Plusieurs niveaux de protection ne fonctionnent pas dans WCF

Je suis confronté à un problème dans la partie sécurité de WCF.Plusieurs niveaux de protection ne fonctionnent pas dans WCF

Le problème est le suivant: le chiffrement partiel ne fonctionne pas pour la charge utile du message. Il crypte complètement la charge utile ou conserve non chiffré la charge utile entière lorsque je modifie ProtectionLevel sur les attributs MessageContract et MessageBodyMember. Par exemple, le chiffrement partiel ne fonctionne pas, je veux que l'étiquette racine de la charge utile (élément du corps du message) soit cryptée et le reste, c'est-à-dire que les éléments enfants de la balise racine soient cryptés. Ce comportement est requis pour le mappage enpoint des services Web de printemps sur le serveur.

Il s'agit d'un programme client Dot Net de Web Service développé en Java (Contract First WebService développé en Spring WS). Il utilise des certificats mutuels pour la sécurité.

J'utilise une liaison personnalisée, de messageSecurityVersion, WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10.

Je ne suis pas sûr si elle est liée au support WS-Addressing pour cette liaison.

Voici mon app.config

<?xml version="1.0" encoding="utf-8"?> 
<configuration> 
    <configSections> 
    <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > 
     <section name="DISClientLibTest.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" /> 
    </sectionGroup> 
    </configSections> 

    <system.diagnostics> 
    <sources> 
     <source name="System.ServiceModel.MessageLogging"> 
     <listeners> 
      <add name="messages" 
      type="System.Diagnostics.XmlWriterTraceListener" 
      initializeData="c:\logs\messages.svclog" /> 
     </listeners> 
     </source> 
    </sources> 
    </system.diagnostics> 

    <system.serviceModel> 
    <behaviors> 
     <endpointBehaviors> 
     <behavior name="DISEndPointBehaviour"> 
      <clientCredentials> 
      <clientCertificate storeLocation="LocalMachine" storeName="Root" 
           x509FindType="FindBySubjectName" findValue="d-i-s-partner"/> 
      <serviceCertificate> 
       <defaultCertificate storeLocation="LocalMachine" storeName="Root" 
            x509FindType="FindBySubjectName" findValue="dis"/> 
       <authentication certificateValidationMode="PeerOrChainTrust"/> 
      </serviceCertificate> 
      </clientCredentials> 
     </behavior> 

     </endpointBehaviors> 
    </behaviors> 

    <bindings> 
     <customBinding> 
     <binding name="DISMutualCertificateDuplexBinding"> 
      <!--<security authenticationMode="MutualCertificateDuplex"--> 
      <security authenticationMode="MutualCertificate" 
        includeTimestamp="false" 
        requireDerivedKeys="false" 
        keyEntropyMode="ClientEntropy" 
        messageProtectionOrder="EncryptBeforeSign" 
        messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"/> 
      <textMessageEncoding messageVersion="Soap11WSAddressing10"/> 
      <httpTransport manualAddressing="false"/> 
     </binding> 
     </customBinding> 

    </bindings> 
    <client> 
     <endpoint binding="customBinding" 
       bindingConfiguration="DISMutualCertificateDuplexBinding" 
       contract="DaDeskDataExchange" 
       name="DaDeskDataExchangeSoap11_DaDeskDataExchange" 
       address="http://192.168.0.27:8080/disweb/1.0/spring-ws/" 
       behaviorConfiguration="DISEndPointBehaviour"> 
     <identity> 
      <dns value="dis"/> 
     </identity> 
     <headers> 
      <wsse:UsernameToken 
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
      wsu:Id="UsernameToken-6" 
      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
      <wsse:Username>50001</wsse:Username> 
      <wsse:Password 
       Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password> 
      <wsse:Nonce 
       EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce> 
      <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created> 
      </wsse:UsernameToken> 
     </headers> 
     </endpoint> 
    </client> 
    <diagnostics> 
     <messageLogging logEntireMessage="true" 
         logMalformedMessages="true" 
         logMessagesAtTransportLevel="true" 
         logMessagesAtServiceLevel="true"/> 
    </diagnostics> 

