我需要使用第三方Web服务。我有一个WSDL文件和.pkcs12密钥库文件和密码。使用该WSDL文件,我在项目中添加了Web参考。读取密钥库文件。创建X509certificate2类的新实例,并在添加到服务类后导入证书。我正在尝试在服务中调用方法
service.mymethod(param1)--> (At this line its throwing error stating that ws-security header not found)
通过搜索错误,我发现了StackOverflow链接以添加安全标头跟随该链接后,这里是完整的代码
//reading PCKS12 certificate
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var path = System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Content\\myKeyStoreFile.pkcs12");
var data = System.IO.File.ReadAllBytes(path);
//Importing Certificate
X509Certificate2 certificate = new X509Certificate2();
certificate.Import(data, "password", X509KeyStorageFlags.DefaultKeySet);
//adding WS-Security Headers
UsernameToken token = new UsernameToken("keyname", "password", PasswordOption.SendHashed);
service.RequestSoapContext.Security.Tokens.Add(token);
//adding certificate to service
service.ClientCertificates.Add(certificate);
//calling proxy class(service method)
service.methodname(param1);-->(its throwing System.web.service.protocols.soapheaderexception:'nested exception is org.apache.wss4j.common.ext.WSSSecurityException Original Exception was javax.security.auth.callback.unsupportedcallbackexception)
我有一个Java代码(在Spring Boot中实现)供参考。Wss4jSecurityInterceptor securityInterceptor =新的Wss4jSecurityInterceptor();
//crypto varible contains .pkcs12 file path and password properties
Crypto crypto = null;
try {
crypto = CryptoFactory.getInstance(cryptoPropertyFile);
}catch(WSSecurityException e) {
e.printStackTrace();}
securityInterceptor.setSecurementActions("Encrypt Signature");
securityInterceptor.setSecurementEncryptionUser(trustedCertKeyAlias);
securityInterceptor.setSecurementEncryptionCrypto(crypto);
securityInterceptor.setSecurementEncryptionParts("{Content {http://schemas.xmlsoap.org/soap/envelope/}Body");
securityInterceptor.setSecurementUsername(privateKeyAlias);
securityInterceptor.setSecurementPassword(privateKeyPassword);
securityInterceptor.setSecurementSignatureCrypto(crypto);
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
securityInterceptor.setSecurementSignatureUser(privateKeyAlias);
securityInterceptor.setSecurementSignatureParts("{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
securityInterceptor.setValidationActions("Encrypt");
securityInterceptor.setValidationDecryptionCrypto(crypto);
KeyStoreCallbackHandler keyStoreCallbackHandler = new KeyStoreCallbackHandler();
keyStoreCallbackHandler.setPrivateKeyPassword(privateKeyPassword);
securityInterceptor.setValidationCallbackHandler(keyStoreCallbackHandler);
LogHttpHeaderClientInterceptor logHttpHeaderClientInterceptor = new LogHttpHeaderClientInterceptor();
ClientInterceptor[] interceptors = {securityInterceptor, logHttpHeaderClientInterceptor};
template.setInterceptors(interceptors);
任何人都可以让我知道如何在dotnet中添加拦截器。我已经做过一些研究,但找不到任何解决方案。在dotnet中是否有任何类似Wss4jSecurityInterceptor的东西。
IClientMessageInspector可能是您想要的东西。
您需要创建IEndpointBehavior并将IClientMessageInspector添加到您的行为,然后将该行为添加到用于创建ChannelFactory的端点。
示例:
class MyEndpointBehavior : IEndpointBehavior
{
public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection bindingParameters)
{
}
public void ApplyClientBehavior(ServiceEndpoint endpoint, ClientRuntime clientRuntime)
{
clientRuntime.ClientMessageInspectors.Add(new MyMessageInspector());
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
{
}
public void Validate(ServiceEndpoint endpoint)
{
}
}
class MyMessageInspector : IClientMessageInspector
{
public void AfterReceiveReply(ref Message reply, object correlationState)
{
}
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
return null;
}
}
使用消息检查器:
var endpoint = new EndpointAddress("<your webservice uri>");
var binding = new BasicHttpBinding(); // Assume you are using HTTP binding
var channelFactory = new ChannelFactory<Soap>(binding, endpoint);
channelFactory.Endpoint.EndpointBehaviors.Add(new MyEndpointBehavior());
var client = channelFactory.CreateChannel();