情景
我有一个.NET客户端来访问Web服务。 该服务是一个Apache CXF Web服务。 用户名和密码验证是必需的。 我创建了代理。 我已经设置了证书。
MyServiceReference proxy = new MyServiceReference();
proxy.Credentials = new NetworkCredential("username", "password");
string res = proxy.Method1();
当我运行客户端,以下异常被抛出:
System.Web.Services.Protocols.SoapHeaderException: An error was discovered processing the <wsse:Security> header
服务发行商告诉我,凭据是不存在于SOAP头。 所以,我想这IWebProxy.Credentials是不成立的认证的正确方法。
题
所以,我怎么可以设置为验证所需的SOAP头?
最后我不得不调用服务创建整个SOAP消息,使一个HttpWebRequest 。 在SOAP消息中我手动指定安全标头:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
<wsse:UsernameToken wsu:Id='UsernameToken-1' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:Username>Foo</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>Bar</wsse:Password>
<wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>qM6iT8jkQalTDfg/TwBUmA==</wsse:Nonce>
<wsu:Created>2012-06-28T15:49:09.497Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
这里的服务客户端:
String Uri = "http://web.service.end.point"
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Uri);
req.Headers.Add("SOAPAction", "\"http://tempuri.org/Register\"");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";
String SoapMessage = "MySoapMessage, including envelope, header and body"
using (Stream stm = req.GetRequestStream())
{
using (StreamWriter stmw = new StreamWriter(stm))
{
stmw.Write(SoapMessage);
}
}
try
{
WebResponse response = req.GetResponse();
StreamReader sr = new StreamReader(response.GetResponseStream());
log.InfoFormat("SoapResponse: {0}", sr.ReadToEnd());
}
catch(Exception ex)
{
log.Error(Ex.ToString());
}
关于Web服务安全有趣的资源(WSS):
