All geek questions in one place

SOAP Service Client Generated Using the WSDL Signing Module Only

I have a client for a web service that I developed using a link to a Visual Studio service via WSDL. It is configured to sign requests with a certificate and can send requests to the service, however the service responds with a 400 - Bad Request error, as there is an additional signature in addition to the one I want, with several tags <Reference>that uses HMAC-SHA1 as its signature method. HMAC-SHA1 is not supported by the web service, and therefore the request is rejected. However, I don’t even want or need this other signature, and I’m not sure where it comes from. Below is my binding configuration:

<customBinding>
  <binding name="mainBinding">
    <security authenticationMode="MutualCertificate"
              allowSerializedSigningTokenOnReply="true"
              requireDerivedKeys="false"
              requireSignatureConfirmation="false"/>
    <httpsTransport />
  </binding>
</customBinding>

I also put ProtectionLevel = System.Net.Security.ProtectionLevel.Signas part ServiceContractAttribute.

? , ?

EDIT:

, . , , .

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1" u:Id="_1">[removed]</a:Action>
        <a:MessageID u:Id="_2">[removed]</a:MessageID>
        <a:ReplyTo u:Id="_3">
            <a:Address>[removed]</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1" u:Id="_4">[removed]</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="[removed]">
                <u:Created>2017-05-11T08:59:25.681Z</u:Created>
                <u:Expires>2017-05-11T09:04:25.681Z</u:Expires>
            </u:Timestamp>
            <e:EncryptedKey Id="[removed]" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                [removed]
            </e:EncryptedKey>
            <o:BinarySecurityToken u:Id="[removed]" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">[removed]</o:BinarySecurityToken>


            <Signature Id="_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                    <Reference URI="#_1">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>[removed]</DigestValue>
                    </Reference>
                    <Reference URI="#_2">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>[removed]</DigestValue>
                    </Reference>
                    <Reference URI="#_3">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>[removed]</DigestValue>
                    </Reference>
                    <Reference URI="#_4">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>[removed]</DigestValue>
                    </Reference>
                    <Reference URI="[removed]">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>[removed]</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>[removed]</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference URI="[removed]"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>


            <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
                <SignedInfo>
                    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <Reference URI="#_0">
                        <Transforms>
                            <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </Transforms>
                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <DigestValue>[removed]</DigestValue>
                    </Reference>
                </SignedInfo>
                <SignatureValue>[removed]</SignatureValue>
                <KeyInfo>
                    <o:SecurityTokenReference>
                        <o:Reference URI="[removed]"/>
                    </o:SecurityTokenReference>
                </KeyInfo>
            </Signature>
        </o:Security>
    </s:Header>
    <s:Body>
        [removed]
    </s:Body>
</s:Envelope>

2:

, . . .

+6
1

, , . , app.config, , HMAC-SHA1 AES, . app.config AsymmetricSecurity ( ). , RSA, AES, , , .

AsymmetricSecurityBindingElement asbe = new AsymmetricSecurityBindingElement
{
  MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10, // Or WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10 ?
  InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient },
  RecipientTokenParameters = new X509SecurityTokenParameters(),
  SecurityHeaderLayout = SecurityHeaderLayout.Strict,
  IncludeTimestamp = true,
  DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15,
  AllowSerializedSigningTokenOnReply = true
};
asbe.SetKeyDerivation(false); // What is it for?
asbe.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient });

CustomBinding binding = new CustomBinding();
binding.Elements.Add(asbe);
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
binding.Elements.Add(new HttpsTransportBindingElement
{
  MaxReceivedMessageSize = 1024 * 1024
});

Client.Endpoint.Binding = binding;
0

Source: https://habr.com/ru/post/1017131/

More articles:


All Articles