下面的.net console application,添加System.ServiceModel.dll程序集引用即可,不需要配置文件。

/*
===SET CERT===
makecert.exe -a sha1 -n CN=MyService.com -sr LocalMachine -ss My -sky exchange -sk MyService
certmgr.exe -add -c -n MyService.com -s -r localMachine My -s -r localMachine TrustedPeople
makecert.exe -a sha1 -n CN=MyClient.com -sr LocalMachine -ss My -sky exchange -sk MyClient
certmgr.exe -add -c -n MyClient.com -s -r localMachine My -s -r localMachine TrustedPeople ===CLEAN CERT===
certmgr.exe -del -c -n MyService.com -r localmachine -s My
certmgr.exe -del -c -n MyService.com -r localmachine -s TrustedPeople
certmgr.exe -del -c -n MyClient.com -r localmachine -s My
certmgr.exe -del -c -n MyClient.com -r localmachine -s TrustedPeople */
using System;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
using System.Security.Cryptography.X509Certificates;
[ServiceContract]
interface ISomeContract
{[OperationContract]string SomeOperation(int i);
}
class SomeService : ISomeContract
{string ISomeContract.SomeOperation(int i){Console.WriteLine("SomeOperation:" + i);return i.ToString("X");}static void Main(){using (ServiceHost sh = new ServiceHost(typeof(SomeService), new Uri("http://localhost:8000"))){WS2007HttpBinding b = new WS2007HttpBinding(SecurityMode.Message);b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;b.Security.Message.NegotiateServiceCredential = false;b.Security.Message.EstablishSecurityContext = false;sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My, X509FindType.FindBySubjectName, "MyService.com");sh.Credentials.ClientCertificate.Authentication.CertificateValidationMode =X509CertificateValidationMode.PeerOrChainTrust;sh.AddServiceEndpoint(typeof(ISomeContract), b, "");ServiceMetadataBehavior smb = new ServiceMetadataBehavior() { HttpGetEnabled = true };sh.Description.Behaviors.Add(smb);sh.Open();Console.Write("Service started, press any key to start client...");Console.ReadLine();ChannelFactory<ISomeContract> cf = new ChannelFactory<ISomeContract>(b,new EndpointAddress(new Uri("http://localhost:8000"),EndpointIdentity.CreateDnsIdentity("MyService.com")));cf.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,StoreName.My, X509FindType.FindBySubjectName, "MyClient.com");cf.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine,StoreName.TrustedPeople, X509FindType.FindBySubjectName, "MyService.com");//cf.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri("http://localhost:8001")));ISomeContract sc = cf.CreateChannel();using (sc as IDisposable){Console.WriteLine("Client:" + sc.SomeOperation(15));}Console.Write("Press any key to end...");Console.ReadLine();}}
}

对代码不太理解没关系,现在重点是SOAP message,去掉代码中唯一的单行注释,run,使用tcpTrace或其它工具来查看:

(本来想兴致勃勃的写一篇,当看到血淋淋的SOAP msg/WSDL,并且要分析,太TM累了,没老赵那份闲心,打退堂鼓,闪人,有兴趣的同学推荐阅读WS-SecurityPolicy Examples)

8月26日:既然标题是感性认识,那还是把SOAP消息,WSDL贴出来感性下,不解释(其实是无法解释,真要解释,那得写个长长的系列,从XML Signature到WS-Security到SAML到WS-Trust到深入剖析WCF到……,没那闲心,再说我是半罐水,没那本事:)

