问题描述
我有一个用C#编写的简单Web服务客户端,该客户端使用x.509证书身份验证连接到部署在Weblogic上的基于MTOM的基于Java的Web服务。
所有简单的请求都可以正常工作,我从Web服务获得了正确的响应,但是当我要接收带有基于MTOM的二进制附件的响应时,则会引发以下异常:
Unhandled Exception: System.ServiceModel.Security.MessageSecurityException: The signature verification Failed. Please see inner exception for fault details. ---> System.Security.Cryptography.CryptographicException: Digest verification Failed for Reference '#Body_50Qa3hJtTFc5taQf'.
at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id,Object resolvedXmlSource)
at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id,Object resolvedXmlSource)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo,String id,XmlDictionaryReader reader,Boolean doSoapAttributeChecks,MessagePartSpecification signatureParts,MessageHeaderInfo info,Boolean checkForTokensAtHeaders)
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo,Boolean checkForTokensAtHeaders)
at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ExecuteMessageProtectionPass(Boolean hasAtLeastOnesupportingTokenExpectedToBeSigned)
at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout,ChannelBinding channelBinding,ExtendedProtectionPolicy extendedProtectionPolicy)
at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader,Message& message,SecurityToken requiredSigningToken,TimeSpan timeout,SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.asymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message,String actor,SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message,SecurityProtocolCorrelationState[] correlationStates)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply,SecurityProtocolCorrelationState correlationState,TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message,TimeSpan timeout)
at System.ServiceModel.dispatcher.RequestChannelBinder.Request(Message message,TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,Boolean oneway,ProxyOperationRuntime operation,Object[] ins,Object[] outs,TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
我认为根本原因是用于计算服务器和客户端上的SOAP元素Body的签名的方法之间的差异。我知道Weblogic服务器正在以某种方式计算签名,其中整个附加的二进制内容均以Base64编码并内联到SOAP消息中。
但是我不知道C#中生成的代码如何在客户端计算签名。有什么方法可以在C#客户端上禁用签名验证吗?
我已经尝试使用IClientMessageInspector来调整响应,以将以Base64编码的二进制MTOM附件添加到消息的主体中,但是没有成功,看来生成的C#代码正在处理方法之前的签名验证。 IClientMessageInspector中的AfterReceiveReply()被执行。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)