wse2.0發佈了,大家都來一起研究吧,我先來拋磚引玉:
調用webservice時有的時候安全性要求比較高,wse提供了客戶端證書來調用webservice,好我們就來看看怎麼弄。
調用webservice當然有客戶端和webservice端了,我們先來看看
客戶端:
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.X509;
1。// 在個人證書存儲區獲取證書
X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );
store.OpenRead()
//讀取證書的keyid
X509CertificateCollection certs = store.FindCertificateByKeyIdentifier( Convert.FromBase64String( keyIdentifier ) );
X509SecurityToken token = null;
if (certs.Count > 0)
{
// 得到證書存儲區的第一個個人證書
token = new X509SecurityToken( ((X509Certificate) certs[0]) );
}
2。//把token加入到soap中
ServiceWse serviceProxy = new ServiceWse(); //遠程webservice代理
serviceProxy.RequestSoapContext.Security.Tokens.Add( token );
serviceProxy.RequestSoapContext.Security.Elements.Add( new MessageSignature( token ) );
3。調用webservice的方法:
。。。和普通調用webservice的方法一樣,我這裏就不說了:)
WebService端:
1。配置web.config
在configuration節點下加:<configSections>
<section name="microsoft.web.services2" type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>表示引用的是wse2.0
在<system.web>下加:<webServices>
<soapExtensionTypes>
<add type="Microsoft.Web.Services2.WebServicesExtension, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0" />
</soapExtensionTypes>
</webServices>
在configuration節點下加:<microsoft.web.services2>
<security>
<x509 allowTestRoot="true" allowRevocationUrlRetrieval="false" verifyTrust="true" />
</security>
</microsoft.web.services2>
這個wse2.0中規定的xml節點。
2。驗證客戶端提交上來的證書
//獲取客戶端提交上來的證書
X509SecurityToken x509Token = GetSigningToken(RequestSoapContext.Current) as X509SecurityToken;
public SecurityToken GetSigningToken(SoapContext context)
{
foreach ( ISecurityElement element in context.Security.Elements )
{
if ( element is MessageSignature )
{
// The given context contains a Signature element.
MessageSignature sig = element as MessageSignature;
if (CheckSignature(context, sig))
{
// The SOAP Body is signed.
return sig.SigningToken;
}
}
}
return null;
}
//判斷證書是否合法
//根據證書的keyid來判斷
//這個就是證書的keyid,
x509Token.KeyIdentifier.Value
。。。
如果和你頒發的證書keyid不一致的話,你可以拋給他一個錯誤:
throw new SecurityFault(SecurityFault.FailedAuthenticationMessage, SecurityFault.FailedAuthenticationCode);
如果正確,執行webservice中的代碼。
注:轉自 http://www.cnblogs.com/elevenWolf/archive/2004/12/24/15932.html