WSE2.0中X509安全令牌的使用

http://www.cnblogs.com/elevenwolf/archive/2004/06/15/15932.aspx

wse2.0发布了,大家都来一起研究吧,我先来抛砖引玉:
调用webservice时有的时候安全性要求比较高,wse提供了客户端证书来调用webservice,好我们就来看看怎么弄。
调用webservice当然有客户端和webservice端了,我们先来看看
客户端:

using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security.X509;
1。//?在个人证书存储区获取证书
X509CertificateStore store = X509CertificateStore.CurrentUserStore( X509CertificateStore.MyStore );
store.OpenRead()
//读取证书的keyid
X509CertificateCollection certs = store.FindCertificateByKeyIdentifier( Convert.FromBase64String( keyIdentifier ) );
X509SecurityToken token = null;
if (certs.Count > 0)
{
?????//?得到证书存储区的第一个个人证书
?????token = new X509SecurityToken( ((X509Certificate) certs[0]) );
}?

2。//把token加入到soap中
ServiceWse serviceProxy = new ServiceWse(); //远程webservice代理
serviceProxy.RequestSoapContext.Security.Tokens.Add( token );
?serviceProxy.RequestSoapContext.Security.Elements.Add( new MessageSignature( token ) );

3。调用webservice的方法:
。。。和普通调用webservice的方法一样,我这里就不说了:)


WebService端:
1。配置web.config
在configuration节点下加:
???


? 表示引用的是wse2.0
下加:
?????
???????
?????

???

在configuration节点下加:

?????
???

?

这个wse2.0中规定的xml节点。

2。验证客户端提交上来的证书
//获取客户端提交上来的证书
X509SecurityToken x509Token = GetSigningToken(RequestSoapContext.Current) as X509SecurityToken;
public SecurityToken GetSigningToken(SoapContext context)
??????? {
??????????? foreach ( ISecurityElement element in context.Security.Elements )
??????????? {
??????????????? if ( element is MessageSignature )
??????????????? {
??????????????????? // The given context contains a Signature element.
??????????????????? MessageSignature sig = element as MessageSignature;

??????????????????? if (CheckSignature(context, sig))
??????????????????? {
??????????????????????? // The SOAP Body is signed.
??????????????????????? return sig.SigningToken;
??????????????????? }
??????????????? }
??????????? }???????????
return null;
??}

//判断证书是否合法
//根据证书的keyid来判断
//这个就是证书的keyid,
x509Token.KeyIdentifier.Value
。。。
如果和你颁发的证书keyid不一致的话,你可以抛给他一个错误:
throw new SecurityFault(SecurityFault.FailedAuthenticationMessage, SecurityFault.FailedAuthenticationCode);
如果正确,执行webservice中的代码。

?

?

posted @ 2007-08-14 11:36  Be Myself  阅读(354)  评论(0编辑  收藏  举报