共 (2) 个答案

1. # 1 楼答案

   解决方案是不使用WCF。相反，我按照Http request to web service in java的思路创建了一个web请求

   我仍然没有在WCF中找到任何支持这种请求的东西

2. # 2 楼答案

   我是用wcf做的。 这对我使用WS-Security用户名令牌身份验证连接到webspheresslsoapweb服务起到了作用

   如果你能用。NET4。5+，并且服务器支持它，请确保避免使用默认tls1。0并使用tls。1.1或1.2

   ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
   
   
   private static ChannelFactory<IContract> MyCreateFactory(String serviceAddress, 
                                                                   String userName, 
                                                                   X509Certificate2 clientCertificate, 
                                                                   X509Certificate2 serviceCertificate, 
                                                                   Int32 sendTimeoutMinutes){
   
   // Custom Binding 
   var myBinding = new CustomBinding
   {
       SendTimeout = new TimeSpan(0, sendTimeoutMinutes, 0),
   };
   myBinding.Elements.Clear();
   
   // asymmetric security
   var mutual = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement();
   mutual.AllowInsecureTransport = true;
   mutual.AllowSerializedSigningTokenOnReply = true;
   mutual.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic128Rsa15;
   mutual.EnableUnsecuredResponse = true;
   mutual.IncludeTimestamp = false;
   mutual.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient };
   mutual.KeyEntropyMode = SecurityKeyEntropyMode.CombinedEntropy;
   mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
   mutual.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
   mutual.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.AlwaysToInitiator};
   mutual.RequireSignatureConfirmation = false;
   mutual.SecurityHeaderLayout = SecurityHeaderLayout.Lax;
   mutual.LocalClientSettings.IdentityVerifier = new MyIdentityVerifier();
   mutual.SetKeyDerivation(false);
   // Sets in header the certificate that signs the Username
   mutual.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
   mutual.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
   myBinding.Elements.Add(mutual);
   
   
   var httpsBindingElement = new HttpsTransportBindingElement { RequireClientCertificate = true };
   httpsBindingElement.ExtendedProtectionPolicy = new ExtendedProtectionPolicy(PolicyEnforcement.Never);
   myBinding.Elements.Add(httpsBindingElement);
   
   
   var factory = new ChannelFactory<IContract>(binding: myBinding, remoteAddress: serviceAddress);
   var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
   factory.Endpoint.Behaviors.Remove(defaultCredentials);
   
   var clientCredentials = new ClientCredentials();
   clientCredentials.UserName.UserName = userName;
   clientCredentials.ClientCertificate.Certificate = clientCertificate; 
   clientCredentials.ServiceCertificate.DefaultCertificate = serviceCertificate;
   clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
   clientCredentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
   
   factory.Endpoint.Behaviors.Add(clientCredentials);
   
   return factory;}