    </system.serviceModel> 
</configuration>

Voici la classe proxy (seule la partie pertinente) générée par svcutil

[System.CodeDom.Compiler.GeneratedCodeAttribute("svcutil", "4.0.30319.1")] 
[System.SerializableAttribute()] 
[System.Diagnostics.DebuggerStepThroughAttribute()] 
[System.ComponentModel.DesignerCategoryAttribute("code")] 
[System.Xml.Serialization.XmlTypeAttribute(AnonymousType = true, Namespace = "http://www.dadesk.com/dis/schema")] 
// This is added for bypassing encryption 
[System.ServiceModel.MessageContract(ProtectionLevel = System.Net.Security.ProtectionLevel.None)] 
public partial class getActualInvoiceOutputRequest 
{ 

    // This is added for bypassing encryption 
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] 
    private string interfaceUniqueReferenceField; 

    // This is added for bypassing encryption 
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] 
    private string invoiceIdField; 

    // This is added for bypassing encryption 
    [System.ServiceModel.MessageBodyMember(ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign)] 
    private string daEventField; 

    /// <remarks/> 
    [System.Xml.Serialization.XmlElementAttribute(Order = 0)] 
    public string interfaceUniqueReference 
    { 
     get 
     { 
      return this.interfaceUniqueReferenceField; 
     } 
     set 
     { 
      this.interfaceUniqueReferenceField = value; 
     } 
    } 

    /// <remarks/> 
    [System.Xml.Serialization.XmlElementAttribute(Order = 1)] 
    public string invoiceId 
    { 
     get 
     { 
      return this.invoiceIdField; 
     } 
     set 
     { 
      this.invoiceIdField = value; 
     } 
    } 

    /// <remarks/> 
    [System.Xml.Serialization.XmlElementAttribute(Order = 2)] 
    public string daEvent 
    { 
     get 
     { 
      return this.daEventField; 
     } 
     set 
     { 
      this.daEventField = value; 
     } 
    } 
}

La requête SOAP attendue

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> 
<SOAP-ENV:Header> 
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> 
    <wsse:BinarySecurityToken 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
    ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
    wsu:Id="CertId-1BC7C7CC8C1DC237A312742702475786" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ== 
    </wsse:BinarySecurityToken> 
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
    Id="Signature-7"> 
    <ds:SignedInfo> 
    <ds:CanonicalizationMethod 
     Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
    <ds:Reference URI="#id-8"> 
     <ds:Transforms> 
     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
     </ds:Transforms> 
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
     <ds:DigestValue>O+wONgrnKflVXuIf/QqMIVPHICg=</ds:DigestValue> 
    </ds:Reference> 
    </ds:SignedInfo> 
    <ds:SignatureValue> 
    cPLtiHI8a3Ay7lCau0wosF7pakNPaOkFdmjC8osUqkUUECjQvSPCoVyWZldPxheWIEEM1qUAR7X2 
    1cOFNn2YUfTu9c3ElEgfRycDUTpcvF5hs37Er+ssR3QBKQ9Jmd76MHcc8LW12KNGGWZn/grUMhnR 
    uuOzSrfAtOHYK22wPvE= 
</ds:SignatureValue> 
    <ds:KeyInfo Id="KeyId-1BC7C7CC8C1DC237A312742702475787"> 
    <wsse:SecurityTokenReference 
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
     wsu:Id="STRId-1BC7C7CC8C1DC237A312742702475788" 
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
     <wsse:Reference URI="#CertId-1BC7C7CC8C1DC237A312742702475786" 
     ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> 
    </wsse:SecurityTokenReference> 
    </ds:KeyInfo> 
    </ds:Signature> 
    <wsse:UsernameToken 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    wsu:Id="UsernameToken-6" 
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
    <wsse:Username>115394</wsse:Username> 
    <wsse:Password 
    Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bmkWaU4qDZK7B/DPXqoHysN4LaQ=</wsse:Password> 
    <wsse:Nonce 
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">dvSBmtESEOGb96pQIZJZWw==</wsse:Nonce> 
    <wsu:Created>2010-05-19T11:57:24.561Z</wsu:Created> 
    </wsse:UsernameToken> 
    </wsse:Security> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    wsu:Id="id-8"> 
       <!---- I need the root tag un-encrypted--> 
    <getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema"> 
       <!---- I need the content encrypted--> 
    <interfaceUniqueReference>aasd</interfaceUniqueReference> 
    <invoiceId>-1</invoiceId> 
    <daEvent>1</daEvent> 
    </getActualInvoiceOutputRequest> 
</SOAP-ENV:Body> 
</SOAP-ENV:Envelope>

En le message SOAP ci-dessus, à l'intérieur du corps, j'ai besoin que le contenu de getActualInvoiceOutputRequest soit crypté, et ne veulent pas que getActualInvoiceOutputRequest soit chiffré. À l'heure actuelle, tout le contenu du corps est rendu chiffré.