client request SOAP msg

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1" u:Id="_5">http://tempuri.org/ISomeContract/SomeOperation</a:Action><a:MessageID u:Id="_6">urn:uuid:7facce06-0318-4add-842e-d883f150ca5e</a:MessageID><a:ReplyTo u:Id="_7"><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><a:To s:mustUnderstand="1" u:Id="_8">http://localhost:8000/</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-2"><u:Created>2010-08-25T16:04:30.452Z</u:Created><u:Expires>2010-08-25T16:09:30.452Z</u:Expires></u:Timestamp><e:EncryptedKey Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/></e:EncryptionMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Jw8IjGZ1i0ib2rthgjUV/vuD6EU=</o:KeyIdentifier></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>qIkV9XsDQMAVYlwUqONf6gyzm3+8DEVuWB1J+4sHUs5xWRWUTlrBQvFK6u9rIG1aBlHSDOvjHdLwsz0BS3NvigemqTPu+r+AOqmL5/kWIZ/kx+d93YEMmbxu5mImwZ7Ep4tNrTU2ki/weAjdW9MidC/iysdPZ1KO1MysANB74tw=</e:CipherValue></e:CipherData></e:EncryptedKey><sc:DerivedKeyToken u:Id="_0" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1"/></o:SecurityTokenReference><sc:Offset>0</sc:Offset><sc:Length>24</sc:Length><sc:Nonce>b8iYHNwm6G9y1/hPjBx+xA==</sc:Nonce></sc:DerivedKeyToken><sc:DerivedKeyToken u:Id="_2" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1"/></o:SecurityTokenReference><sc:Nonce>4Tx9T//CwTucEi1tMXokAQ==</sc:Nonce></sc:DerivedKeyToken><e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:DataReference URI="#_4"/><e:DataReference URI="#_9"/><e:DataReference URI="#_10"/></e:ReferenceList><o:BinarySecurityToken u:Id="uuid-e5446b3d-948c-4a0e-a854-f79c901c22d6-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIBtDCCAWKgAwIBAgIQGwo/zn33qJJCf6CBuEubRDAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEwMDgyNTEwMTUyOVoXDTM5MTIzMTIzNTk1OVowFzEVMBMGA1UEAxMMTXlDbGllbnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOITMfevwaVli/spLmgfHi18zroNWB86rk0xza4tAcABCVo2GS+aIw0mvXBttcuHdchdo5KcNn+9uR/U+q6R7krpsPEImjcDsTNzq3DAktf8O0npfQHM0zcFXMz33ZDXeaL0DS6buN8Pf5baiTF2NnkrkzcyYhLoMQwU7ImBzDowIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBAApURIsbCshaDNsGUSTc6nPCG7q2kAgiKOfKMEzOQ/MKOV/209igBPta92Xd0dsb82C8Vj72J5udmfz4oqwKSWE=</o:BinarySecurityToken><e:EncryptedData Id="_9" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>OeIsMR3fqltIi+IAObx1i932EXNJkcv/KdQOMKYhgzv1IiSdh4sXOoPHBOO6sTCkxB0x7OqDVdCN+V9+IR+TYr3dF1H11vDazBxwMTnNvj5zeAEQY/IY1TbDawT9+w0saSJsK0ZGTmAp3DqyWGK9pJrShVLRYUokRolkzIQbideARgqab2pjHFkZNMHGgrCQ/HuB712a4RCxGk9DlMzsSe8bl4066wuhQGDtuJrV9kV+U+1GHNu9udo/iWxoiiyJ43h78EyJSTcNhgazAXaLhwfUqR02TsRPRty3+I2HvYbgqr33Y/T3Samwh9GSmVObeKhNOvCIXFEwkHOtweHcvFpFOkJmH+hExQxMeJ/G5T3v24RItL9w6u2NZ+rv7iveu1rECvcbxuvcLQH0oxGLwhZMXN2JGSEMb+CgjQw5g2VbcBRKlEf9YrdD92uAiRH8Vp9p3KrZTK+LzkTxMgeGc4rqkzJ5Lq73Ofx3uQy8rq4p2PigykXGPo0LmoCVecWHexsP9mpjgP87pVm5TBkh12Lrn6Y6cf2b1D3/7JtGou2yFpm22QxDMMM4oDBLbT3IoCL1QXM3csByzzst7TrmZKLjJCTAJgeRaQTZmcMJL22M9iL797l553HcjrGLdacoUd5Wtsu2o4wGs2sTnLs/Y4GjTD34A+KGrltVUdf0MdjX0RmYsonJoSdxFanMRlGtnUlpwvFMvCPdl4fT6XpkqjTSkJQKzYbTncNBXGk5o8nH1tXYLE1lfx3yKsbtAjFHsbYBYqoOKK9Qrka+15HqLGO1uBY4ThFNUvFVYJH42jXLF4dGjbAhtlt2NJSSmNp3tWP02V+cQv2KVCs3Qnlq8NuV4O8NVUOfScUhj4vKQ5AEdW+vq5gy7NKVQrJlzg4/LJDm8Ukrfieth+lIKx5qFj4CemjPTbtL+LqMrOHP6Oz906t4xgbT8zYCe0aGwWK5NtZyVFztHHu4AFjsYoVvKKZWhcwpDXFtgdjpmtC294xCcbbOPoboRhpQRL4lqvD+nsUIOX1h2WLatLEOyIQaPg8wkULbMZxu1XmkF8mNIxYqm+TviD0AIHIPvq2WB1VtWiF4ImcF7NlCItlrAK0H1RkJKlC410oCEYd2sroRjtXQUqTzS/TG7EGVmFlRNj6N9yRh/yEdVIPRaN19PQASqJm7eJFXqUitCTB4BZEAVNw3keHJJa4rxjzH3QwvhL1Qimuewa07f5Aim2V+U8SF5eBT6RbQzK2iZie1X4921dGsgZr93A2HirIh+WieUvPStN6xD859dz+OKDKbiBHmuQz/Q4/hWSFF6igU0pJ+LgJJYDxVC4xJo2XhTVoplT8iKHlK9Dudrid674GF3AVUp7jkuoOjNHd2D+1NWJFaHff0TiUc5iXA+DwceOScZUPrB9K5GifD4exxM3s2gWm4n4s/HD80oJOqTUOTKIHeVIs1CFubj4LF7ZCq39sXtI4YO5GjxTio4W7pC8NtY7V7VR6Vm60ikYMErww3FfqAia0crEfRm0vOiNU3bfItXPDGJCbzYn+XRWjvcfD3qzklfpkxMzJiCLCdeXtGM1m0EX9MXscafH6PJTbN1e44fxbEYDLbqy4rQ9pXAdmEW8etT/hrnVVMwNBSTBAnSwJRlGVmXGCP2VCY90sdkStpdQXWqKx+HrLgfHbX+IWANgNhFWlgMD3ju7yg04NrOVhGT4dFfBZ/BqLmJJZ7DgRLG9ikcbRadUnUPpN4U4VxQRI/L9CXOPTZVusG9U9B8SSZTYKS3LnEOKhz/af9B+ou2Gr04hEO5E4+1PBO7tZw+sz5NB5XiNij6KyWnpVSD9xKIJm7TxRACd80DWMsunc0LCAtHl9q9eUcyRHi51ZP8hXBuaJAss91W5rFFjuq3PoYu+iK3Bct0O847fALUIThRt44MXvJkw0n4BWayoPOa0Mah4tNEmTMY+20JoaPBeme4ZWlvTWIMoquOjEWx0DqWn66XYkjDXeFXn7atS5fj+Al9XWy1I7VnmFCsK7Wg2haGay4O3nkuAoQqQqM0bJnnxjEakpOjjOxBX1XVHLR+A8E3FZGPvKLUG6T2dIXz/YHIAH9vgElNIxQNJDgroLrM3Zq+jAz7I9bZV3KVmopsQP9FGJSXIXL9zb+N5M2lPmt6VJO4VrzexLzy5bPGZjoiZ8ToCdiB5AELsE94O54Ui0V0W7MIJQ1nWBPMWeNDRhb8/IYS5QPCNVi1b0a3MOdMBQBQ+9mV7qubmH+jPssmrIPmUTDhr9HTj5wFCc5Kgb+3TkPOtR/BjukghiJC+D91jE40TYZXX8RUbybTefnNUAZoOiDAV5qzyBSolNji5p5jBhdnoXYN5DD7xNyzjl9jNp9v4cvFvnalDD0+VZzgyUFcs697D0Q1YXlp4rr2Q/tABFlwAlLSJ5xj9YulPQ6AYiZWij/5zkWPlta/FWipWVSRWLOXdpJwk83WHwzE1jmwFY2ufIIkI1q4bSUfVdf5qRkeNftDeri4MMLJbBYDd96tfwCqlTuGOrKvdjeXbjUroeLLyQJ+zfKDROjIgAc+IR68DodhxR22Ajp+8EV/J1zDMGISVHvhpoc4F5xVkl3WIz4Rrsrkw8I1fpuiIZNuhXuM5PhYZa/HCKTu3gQWlSsLI2HGXtuwQn4mUiDDov24gv+jqFJisGYNHTesjtg9heZzwTBa0gW9S/BxHA/m2YDI5l2Us5FvYfBAp/PHlzPVzyzOqQgb0gjfZ3BHyB42uNibUgz2qtrXnUGBV+WUP1rCqaCqaAyKBsxfbgN7gM0iwg=</e:CipherValue></e:CipherData></e:EncryptedData><e:EncryptedData Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>SObswo46El3WH+dQXbtNbG2g48i+5YDCOwHoTasO67gCntuZkR1DQ3TpsrsPzYjlVvQMQYijeOWzWIdHLwM6gYfwxYSwDh227GAHwRlj1Sj0UGB467OnGAuSd1uw0cZsIyMPna1dDKB3DXsm5Zaw9Dv/icToqdE6l75B21xdEnDBgbnOfV0W/C6O8W0dz+W2y5Zyrau7WnI05NnJFyCIiGo3eNPPJ90Wt7isTr7sUnjYw4Kvm9FbSfgK01QlW21ZQoS9zrDIzRoKpOKF38ONx6GAiRJas63kcEl3PBq9Kg0UdQYH2NjrEFPurTfBdVoXCURH9XMMVKt3AHvOj5nVvFBwi5KITZaZzm6lGf7OpleL2d5osoeFpugRQkCej29e+pJUB4CSwiU3nR7F5Ffb4dtIuMtEvLoSw4yGV/xt5O9nyOMvdSzr8a7VWawkRRvnLwLC3vRlah1kll7Vm1sgDwRvVBPQWKvaBV+gqY5bIgZAHnKOeK5A9HNDKyWnRlgTT3Av2/7ubcly6mcLwhwzjUubi7/o8sUGxcLtWQTmPFtI3o6k+IkwwUPJDkxuS1nxmjxKA2tSMBw80Iu3ZNstjVapmNxZrJmEhdyfDz2Vv8YpyMY5rUuNkS3u2ByrG+uT8a3v/ekHEMz6w3KPhtp1prmffOQIAvIyAKKGCnOATcLkLlJrWbhsSGsX385fIeQs1AF0WF14JdxnRJS8cGILQnjxzCm9SS3I+qM2ohjC7Q9htLgT9ABMt0S0v2thNkfrnzXzZr4agESFgU/Fsmm69SsPXvjefZyGAHPPl5fEESu4C+lvf7USWqG/8Y5plXvPAfuZn257sE+5tQEx5h+mS+K1/CPif/U3/uyasL165XTMmMPkJb/5L42v4Qsflaj5c3WEl+BEIjn+Zqq+B5K/U7viYrMttPARhQry7useNfKZdLr645phvDt1vhZNQraW2jSJ9LX+acXdkrW72apWtdoMlEke66FsPPWVHw/CnqmRZ6hLJ4UjwWA+t+Qx22ub8eYpFXtRxcfLuVnDKZz5TAajqzoiMXSeSr8OYYPm0JW4eCQaWTmSlCQ/z3UvAH0308wBQRpKXi4W1Y4LVfxcY9kUwRQuxKGU+6vFE+PrcCJg4z6GxSoElDxllMECKuu+XRUcTY8YyDd2iYg7Igl6tA35YwHTyrAqGeXbsIPslDlQ/1wtAprrOgR/24W9a/QBOmrMiwohKzFF4Pn06wu8z2t0gGEV2oibeRrd7Ga+4YNcFjPq3RX6R0T4kmp/R7YXY0rYYUW6LSVfG9lt8ZmkrdD3bwFizO7xcghrs42Ac0ZcTBFF/jkpoRPKvin+lnNgP/uN1QN0+aKa3pp+y0Hr5h5VU5JuJnRriIG/jlT+MEg=</e:CipherValue></e:CipherData></e:EncryptedData></o:Security></s:Header><s:Body u:Id="_3"><e:EncryptedData Id="_4" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>bFaKXbJWXpX2c34J8E/JBSasfom4fMX7Zr3mysTKL92WJ7dLHmu0cG0gb+ICF/YtOZj2kB1RSCNkV4vHrDBPfU/Ke294+4kOOqZacYfayaE2aDrH1UMBOYebNHtvNVGH</e:CipherValue></e:CipherData></e:EncryptedData></s:Body>
</s:Envelope>

service response SOAP msg

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1" u:Id="_6">http://tempuri.org/ISomeContract/SomeOperationResponse</a:Action><a:RelatesTo u:Id="_7">urn:uuid:7facce06-0318-4add-842e-d883f150ca5e</a:RelatesTo><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-7"><u:Created>2010-08-25T16:04:31.063Z</u:Created><u:Expires>2010-08-25T16:09:31.063Z</u:Expires></u:Timestamp><sc:DerivedKeyToken u:Id="_0" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">So9bbUZ//6FShYKoT4RWSNJXx5U=</o:KeyIdentifier></o:SecurityTokenReference><sc:Offset>0</sc:Offset><sc:Length>24</sc:Length><sc:Nonce>JRAkR4cW1AgvXffkm/zqiQ==</sc:Nonce></sc:DerivedKeyToken><sc:DerivedKeyToken u:Id="_3" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"><o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">So9bbUZ//6FShYKoT4RWSNJXx5U=</o:KeyIdentifier></o:SecurityTokenReference><sc:Nonce>RzAQKnDPSui8uVrNmZI3/A==</sc:Nonce></sc:DerivedKeyToken><e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:DataReference URI="#_5"/><e:DataReference URI="#_8"/><e:DataReference URI="#_9"/><e:DataReference URI="#_10"/></e:ReferenceList><e:EncryptedData Id="_9" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>FQEzq6iOj1YZikI2Yvy6cZjYiMBNoWLumMtn1l5ZHr3CqMNAxygPhwLDZ4yFGpnu9LbFf5t5cNj1cXx81dVXdz6o17o1XX260u52/SPnN9ld8TBJm9kQItQxVEhrU7mVqJUO7lA/pCf36cGVXX+ZlTCzRUOJN97I391oREMUJoyFQvDNpHetSzmuvzUmJYbE7KACUZiuESdcmXFcF+YToY2C2pS0eQWURkzzq/j+tVVMNZ97MtXV+p3KOfsKHf2N5q66bf9jqcsuOPTBL7ADQVZ9vtHwxioPtB5JSUn7RhFIr9LF8z6q01wmG2LhrCOW+R8tWyXfiKrmvAXcTQH0fohAVglKm/xGHHMddzNAq8E=</e:CipherValue></e:CipherData></e:EncryptedData><e:EncryptedData Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>AtsAdvSnRvyNEIf7LF9s+L9gVZFv2dTG+f91WHoPNV15BnE1H4Ol0jNDTx2ObsjzQE980xK+VxTrMYO0j1516afBxkZKfdwtBwMxqvtWL6b10bKaXik0/ZSWICS4GI+o+ESNzWsi/6dszrkTSreklwHYeDaOhtb1U3Y8ZcppO5uBH17TrJHI5AqeTviCGv/HVvEUgEnuMORnq8PfNrMfcGC2VfvnRpt3NVfnZNlRgKHIyKBXwh4Ql9DTeciDmfaEbXlhUgL2D+eXLxb20gaqoGzPtnfhzUGsJ9Fq7auT96GH6OZPHz5XfTT5bMyvZkC7B78hyGROFEGJvlCK/JY2WwUc2CalEB3hiEzxknvVuCAbvA9BTkuHOR3udMTE7X6c/D42AUmA1DAqKyXXeCXNdwRfwIAAjMhCNEgdTqTuir2JHJ3Sbi2oDTy11PyGUMBXFyQZQHaCZdFvtDWrrSr5fW5lb4Kesl9DXnNqyjPNSppUFgInTAq4ymb3TLcm9B1QJVRkbUHlL65w2jpPRVKNARuBz0JzKa8opDfCcl3BTuM=</e:CipherValue></e:CipherData></e:EncryptedData><e:EncryptedData Id="_8" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>OsguTP5FCI7+ldMCRNcyf8Ke1L1YTrrpICqKeym4X0RFLtDfzCf+I9nktec7pbXxJcTWoSr0nSIeyUkZmJ7RjC5qnUqKFl3P8ZKmBp+BKUWF6jWPuuoEqifZh3X8uPyHHH5WHrD/zhemwtjahX8BsO4Z7keH5xhdGry5cexenk0oqFGjdWdGCeyP9cMYTGqIdDJ1iztEZQPApJGJpqnHUkKi69OjM7evzCPc2Hl6IlSt7nvPlFdFfk6U0gE5d9kdCUYO10QTHNYNaes2D8aFtzykQtDlRKal5+et877UUEES1nYWw9F9vDA4vqipazFC5/hQKAM/ZhBF53+Bh6oE3rApRjhndOzs3Iau8ZOutqQvPU/uYlbVsRc0faco3kNGZKCS9qDw3YISGMC3391le/sgQ0nA5bXB33b39PBF/KHJAsbMiKbqwUvh1Q93UPWvwZq2Bq+rQ5Vr5jPgQDGhY2rJ97NqE9uadnDdd38EkgnAekG3Zz4DjSmT/ATNRKHwkshjd0McZYVO0a3P0PqKDMzrNXCHZ9SwzdTY50nAo8sRTFnn7sDFUPgsSJ/k8VOTsaRbtYY4RBDOe7AOcgcFCXXlbAqwu8CPQNynP5zgskwsL/l1HRvQf0+/URJ3UU9JXZ1k1uEufzmUhJfEQY6VZxY3MsHNynruM01rPnVRZs0M++WJSzVfRy2ObsOJEmkr6zrIwPiHXz9tXJ9Ppp3yhbnuZ1kRCGESe9qc6RqJ9bV6NBEbUBHiw5/ZvpvR63hSSee04t6PlrfdfL84JJgXvggne1nL4qKJwfnaOJ3Pr5wXXoWGSyjXQgTedmD+MKEa0audrgHpxer3Trq9K5/q6WjtDhAfZy03c6OqXHFVrdpKDxk/xNupG3AVV2VASWJSAi+lykkM6LL90rWjvKcpcAysmNwbFZmbkoHztTh2Mr1QuS1B/AWRoMU2N3qwSDRpWxKXQQ3w13a0CBQwfBf7fBET47RA16WxpjiF8l8pCfelDt3N7q40BSv1F0T1cei/sUhOUPuDrmO8ah+zv9hisaAApHj9R4d9HIUgoVu/fWbtU/nOwLHLbfebgWr9gRKy9ObDusRKmElbkyao7ZurRNxDOxS4u4d8Tw52uNzbHSWNg6aVYAmbpi7Py65k0TCFQMXW9+sW43qcFCFEqKrc1gaHgeV+CmeLHAYfrqbEX904SlvwTFSbjN6vXWmxI2Y5XxphsKMOovKUYIfXgkFeIAyx9w1zDsmk7DONBUF//7WAboeZMfx2zGqzeaBXqQ1PvDee5sWns/HShgtDJb2Tb4mxY37kqOr+/LgXlDgFNHgdiXEAuMEdPb7dkwmLWo7O5yi3dcObKpabQdsaZegPgMRRIk54xziTnWf3Kp+F6O7WyfmE0T1Pa8s1QbzujQZJMwzfsplr83dNimZn7Sdj6scr7f+95lB0AZ4acsIsalnHsFqUgRkMDFTO9+ziX/rFxh07MycmybtnHpwM4VPq93oJCUmDITnZk+GUvpPfTpuQxU+DonLvw6d1lJn5sQjtRP9c9YUJqGYjaqP+Xf9V3nzUMv3lrWAelqMmrs79gaPZyD5KAA203HZ2OqWf0txjL98fZC7I4YTb2pbnX/xcHKiWo7gAFU40/69uv29ngJJ8LVVTccF849rxsikrEgSFMNOFL+nWe0O8ne0hqj/s1UXzapsnm2LfeG2sbpXZIWiWalridOv93sproBRsxlmfPmQw+lGOFarHotRg3jNPcEolAwMsnV3YPcE8ONxAtEtqvx05dw1RiNlW/n9Fxcdk51sWC2LqImyFOkWWp3QAeaWgNnq8dKbduGlfXPE+NL4SYN+i5pvxlEyYvd/QrlzHKMLxyfkeKvu/VFnGA9VYKnXdJXuMyHEJszjTGELAH9TqWqqz8+TDFcYziwR9VsL3glCGjti13kdW4bn8t/n2uKbDqp4AILVJD9UHYyPuCNNYBGQhLxvZBGwbOPvlZT2GR1FpZHpIsldzbIKp4dTyooYz7e4zJLC5vnazrtwHBsCoEJLtm8JwkMdSVG+y2g+PmvSbDAciqaw1rbsQ5NwhDcIHynpg/EFKRNWdSy8ENy135K7y0IYy7vJnXoCKr8CoUhtrw+0Xu2iEOk4SmXA5KEMmYLCnCVzjnDew6jCU6j/Oq5sfceaVP8ciL75W/L4XcZzJ1yKi2qFizZ38XrP3HKh7uYCaAGGuCHW96avItNDiGvxwIGdu3vWx6lRthUf4yXWutr9u/92PPyAHI6bPdA9wpfcIG7H5aX6PwBnmAvBVFoOfmZexxs4Vz34Dvvfau5QQmikGia7S5nhsE/nBYcShzpiqZOzqh6ESvtIrAbzOFJxaEkfY/RsmCBTrLjy8oBxO1i7fHZefNqMJ2SXimaK10MRN6HAXLaMf68cwPBkBjjUvnOXIkxZON7RuqL9uX/uOGZFIEeGUrge1aWdS/Jjgv6/9YrKFrUPk82ZmNdKQDLRRsw1UwCxFJeTzEHHPEIM1GFTxNbGZtQAp6jkcZr7Fx91muooBGG3yhHQFhay0LeHY7xSck3FMc01MFMeH2hVAoFymOZFYJMDw5M7jWGaFZnSvTkNs9kc6o+fFUptxm3x0uV5aKgdR/kS6jcFz7VdOAXV1HMUrO2gtBg51mLxgSHj8KCkwPG5AeNJj4LhmQsKNVD6qeMw6MFQL4LLCo2TyaJFCoTppPhSQ34rYidTtAH5CI6/erYWvi1d3lniJo0/K/aZN0Ka8BEr+g0mHsKmuy5KGAFNNnTcYpiNagSdo0OjBGG33lmpmNPxzNFY=</e:CipherValue></e:CipherData></e:EncryptedData></o:Security></s:Header><s:Body u:Id="_4"><e:EncryptedData Id="_5" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/></o:SecurityTokenReference></KeyInfo><e:CipherData><e:CipherValue>Cfab1ssHgyEdtXKDZh1l66RVDKH6rSvwSGeCpmOSN19LDBVbqi6vW7lmo18LdhT9SSacdTG+rTBeY6bu02wd9gLtjSBJvPPItWK8frll9gTBDR+1biloE5+iOVyF9pNoS+hPFS/pF+T1/Tvd4TA8Lw0CnacFYx0Rd3hLOTUE09pcYxXP4eWrIk79PVFKzjeT</e:CipherValue></e:CipherData></e:EncryptedData></s:Body>
</s:Envelope>

WSDL(部分)

  <wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_policy"><wsp:ExactlyOne><wsp:All><sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:ProtectionToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"><wsp:Policy><sp:RequireDerivedKeys/><sp:RequireThumbprintReference/><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:ProtectionToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/><sp:EncryptSignature/><sp:OnlySignEntireHeadersAndBody/></wsp:Policy></sp:SymmetricBinding><sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:RequireThumbprintReference/><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token></wsp:Policy></sp:EndorsingSupportingTokens><sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:MustSupportRefThumbprint/><sp:MustSupportRefEncryptedKey/><sp:RequireSignatureConfirmation/></wsp:Policy></sp:Wss11><sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><wsp:Policy><sp:MustSupportIssuedTokens/><sp:RequireClientEntropy/><sp:RequireServerEntropy/></wsp:Policy></sp:Trust13><wsaw:UsingAddressing/></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_SomeOperation_Input_policy"><wsp:ExactlyOne><wsp:All><sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><sp:Body/><sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><sp:Body/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_SomeOperation_output_policy"><wsp:ExactlyOne><wsp:All><sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><sp:Body/><sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/><sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"><sp:Body/></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy>

转载于:https://www.cnblogs.com/zzfff/archive/2010/08/25/1808613.html

Certificate-based web services message security之感性认识相关推荐

  1. delphi7下调用微软的Web Services的心得

    我在delphi7下调用微软的Web Services的心得.(其中服务是指返回数据集) 我在delphi7下调用微软的Web Services的心得.(其中服务是指返回数据集)        作者: ...

