How to create custom binding in WCF Client? I have WS-Policy
<wsp:Policy wsu:Id="SecurityServiceSignPolicy" xmlns:sp="http://ift.tt/1fUDI95">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://ift.tt/1fUDI95">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://ift.tt/1Gx93iB">
<wsp:Policy>
<sp:RequireIssuerSerialReference wsdl:required="true"/>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://ift.tt/1Gx93iB">
<wsp:Policy>
<sp:WssX509V1Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="http://ift.tt/1fUDI95">
<sp:Body/>
</sp:SignedParts>
<sp:Wss10 xmlns:sp="http://ift.tt/1fUDI95">
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
And i have Code C#
EndpointIdentity adresIdent = EndpointIdentity.CreateX509CertificateIdentity(CertificateServer);
EndpointAddress adress = new EndpointAddress(new Uri("http://ift.tt/1Gx94TI"), adresIdent, new AddressHeaderCollection());
ChannelFactory<AutoLogin> channel = null;
AutoLogin client = null;
MessageSecurityVersion securityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
SecurityBindingElement security = SecurityBindingElement.CreateMutualCertificateBindingElement(securityVersion);
security.SetKeyDerivation(false);
security.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
security.DefaultAlgorithmSuite = System.ServiceModel.Security.SecurityAlgorithmSuite.Basic128Sha256;
security.IncludeTimestamp = true;
security.AllowInsecureTransport = true;
security.SetKeyDerivation(false);
AsymmetricSecurityBindingElement asymmSec = security as AsymmetricSecurityBindingElement;
asymmSec.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
asymmSec.AllowSerializedSigningTokenOnReply = false;
var Initiator = new X509SecurityTokenParameters();
Initiator.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
Initiator.RequireDerivedKeys = false;
Initiator.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
var Recipient = new X509SecurityTokenParameters();
Recipient.RequireDerivedKeys = false;
Recipient.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
asymmSec.InitiatorTokenParameters = Initiator;
asymmSec.RecipientTokenParameters = Recipient;
asymmSec.IncludeTimestamp = true;
asymmSec.SecurityHeaderLayout = System.ServiceModel.Channels.SecurityHeaderLayout.Lax;
X509SecurityTokenParameters clientX509SupportingTokenParameters = new X509SecurityTokenParameters();
clientX509SupportingTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
clientX509SupportingTokenParameters.X509ReferenceStyle = X509KeyIdentifierClauseType.IssuerSerial;
clientX509SupportingTokenParameters.RequireDerivedKeys = false;
asymmSec.EndpointSupportingTokenParameters.Signed.Add(clientX509SupportingTokenParameters);
TextMessageEncodingBindingElement encoding = new TextMessageEncodingBindingElement();
encoding.MessageVersion = MessageVersion.Soap11;
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.RequireClientCertificate = true;
CustomBinding customBinding = new CustomBinding(security, encoding, transport);
channel = new ChannelFactory<AutoLogin>(customBinding, adress);
channel.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
channel.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.Offline;
channel.Credentials.ClientCertificate.Certificate = ClientCertificate;
channel.Credentials.ServiceCertificate.DefaultCertificate = ServerCertificate;
client = channel.CreateChannel();
try
{
var token = klient.login(new loginRequest(new zloginRequestBody(ClientCertificate.Subject)));
}
catch(MessageSecurityException messageSecurityException)
{
}
I have Fail :/
A security protocol can not verify the message coming Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security. Trace Identifier/Code http://ift.tt/1AUZIZR
I don't have access to web server configuration. Plz,help
Monika,
Aucun commentaire:
Enregistrer un commentaire