J'ai suivi les directives données dans la page Web MSDN suivant http://msdn.microsoft.com/en-us/library/aa347692.aspx

Il met en garde contre la dépendance de WS-Addressing. Il a une déclaration, [Par exemple, la classe BasicHttpBinding ne prend pas en charge la spécification, ou si vous créez une liaison personnalisée qui ne prend pas en charge WS-Addressing.].

Je suspecte cette zone, le support WS-Addressing pour ma liaison personnalisée. Quelqu'un peut-il aider à ce sujet?

Merci, Shameer

Source

2010-08-18 Shameer Kunjumohamed

instructions de votre WS-Addressing, mais demande SOAP attendue liaison personnalisée ne l'utilise pas. J'ai peur que ce soit la partie où l'interopérabilité est brisée. Avez-vous WSDL pour le service qui décrit les paramètres de sécurité? Avez-vous aussi un exemple de requête SOAP qui utilise le cryptage?

Source

2010-08-18 09:03:41

Malheureusement, le wsdl ne décrit pas les paramètres de sécurité. Il peut être consulté ici .. http://83.111.89.230/disweb/1.0/spring-ws/DaDeskDataExchange/dataexchange.wsdl. Il s'agit d'une adresse IP publique. –

Et avez-vous un exemple de demande et réponse valide? Btw. vérifier mon message: http://stackoverflow.com/questions/3457378/web-service-interoperability-broken-by-developers-incompetence –

Comment puis-je ajouter un gros bloc de XMl ici? Il ne me permet pas d'ajouter plus de 600 caractères. Pouvez-vous conseiller? –

