How to use a third-party web service https wsdl in C #

Question

How to use a third-party web service https wsdl in C #

In the SoapUI tool, I configured a .Jks file with outgoing WS-Security settings. The signature is a BinarySecurityToken, and the CanonicalizationMethod and SignatureMethod algorithm works fine.

Now I am trying to use C # code as below:

SprintApiService.QueryCsaPortTypeClient client = new QueryCsaPortTypeClient();

ClientCredentials ce = new ClientCredentials();
string fileName = Server.MapPath("");
fileName = fileName + "/test-01.pfx";
ce.ClientCertificate.Certificate = new X509Certificate2(fileName, "tag123");
var val = ce.ClientCertificate.Certificate.GetSerialNumber();
ce.ClientCertificate.SetCertificate("CN=jaitest-01, OU=TPA, OU=BMP, OU=Projects, O=Sprint, C=us", StoreLocation.CurrentUser, StoreName.TrustedPeople);

System.IdentityModel.Selectors.SecurityTokenManager sTokenMgr = ce.CreateSecurityTokenManager();
//var sTokenMgr = ce.CreateSecurityTokenManager();

But I could not succeed. I always get "Rejected by client (policy)", please help me.

This is an example of a request that is created in the SoapUI tool:

<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp wsu:Id="Timestamp-c55ce328-af36-4b0f-97d8-3bab57ee6a46" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2014-02-18T12:27:52Z</wsu:Created>
            <wsu:Expires>2014-02-18T12:32:52Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:BinarySecurityToken wsu:Id="SecurityToken-1da2e6b0-3a0d-4943-bcae-de0805d9c4c5" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDmTCCAwKgAwIBAgIERxqCLDANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGU3ByaW50MB4XDTExMDgwMjIwMDc0OVoXDTE4MDgwNDA0MDAwMFowYjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBlNwcmludDERMA8GA1UECxMIUHJvamVjdHMxDDAKBgNVBAsTA0JNUDEMMAoGA1UECxMDVFBBMRMwEQYDVQQDEwpzcHJpbnQtbXNvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG2yDWPQBNG9bjt+sVMzlaooX3jON7tOoqtIxPkXl7XCEvbzZpXL2tYtHXqxVfPo9h1weulbj0dE4LlVjlTjzW4upBI92StqDVYdzTLvZWie1fEslIThHDoX7paQpnrSew3TZ6fk4qVnF4h44J/rLnFt3jLEO6IyRhddganpoOowIDAQABo4IBnjCCAZowCwYDVR0PBAQDAgWgMCsGA1UdEAQkMCKADzIwMTEwODAyMjAwNzQ5WoEPMjAxODA4MDQwNDAwMDBaMBEGCWCGSAGG+EIBAQQEAwIFoDCB5AYDVR0fBIHcMIHZMDagNKAypDAwLjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBlNwcmludDEOMAwGA1UEAxMFQ1JMMjkwgZ6ggZuggZiGSmxkYXA6Ly9jYXg1MDAxLnNwcmludC5jb206Mzg5L289U3ByaW50LGM9VVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlhkpsZGFwOi8vY2F4NTAwMi5zcHJpbnQuY29tOjM4OS9vPVNwcmludCxjPVVTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTAfBgNVHSMEGDAWgBRFTY2yujBdccYEb58W/Dt7VY3NHzAdBgNVHQ4EFgQUzUEoNuQ9ummaIU8K6h28izpV2YUwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIDKDANBgkqhkiG9w0BAQUFAAOBgQCTDjwpnYdx9JZpBrIwm4qIF4tZmXCCUIBEcoER1oUw/NSdgbbRjpU5AxUR/aK1K3taa27HS+WBQYTeMw+Y/LFhp8m+UjHBx/O1kfk4JAz201Kk0HeGgFvt9sscLfK8YD0aavdDJ6Z0rMpHBlcv8VQ7P+1zqJLay3TY+atl9wuD/Q==</wsse:BinarySecurityToken>
         <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
               <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <Reference URI="#Timestamp-c55ce328-af36-4b0f-97d8-3bab57ee6a46">
                  <Transforms>
                     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <DigestValue>8H8usvOvRYPwOKHVHdOXO6Y3Cz4=</DigestValue>
               </Reference>
               <Reference URI="#Body-db900962-5b93-4a49-a70a-a1745bed8255">
                  <Transforms>
                     <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </Transforms>
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <DigestValue>54u/0PxaY+S7RigxrisF2Chnplc=</DigestValue>
               </Reference>
            </SignedInfo>
            <SignatureValue>HC10RHq8lweC1KLGAzw1pxjju5LbWASn5GUCxane36DqUxaXQQnBrF0fyBkpI70H+ncrYaO00sxVd1QWnLfYxzl/YEWfHus/qObmFckRnNsEnx9MV5ejHhntbXdzIc9RFbXoFGPcoEGAsKoUbeOi7UWKbofzATG6VMlKhLFz01k=</SignatureValue>
            <KeyInfo>
               <wsse:SecurityTokenReference xmlns="">
                  <wsse:Reference URI="#SecurityToken-1da2e6b0-3a0d-4943-bcae-de0805d9c4c5" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
               </wsse:SecurityTokenReference>
            </KeyInfo>
         </Signature>
</wsse:Security>

Thank...

