下面的.net console application,添加System.ServiceModel.dll程序集引用即可,不需要配置文件。
/*
===SET CERT===
makecert.exe -a sha1 -n CN=MyService.com -sr LocalMachine -ss My -sky exchange -sk MyService
certmgr.exe -add -c -n MyService.com -s -r localMachine My -s -r localMachine TrustedPeople
makecert.exe -a sha1 -n CN=MyClient.com -sr LocalMachine -ss My -sky exchange -sk MyClient
certmgr.exe -add -c -n MyClient.com -s -r localMachine My -s -r localMachine TrustedPeople
===CLEAN CERT===
certmgr.exe -del -c -n MyService.com -r localmachine -s My
certmgr.exe -del -c -n MyService.com -r localmachine -s TrustedPeople
certmgr.exe -del -c -n MyClient.com -r localmachine -s My
certmgr.exe -del -c -n MyClient.com -r localmachine -s TrustedPeople
*/
using System;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
using System.Security.Cryptography.X509Certificates;
[ServiceContract]
interface ISomeContract
{
[OperationContract]
string SomeOperation(int i);
}
class SomeService : ISomeContract
{
string ISomeContract.SomeOperation(int i)
{
Console.WriteLine("SomeOperation:" + i);
return i.ToString("X");
}
static void Main()
{
using (ServiceHost sh = new ServiceHost(typeof(SomeService), new Uri("http://localhost:8000")))
{
WS2007HttpBinding b = new WS2007HttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
b.Security.Message.NegotiateServiceCredential = false;
b.Security.Message.EstablishSecurityContext = false;
sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "MyService.com");
sh.Credentials.ClientCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
sh.AddServiceEndpoint(typeof(ISomeContract), b, "");
ServiceMetadataBehavior smb = new ServiceMetadataBehavior() { HttpGetEnabled = true };
sh.Description.Behaviors.Add(smb);
sh.Open();
Console.Write("Service started, press any key to start client...");
Console.ReadLine();
ChannelFactory<ISomeContract> cf = new ChannelFactory<ISomeContract>(b,
new EndpointAddress(new Uri("http://localhost:8000"),
EndpointIdentity.CreateDnsIdentity("MyService.com")));
cf.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "MyClient.com");
cf.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine,
StoreName.TrustedPeople, X509FindType.FindBySubjectName, "MyService.com");
//cf.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri("http://localhost:8001")));
ISomeContract sc = cf.CreateChannel();
using (sc as IDisposable)
{
Console.WriteLine("Client:" + sc.SomeOperation(15));
}
Console.Write("Press any key to end...");
Console.ReadLine();
}
}
}
对代码不太理解没关系,现在重点是SOAP message,去掉代码中唯一的单行注释,run,使用tcpTrace或其它工具来查看:
(本来想兴致勃勃的写一篇,当看到血淋淋的SOAP msg/WSDL,并且要分析,太TM累了,没老赵那份闲心,打退堂鼓,闪人,有兴趣的同学推荐阅读WS-SecurityPolicy Examples)
8月26日:既然标题是感性认识,那还是把SOAP消息,WSDL贴出来感性下,不解释(其实是无法解释,真要解释,那得写个长长的系列,从XML Signature到WS-Security到SAML到WS-Trust到深入剖析WCF到……,没那闲心,再说我是半罐水,没那本事:)
client request SOAP msg
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_5">http://tempuri.org/ISomeContract/SomeOperation</a:Action>
<a:MessageID u:Id="_6">urn:uuid:7facce06-0318-4add-842e-d883f150ca5e</a:MessageID>
<a:ReplyTo u:Id="_7">