Voici l'exemple de requête SOAP qui utilise le niveau de cryptage approprié, qui est la requête SOAP attendue, générée par un client java.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
<SOAP-ENV:Header> 
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
SOAP-ENV:mustUnderstand="1"> 
<xenc:EncryptedKey Id="EncKeyId-B521E60EB6640CC36812821275442335" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> 
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<wsse:SecurityTokenReference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<ds:X509Data> 
<ds:X509IssuerSerial> 
<ds:X509IssuerName>CN=dis</ds:X509IssuerName> 
<ds:X509SerialNumber>1273126865</ds:X509SerialNumber> 
</ds:X509IssuerSerial> 
</ds:X509Data> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
<xenc:CipherData> 
<xenc:CipherValue>uVuKFUAyy7NvyMJuFgqB27nZ/uf1YCQLOjQJrOJN+iAiUGYBcIFYThpr+D2UK5l80HzWL8KUbbg8YcurjwOzuLM+DvuXbnsP3niFlFNipB0FTmnojD5t5J7xinRzfRzSVpSxxa/czOdFZTwyPclnUNFWEsWML8npQNOX2gir3Lk=</xenc:CipherValue> 
</xenc:CipherData> 
<xenc:ReferenceList> 
<xenc:DataReference URI="#EncDataId-4" /> 
</xenc:ReferenceList> 
</xenc:EncryptedKey> 
<wsse:BinarySecurityToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
wsu:Id="CertId-B521E60EB6640CC36812821275439461" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIIBoTCCAQqgAwIBAgIES+Jf0jANBgkqhkiG9w0BAQUFADAVMRMwEQYDVQQDEwpkaXNwYXJ0bmVyMB4XDTEwMDUwNjA2MjEwNloXDTM3MDkyMDA2MjEwNlowFTETMBEGA1UEAxMKZGlzcGFydG5lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiSzYcGY6SZvtyX/HzIT9zgzlf1/stzTo2WN2/zikebOY+K8pOfc8IU2vxsDp+b4Jc/KSMzZIocPejHhyRXKKuf36TckHclkZCpIil24gHZdARUQXRrm0izFwMkACEeHoTv6/35FjSiQpntBxbaTLmGZ4U93Pjuko2jlBheiFeq0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAepQ1pXeyveQCPRQSnjcJKnXBbLiPql+UeScmaqXBqBOrUGFRe8AX4PEh28qmomwWfdJ7abV1yShFvnAcZBP5gM6KrS1fZ2lCQu7sLyk8YW3zBLqs1Bm6bf4GTfywd2+mURJZuTwx/vqe2d5xNsfD9BOEJ6hlxzdzKlZR111O4IQ==</wsse:BinarySecurityToken> 
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
Id="Signature-2"> 
<ds:SignedInfo> 
<ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
<ds:Reference URI="#id-3"> 
<ds:Transforms> 
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
</ds:Transforms> 
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
<ds:DigestValue>cYtMaQuuiVAho+6m8lj66ZPLFJc=</ds:DigestValue> 
</ds:Reference> 
</ds:SignedInfo> 
<ds:SignatureValue> 
ccAZE+FRn2ads52Ma5FsoYPx8P3SBYqjRYSctTNUmcsDQEhHowOoTyhkW5IElo9r/GaGWL0EBfmC 
SyNBh/qtKA4YHxjradG2Mk2Bxv/aRGuxaCllYTTr1kr37vC1fYiWVI2QrjbGOvp0i/5RgLanl40k 
gkDxle9CxegVDdZkijI= 
</ds:SignatureValue> 
<ds:KeyInfo Id="KeyId-B521E60EB6640CC36812821275439532"> 
<wsse:SecurityTokenReference 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="STRId-B521E60EB6640CC36812821275439553" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Reference URI="#CertId-B521E60EB6640CC36812821275439461" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
</ds:Signature> 
<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="UsernameToken-1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Username>119136</wsse:Username> 
<wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">R3WWGSkNtmPztaSUbiyAWOcpwTM=</wsse:Password> 
<wsse:Nonce 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">pkJh0dN0yE8iIRe49T1bwg==</wsse:Nonce> 
<wsu:Created>2010-08-18T10:32:23.937Z</wsu:Created> 
</wsse:UsernameToken> 
</wsse:Security> 
</SOAP-ENV:Header> 
<SOAP-ENV:Body 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="id-3"> 
<getActualInvoiceOutputRequest xmlns="http://www.dadesk.com/dis/schema"> 
<xenc:EncryptedData Id="EncDataId-4" 
Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> 
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
<wsse:SecurityTokenReference 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<wsse:Reference URI="#EncKeyId-B521E60EB6640CC36812821275442335" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" /> 
</wsse:SecurityTokenReference> 
</ds:KeyInfo> 
<xenc:CipherData> 
<xenc:CipherValue>Qg9GlqcRgEi6EJACo/RxVYbUTdX2fnHUdrmdsXolHPFcigsuTMMwj0ST5DIXuh3C4nB738Acd8ez 
hKyZdDR2skNYIWHKGzM8wuT3wrjbZGAnXl78PtzjfNSyldmwm1cm4JxW2YH0QvtUq5e2exVOnkVT 
ojBtvxYSjQl2F/pK0uawD/m3RFFyqB3/lOWShYSLqW+H5h0d96FxIyVPb27z+mGK0xRXO9sh51ES 
4wHozKnQvSMBbokOPaHLMgyNBqkRvDX5bNvsvnpyjBT8trlaSQYE6l+zyqSIj8apu+HxpLM8g73f 
MPeGyzn28I078ZVe6vOzVPhXsSLMEUwtEHWjHIe49h6uGGLg2xd5pehbXxqDbw2/a1UipBOOjz4v 
5UYVoFtw7OjfONbPrrhqEkyg8zV2S4SPH6ItGKYLuiLNGV7XEXgc4dhyZ+qV/byJ/tqxuP2eNF6+ 
a2pp+jEQ8z0QCLZSnWicrbz3sbRHzM2CyZk=</xenc:CipherValue> 
</xenc:CipherData> 
</xenc:EncryptedData> 
</getActualInvoiceOutputRequest> 
</SOAP-ENV:Body> 
</SOAP-ENV:Envelope>