+2

wsdl web-services https ssl-certificate public-key-encryption

JaiSankarN Feb 18 '14 at 17:34

source share

1 answer

JaiSankarN · Accepted Answer · 2014-03-21T13:48:31+0000

, , , / . Just Recap: - ( Java) X509 SecurityToken Https, .NET.
, , WSE 2.0/WSE 3.0 ( -) WCF. WSE 2.0, , " WSE464: . , try..catch XML.

, (.pfx)

Microsoft Management Console (MMC) mmc → Enter . → / → → "" → " " → → "".

     b. Select Trusted Root Certification → Expand it → Select Certificate → Right click on           
         Certificate → Select All Tasks → Import → Select your Certificate location and finish the  
          wizard process

2 ( )
Microsoft WSE ( -) 2.0 SP3/WSE 3.0 . WSE 2.0/3.0 .NET Framework 2.0. http://www.microsoft.com/en-in/download/details.aspx?id=23689

- Visual Studio → → → → - → WSDL URL → "" ( ) → , → - " " → → → "" → "" \Microsoft WSE\v2.0\→ "Microsoft.Web.Services2.dll" → "" Proxy/Stubbed → Reference.cs -, , . → Reference.cs "System.Web.Services.Protocols.SoapHttpClientProtocol" "WebServicesClientProtocol"

    protected void Page_Load(object sender, EventArgs e)
    {
        private static string ClientBase64KeyId = "XPaTfx6Lx8dV/oh6ebOeOo4Xdummy";
        MyService myClient = new MyService();
        try
        {
           SecurityToken signingToken = GetClientToken(false);
           //Get the SoapContext for the SOAP request.
           SoapContext requestContext = client.RequestSoapContext;

           // Expire this message one minute after it is sent.
           requestContext.Security.Timestamp.TtlInSeconds = 3600;

            // Add the X509 certificate to the WS-Security header.
            requestContext.Security.Tokens.Add(signingToken);

            MessageSignature sig = new MessageSignature(signingToken);

            requestContext.Security.Elements.Add(sig);

            RequestClass request = new RequestClass();
            request.Name ="";
            ResponceClass  responce  = myClient.QueryCsa(request);
        }
        catch(Exception ex)
        {
           lblResultMessage.Text = ex.Message;
        }


    public static X509SecurityToken GetClientToken(bool selectFromList)
    {
        X509SecurityToken token = null;

        // Open the CurrentUser Certificate Store and try MyStore only
        X509CertificateStore store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
        if (selectFromList)
        {
            //token = RetrieveTokenFromDialog(store);
        }
        else
        {
            token = RetrieveTokenFromStore(store, ClientBase64KeyId);
        }

        return token;
    }

   private static X509SecurityToken RetrieveTokenFromStore(X509CertificateStore store, string keyIdentifier)
    {
        if (store == null)
            throw new ArgumentNullException("store");

        X509SecurityToken token = null;

        try
        {
            if (store.OpenRead())
            {
                // Place the key ID of the certificate in a byte array
                // This KeyID represents the Wse2Quickstart certificate included with the WSE 2.0 Quickstarts
                // ClientBase64KeyId is defined in the ClientBase.AppBase class
                Microsoft.Web.Services2.Security.X509.X509CertificateCollection certs = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(keyIdentifier));

                if (certs.Count > 0)
                {

                    if (!certs[0].SupportsDigitalSignature ||
                (certs[0].Key == null))
                    {
                        //MessageBox.Show(
                        //    "The certificate must support digital " +
                        //    "signatures and have a private key available.");
                        //securityToken = null;
                    }
                    // Get the first certificate in the collection
                    token = new X509SecurityToken(((Microsoft.Web.Services2.Security.X509.X509Certificate)certs[0]));
                }
            }
        }
        finally
        {
            if (store != null)
                store.Close();
        }

        return token;
    }

}

ClientBase64KeyId X509 Certficate Tool.
→ → Microsoft WSE 2.0 → X509 → - → - → " ", , MMC. Key Identifier (Based64 Encoded) . - Asp.Net, , " " .
70% . , ... , . , X509, , (), , , . , WSE 2.0 Tool, , chumma:) . → → Microsoft WSE 2.0 → → → → Web.config
= >
, = > :) .
= > . 1. . 2. →
it/ → → (Secure Client
) → ( ) → → ( : X509) → → → → → →
TokenIssuing = >
= >
→ → :)
policyCache.config, Web.config. URL- HTTPS.

WSE 2.0. , , . WCF ... ....

:) :) JaiSankar

How to use a third-party web service https wsdl in C #

More articles: