to the SOAP header.
security.Tokens.Add(x5091);
security.Tokens.Add(x5092);
security.Tokens.Add(userToken);
// Sign the SOAP message by using the UsernameToken.
MessageSignature sig = new MessageSignature(x5091);
security.Elements.Add(sig);
// encrypt BODY
EncryptedData data = new EncryptedData(x5092);
// add ancrypted data to the security context
security.Elements.Add(data);
}
private static X509Certificate2 GetCertificateFromStore(string certName)
{
// Get the certificate store for the current user.
X509Store store = new X509Store(StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadOnly);
// Place all certificates in an X509Certificate2Collection object.
X509Certificate2Collection certCollection = store.Certificates;
X509Certificate2Collection signingCert = certCollection.Find(X509FindType.FindBySubjectName, certName, true);
if (signingCert.Count == 0)
return null;
// Return the first certificate in the collection, has the right name and is current.
return signingCert[0];
}
finally
{
store.Close();
}
}
}
#endregion
}
}
Step2
This is my wse3Policy.Config
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="usernameAssertion"
type="UsernameAssertionLibrary.UsernameServiceAssertion,
UsernameAssertionLibrary" />
</extensions>
<policy name="ServerPolicy">
<usernameAssertion />
</policy>
</policies>
Step3
namespace.Service1 MHs = new Service1();
UsernameClientAssertion assert = new UsernameClientAssertion("user", "pwd");
// create policy
Policy policy = new Policy();
policy.Assertions.Add(assert);
// and set it to web service
MHs.SetPolicy(policy);
Mhs.Method();
Nie dostaję żadnego błędu. W pliku zasad ma ostrzeżenie, że polityka elementu ma nieprawidłowy element podrzędny usernameassertion. Lista możliwych elementów to ....... Element znacznika czasu bezpieczeństwa, ActionId, mesageId, replyTo, elementy nadal pojawiają się w mydle wychodzącym . Czego mi tu brakuje ...