Et mon client Dotnet génère actuellement la demande suivante

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 
<s:Header> 
<a:Action s:mustUnderstand="1" u:Id="_3"></a:Action> 
<a:MessageID u:Id="_4">urn:uuid:cbfc787e-d759-41b6-a919-9aba6fbd4fe6</a:MessageID> 
<a:ReplyTo u:Id="_5"> 
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> 
</a:ReplyTo> 
<a:To s:mustUnderstand="1" u:Id="_6">http://192.168.0.27:8080/disweb/1.0/spring-ws/</a:To> 
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:BinarySecurityToken> 
<!-- Removed--> 
</o:BinarySecurityToken> 
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"></DigestMethod> 
</e:EncryptionMethod> 
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<o:SecurityTokenReference> 
<X509Data> 
<X509IssuerSerial> 
<X509IssuerName>CN=dis</X509IssuerName> 
<X509SerialNumber>1273126865</X509SerialNumber> 
</X509IssuerSerial> 
</X509Data> 
</o:SecurityTokenReference> 
</KeyInfo> 
<e:CipherData> 
<e:CipherValue>YYorbYHYP+AmYDttzFQ4BtlnmvQPZVbIZqy/VD5eQendMmhZXXEKNiv32BVAqBDwmmiXzHjjaPkWOfA4Q0iRG6XNvFzmxo6G2hc3WJ+6ZDW/8RFaCjEjtGNp9LezuDrIBjdfMXZOR63H809mB4wtDwamg6eIxn64UmXfwybbNw4=</e:CipherValue> 
</e:CipherData> 
</e:EncryptedKey> 
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> 
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod> 
<Reference URI="#_2"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>LGEAlgVrR38d/JwppXPW4KvY/K0=</DigestValue> 
</Reference> 
<Reference URI="#_3"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>a8T/6AHa4bBGUI0zRJY5m1I0kYo=</DigestValue> 
</Reference> 
<Reference URI="#_4"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>hv0eRU3IzGVmeDHlGzlHyzVChkM=</DigestValue> 
</Reference> 
<Reference URI="#_5"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue> 
</Reference> 
<Reference URI="#_6"> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> 
<DigestValue>wnN99C6DCmP7MaOlTJxf10Urf/k=</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue>e2kDwoGU0XrmkUqO1rpkKSwYDMe327XN0hTLSQtutm04BX7+JjxbO5EbmmgX3F/hdKFjUk5rDdWxu1AC1LRlAhwiZKqzhnMx05ixuGoAxmlTLnL+ItdLTomOaOHkf7b7KNZouZDuCNeE/VdiQBOEmCYw2XfoukZxvIqyA03YffY=</SignatureValue> 
<KeyInfo> 
<o:SecurityTokenReference> 
<o:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid-127196be-7cc5-47ce-abd2-90d000c4fa2b-2"></o:Reference> 
</o:SecurityTokenReference> 
</KeyInfo> 
</Signature> 
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
<e:DataReference URI="#_1"></e:DataReference> 
</e:ReferenceList> 
</o:Security> 
</s:Header> 
<s:Body u:Id="_2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
<e:EncryptedData Id="_1" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> 
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></e:EncryptionMethod> 
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
<o:Reference URI="#_0"></o:Reference> 
</o:SecurityTokenReference> 
</KeyInfo> 
<e:CipherData> 
<e:CipherValue>rPnwZV8JzRPPf7jAR6HCNRTvELt5caZbyyBzs1icNP+5HPmKxzPfROs8aq4Soi5+HfOpAsanW6IdA3o9m466WOM4jVorN7dx+8VCygsKfp79JtniFfH3Us9YlJsjgxljCM5QvH84ZkXc/+TJy+zVwpTm0t3mEB8h83gDA0ZOYkCXG8ksZhOwvj4aaLpDoBI+e/4usJ2XsW2oi2xF8sCFzV20X4S/IJlTyUHqeQcW5N8evXF0A8K64FfnoFARCe/Bkq2kmbclNRBmCZE+sJNTNxkYVlA6QufCPASgZJg35fwDveHTcQb19IqccGC51khQWV8L4gIhnJ2RSRzgsDjuzO8wGYTjoSBvm18hfHMywqdEyUCYX9bFEGcaBFMevD9mIu/B/ksh6nqkp30NGctReupdTFyrNcUn9Zqu/xlwU/uJws4LIk4G7ggjF4IrqjOu</e:CipherValue> 
</e:CipherData> 
</e:EncryptedData> 
</s:Body> 
</s:Envelope>

Source

2010-08-18 12:03:23

J'ai essayé d'utiliser vos contrats de message dans le service de test WCF et je n'ai pas réussi à le faire fonctionner même si j'ai utilisé WS-Addressing. Il chiffre toujours le corps entier. Je suggère de placer la même question sur le forum MSDN et si vous pouvez contacter le support MS. MSDN: http://social.msdn.microsoft.com/Forums/en-US/wcf/threads –

Merci beaucoup pour vos efforts. Je publierai bientôt sur les forums MSDN. –

Plusieurs niveaux de protection ne fonctionnent pas dans WCF

Répondre

Questions connexes