  2. 应用WSDK - 实践Web Services的数字签名(下)

    应用WSDK - 实践Web Services的数字签名 小气的神 2002-12-05 Article Type: In-Depth 难度等级:8.2/9 版本:1.36 生成客户端部分 1.    ...

  3. intellij选择困难症Spring Batch/Data JPA/Integration/MVC/Security/Web Flow/Web Services到底选哪个?

    新建工程碰到这么个东西... um...首先想说这些并不是非选不可的,只是根据你的需要,一些初始化的工程结构模板,让你减少点工作量而已. 选项 作用 Spring Batch   Data Data ...

  4. WCF basicHttpBinding之Message Security Mode

    原创地址:http://www.cnblogs.com/jfzhu/p/4067873.html 转载请注明出处 前面的文章<WCF Security基本概念>介绍了WCF的securit ...

  5. 从对web services的支持来比较J2EE和.NET (转)

    从对web services的支持来比较J2EE和.NET (转)[@more@] I. Preface In this whitepaper, we will make a powerful com ...

  6. WSE(Web Services Enhancements)

    WSE(Web Services Enhancements)是微软为了使开发者通过.NET创建出更强大,更好用的Web Services而推出功能增强插件.现在最新的版本是WSE2.0(SP2).本文 ...

  7. Web Services教程

    一.Introduction to Web Services Web Services can convert your applications into Web-applications. Web ...

  8. 详解Axis2实现Web Services之AXIOM篇

    AXIOM--AXis 对象模型(AXis Object Model,AXIOM)是 Apache Axis 2 的 XML 对象模型,Axiom采用pull解析方式,基于StAX(JSR173),其 ...

  9. 使用 Web Services Enhancements 2.0 的基于角色的安全性

    使用 Web Services Enhancements 2.0 的基于角色的安全性 简介 Microsoft .NET Framework 和 Microsoft ASP.NET 提供了许多保护代码 ...

最新文章

  1. HTTPS通信的C++实现
  2. hdu-1422(简单dp)
  3. VTK:Medical之GenerateCubesFromLabels
  4. 使用.NET Core+Docker 开发微服务
  5. 神舟笔记本电源管理软件_笔记本电脑长期不用充不上电了?原来问题就出在这儿...
  6. Android Junit测试
  7. 【CCCC】L2-008 最长对称子串 (25分),直接枚举遍历
  8. 认识一个工具 Stopwatch
  9. 华为matepadpro可以用云电脑吗_放弃台式机,改用华为云电脑,再手机投屏到显示器,这样可行吗?...
  10. win10 Hyper-V 虚拟机 装 boot2docker
  11. b站黑马程序员的python怎么样_如何评价传智播客旗下的黑马程序员?
  12. html微博登录代码,微博第三方登陆js实现
  13. 学习笔记(04):程序员的数学:微积分-常用导数(一):最常用到的技巧
  14. 天宇优配|混动车将告别上海免费绿牌 新能源多种技术路
  15. 解决桌面单击右键反应慢的问题
  16. 使用sphinx+reStructuredText制作文档
  17. android 状态栏显示 耳机图标显示,Android4.0-4.4 加入支持状态栏显示耳机图标方法(支持带不带MIC的两种耳机自己主动识别)...
  18. 基于javaweb的平行志愿管理系统(java+springboot+mybatis+vue+mysql)
  19. oracle查询表数据写入时间,求大神解决关于查询Oracle表数据时间
  20. 物联网技术(基本概述说明)

热门文章

  1. 一篇博客,带你找回登录密码
  2. 《十八岁的夏夜》--LG二进制
  3. 打开QQ空间的默认浏览器被改了怎么办
  4. Python基础介绍
  5. php数字转化二进制,php 汉字转化成 二进制 十进制 十六进制 数字
  6. mysql连接数据库失败1130_mysql数据库连接1130问题解决
  7. 甩开外包,雄踞榜首:揭开“宫爆老奶奶”成功的秘密
  8. C++ std::string 转换为 UTF-8 编码
  9. Centos 8 stream安装snort3(2023年2月3日更新部分问题)
  10. [C++] [OpenGL] 用FreeType渲染文字