.net 客户端使用 X509 证书和用户名/密码身份验证调用 JAX-WS Web 服务

【问题标题】:.net client invoke JAX-WS webservice with X509 certificate and username/password authentication.net 客户端使用 X509 证书和用户名/密码身份验证调用 JAX-WS Web 服务
【发布时间】:2012-08-29 07:52:43
【问题描述】:

我在从 .net 客户端使用 JAX-WS Webservice 时遇到问题。 我能够打开与 WS 的连接,但是当我尝试使用任何方法时,我得到了这个错误:

我得到的第一个错误是:

Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'amms.someDomain.com' but the remote endpoint provided DNS claim '*.someDomain.com'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity '*.someDomain.com' as the Identity property of EndpointAddress when creating channel proxy.

我的 app.config 看起来像:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
        <customBinding>
            <binding name="SrvPortBinding">
                <security defaultAlgorithmSuite="Basic128" authenticationMode="UserNameForCertificate"
                    requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
                    keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt"
                    messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
                    requireSignatureConfirmation="false">
                    <localClientSettings cacheCookies="true" detectReplays="true"
                        replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
                        replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
                        sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
                        timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
                    <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
                        maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
                        negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
                        sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
                        reconnectTransportOnFailure="true" maxPendingSessions="128"
                        maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
                    <secureConversationBootstrap />
                </security>
                <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
                    messageVersion="Soap11WSAddressing10" writeEncoding="utf-8">
                    <readerQuotas maxDepth="32" maxStringContentLength="98192" maxArrayLength="916384"
                        maxBytesPerRead="94096" maxNameTableCharCount="916384" />
                </textMessageEncoding>
                <httpsTransport manualAddressing="false" maxBufferPoolSize="9524288"
                    maxReceivedMessageSize="965536" allowCookies="false" authenticationScheme="Anonymous"
                    bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
                    keepAliveEnabled="true" maxBufferSize="965536" proxyAuthenticationScheme="Anonymous"
                    realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                    useDefaultWebProxy="true" requireClientCertificate="false" />
            </binding>
        </customBinding>
    </bindings>
    <client>
      <endpoint address="https://amms.someDomain.com:443/mmew1/Srv"
          binding="customBinding" bindingConfiguration="SrvPortBinding"
          contract="InfoMedica1.Srv" name="SrvPort" >

      </endpoint>            
    </client>
</system.serviceModel>

`

然后我改变了这个:

<client>
      <endpoint address="https://amms.someDomain.com:443/mmew1/Srv"
          binding="customBinding" bindingConfiguration="SrvPortBinding"
          contract="InfoMedica1.Srv" name="SrvPort" >

      </endpoint>            
    </client>

到:

<client>
      <endpoint address="https://amms.someDomain.com:443/mmew1/Srv"
          binding="customBinding" bindingConfiguration="SrvPortBinding"
          contract="InfoMedica1.Srv" name="SrvPort" >
        <identity>
          <dns value="*.someDomain.com"/>
        </identity>
      </endpoint>            
    </client>

现在我遇到了异常: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. 内部异常:Invalid Security Header

有没有人遇到这种错误并让它正常工作? 会因为*.someDomain.com 中的这个* 字符而发生此错误吗?

我检查了服务器和客户端的时间是一样的。在添加此 X509 和用户名/密码验证之前,Web 服务工作正常。

如果需要任何进一步的信息,请在 cmets 中询问:)

编辑:

当我尝试像这样禁用服务证书验证时:

<client>
      <endpoint address="https://amms.someDomain.com:443/mmew1/Srv"
          binding="customBinding" bindingConfiguration="SrvPortBinding"
          contract="InfoMedica1.Srv" name="SrvPort" behaviorConfiguration="DisableServiceCertificateValidation">
        <identity>
          <dns value="*.someDomain.com"/>
        </identity>
      </endpoint>            
    </client>

出现异常:

There is no endpoint behavior named 'DisableServiceCertificateValidation'

感谢您的提前:)

【问题讨论】:

  • 您是否尝试过使用“someDomain.com”?您是否尝试过使用“amms.someDomain.com”作为测试?您是否尝试过禁用证书安全检查作为测试?去这里看看答案:stackoverflow.com/questions/338385/…
  • 首先感谢您的帮助:) 是的,我尝试过使用someDomain.comamms.someDomain.com,但没有任何改变。我已经编辑了关于第三个问题的问题

标签: c# web-services app-config x509certificate webservice-client


【解决方案1】:

这是网络服务的问题。写它的人改变了一些不确定到底是什么但它开始起作用了:)

也许有人有类似的问题,所以这里是;)

感谢所有感兴趣的人的帮助;)

【讨论】:

    猜你喜欢
    • 2011-09-26
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2012-12-22
    • 2017-03-02
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode