C# CXF Web 服务的 .NET 客户端身份验证和 SOAP 凭据标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11263640/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
.NET client authentication and SOAP credential headers for a CXF web service
提问by Alberto De Caro
SCENARIO
设想
I have to access a web service with a .NET client. The service is an Apache CXF Web Service. Username and password authentication is required. I have created the proxy. I have set up the credential.
我必须使用 .NET 客户端访问 Web 服务。该服务是一个 Apache CXF Web 服务。需要用户名和密码认证。我已经创建了代理。我已经设置了凭据。
MyServiceReference proxy = new MyServiceReference();
proxy.Credentials = new NetworkCredential("username", "password");
string res = proxy.Method1();
When I run the client, the following exception is thrown:
当我运行客户端时,抛出以下异常:
System.Web.Services.Protocols.SoapHeaderException: An error was discovered processing the <wsse:Security> header
The service publisher told me that the credentials are not present in the SOAP headers. So, I guess that IWebProxy.Credentialsis not the correct way to set up the authentication.
服务发布者告诉我凭据不存在于 SOAP 标头中。所以,我猜IWebProxy.Credentials不是设置身份验证的正确方法。
QUESTION
题
So, how can I set up the SOAP header required for the authentication?
那么,如何设置身份验证所需的 SOAP 标头?
采纳答案by Alberto De Caro
Eventually I had to invoke the service creating the whole SOAP message and making an HttpWebRequest. In the SOAP message I manually specify the security header:
最终我不得不调用服务来创建整个 SOAP 消息并制作一个HttpWebRequest. 在 SOAP 消息中,我手动指定了安全标头:
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>
<wsse:UsernameToken wsu:Id='UsernameToken-1' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
<wsse:Username>Foo</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>Bar</wsse:Password>
<wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>qM6iT8jkQalTDfg/TwBUmA==</wsse:Nonce>
<wsu:Created>2012-06-28T15:49:09.497Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
And here the service client:
这里是服务客户端:
String Uri = "http://web.service.end.point"
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Uri);
req.Headers.Add("SOAPAction", "\"http://tempuri.org/Register\"");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";
String SoapMessage = "MySoapMessage, including envelope, header and body"
using (Stream stm = req.GetRequestStream())
{
using (StreamWriter stmw = new StreamWriter(stm))
{
stmw.Write(SoapMessage);
}
}
try
{
WebResponse response = req.GetResponse();
StreamReader sr = new StreamReader(response.GetResponseStream());
log.InfoFormat("SoapResponse: {0}", sr.ReadToEnd());
}
catch(Exception ex)
{
log.Error(Ex.ToString());
}
Interesting resources about Web Service Security (WSS):
关于 Web 服务安全 (WSS) 的有趣资源:
