问题描述
我需要致电对格式有严格要求的 java/Oracle 合作伙伴。
我的请求应该是这样的: sample request
但它实际上是这样的: my request
由于某种原因,BinarySecurityToken 重复了。
我的自定义绑定:
UPLVaccinatieGegevensClient client = new UPLVaccinatieGegevensClient(GetBinding(),new EndpointAddress(new Uri("https://...."),EndpointIdentity.CreatednsIdentity("...")));
client.ClientCredentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,System.Security.Cryptography.X509Certificates.StoreName.My,System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint,"...");
client.ClientCredentials.ServiceCertificate.SetDefaultCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,"...");
var vs = client.Endpoint.EndpointBehaviors.FirstOrDefault((i) => i.GetType().Namespace == "Microsoft.VisualStudio.Diagnostics.ServiceModelSink");
if (vs != null)
{
client.Endpoint.Behaviors.Remove(vs);
}
client.Endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
//UPLVaccinatieGegevensClient client = new UPLVaccinatieGegevensClient("UPLVaccinatieGegevens1");
var request = GetRequest();
var response = client.GetAanLeverenVaccinatieGegevens(request);
}
private static CustomBinding GetBinding()
{
var messageSecurity = new asymmetricSecurityBindingElement
{
MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10,InitiatorTokenParameters = new X509SecurityTokenParameters
{
InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient,ReferenceStyle = SecurityTokenReferenceStyle.External,X509ReferenceStyle = X509KeyIdentifierClauseType.RawDataKeyIdentifier,requirederivedKeys = false
},RecipientTokenParameters = new X509SecurityTokenParameters
{
InclusionMode = SecurityTokenInclusionMode.Never,X509ReferenceStyle = X509KeyIdentifierClauseType.Any,};
messageSecurity.EnableunsecuredResponse = true;
messageSecurity.IncludeTimestamp = true;
messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.LaxTimestampFirst;
messageSecurity.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256;
messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
messageSecurity.SetKeyDerivation(false);
messageSecurity.EndpointSupportingTokenParameters.Signed.Add(messageSecurity.InitiatorTokenParameters);
messageSecurity.LocalClientSettings.TimestampValidityDuration = new TimeSpan(0,1,0);
HttpsTransportBindingElement elem = new HttpsTransportBindingElement { RequireClientCertificate = true };
CustomBinding binding = new CustomBinding(messageSecurity,new TextMessageEncodingBindingElement(MessageVersion.soap11,Encoding.UTF8),elem);
return binding;
}
我错过了什么?
解决方法
似乎是在 X509SecurityTokenParameters.InclusionMode 设置为 SecurityTokenInclusionMode 以外的任何其他令牌时添加了额外的令牌。Never 在 InitiatorTokenParameters、RecipientTokenParameters 或 EndpointSupportingTokenParameters.Signed 上。
您可以尝试将 InclusionMode 的值设置为 SecurityTokenInclusionMode.Never:
InclusionMode = SecurityTokenInclusionMode.Never