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1" u:Id="_8">http://localhost:8000/</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-2">
<u:Created>2010-08-25T16:04:30.452Z</u:Created>
<u:Expires>2010-08-25T16:09:30.452Z</u:Expires>
</u:Timestamp>
<e:EncryptedKey Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
</e:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Jw8IjGZ1i0ib2rthgjUV/vuD6EU=</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>qIkV9XsDQMAVYlwUqONf6gyzm3+8DEVuWB1J+4sHUs5xWRWUTlrBQvFK6u9rIG1aBlHSDOvjHdLwsz0BS3NvigemqTPu+r+AOqmL5/kWIZ/kx+d93YEMmbxu5mImwZ7Ep4tNrTU2ki/weAjdW9MidC/iysdPZ1KO1MysANB74tw=</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
<sc:DerivedKeyToken u:Id="_0" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1"/>
</o:SecurityTokenReference>
<sc:Offset>0</sc:Offset>
<sc:Length>24</sc:Length>
<sc:Nonce>b8iYHNwm6G9y1/hPjBx+xA==</sc:Nonce>
</sc:DerivedKeyToken>
<sc:DerivedKeyToken u:Id="_2" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1"/>
</o:SecurityTokenReference>
<sc:Nonce>4Tx9T//CwTucEi1tMXokAQ==</sc:Nonce>
</sc:DerivedKeyToken>
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:DataReference URI="#_4"/>
<e:DataReference URI="#_9"/>
<e:DataReference URI="#_10"/>
</e:ReferenceList>
<o:BinarySecurityToken u:Id="uuid-e5446b3d-948c-4a0e-a854-f79c901c22d6-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIBtDCCAWKgAwIBAgIQGwo/zn33qJJCf6CBuEubRDAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEwMDgyNTEwMTUyOVoXDTM5MTIzMTIzNTk1OVowFzEVMBMGA1UEAxMMTXlDbGllbnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOITMfevwaVli/spLmgfHi18zroNWB86rk0xza4tAcABCVo2GS+aIw0mvXBttcuHdchdo5KcNn+9uR/U+q6R7krpsPEImjcDsTNzq3DAktf8O0npfQHM0zcFXMz33ZDXeaL0DS6buN8Pf5baiTF2NnkrkzcyYhLoMQwU7ImBzDowIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBAApURIsbCshaDNsGUSTc6nPCG7q2kAgiKOfKMEzOQ/MKOV/209igBPta92Xd0dsb82C8Vj72J5udmfz4oqwKSWE=</o:BinarySecurityToken>
<e:EncryptedData Id="_9" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>OeIsMR3fqltIi+IAObx1i932EXNJkcv/KdQOMKYhgzv1IiSdh4sXOoPHBOO6sTCkxB0x7OqDVdCN+V9+IR+TYr3dF1H11vDazBxwMTnNvj5zeAEQY/IY1TbDawT9+w0saSJsK0ZGTmAp3DqyWGK9pJrShVLRYUokRolkzIQbideARgqab2pjHFkZNMHGgrCQ/HuB712a4RCxGk9DlMzsSe8bl4066wuhQGDtuJrV9kV+U+1GHNu9udo/iWxoiiyJ43h78EyJSTcNhgazAXaLhwfUqR02TsRPRty3+I2HvYbgqr33Y/T3Samwh9GSmVObeKhNOvCIXFEwkHOtweHcvFpFOkJmH+hExQxMeJ/G5T3v24RItL9w6u2NZ+rv7iveu1rECvcbxuvcLQH0oxGLwhZMXN2JGSEMb+CgjQw5g2VbcBRKlEf9YrdD92uAiRH8Vp9p3KrZTK+LzkTxMgeGc4rqkzJ5Lq73Ofx3uQy8rq4p2PigykXGPo0LmoCVecWHexsP9mpjgP87pVm5TBkh12Lrn6Y6cf2b1D3/7JtGou2yFpm22QxDMMM4oDBLbT3IoCL1QXM3csByzzst7TrmZKLjJCTAJgeRaQTZmcMJL22M9iL797l553HcjrGLdacoUd5Wtsu2o4wGs2sTnLs/Y4GjTD34A+KGrltVUdf0MdjX0RmYsonJoSdxFanMRlGtnUlpwvFMvCPdl4fT6XpkqjTSkJQKzYbTncNBXGk5o8nH1tXYLE1lfx3yKsbtAjFHsbYBYqoOKK9Qrka+15HqLGO1uBY4ThFNUvFVYJH42jXLF4dGjbAhtlt2NJSSmNp3tWP02V+cQv2KVCs3Qnlq8NuV4O8NVUOfScUhj4vKQ5AEdW+vq5gy7NKVQrJlzg4/LJDm8Ukrfieth+lIKx5qFj4CemjPTbtL+LqMrOHP6Oz906t4xgbT8zYCe0aGwWK5NtZyVFztHHu4AFjsYoVvKKZWhcwpDXFtgdjpmtC294xCcbbOPoboRhpQRL4lqvD+nsUIOX1h2WLatLEOyIQaPg8wkULbMZxu1XmkF8mNIxYqm+TviD0AIHIPvq2WB1VtWiF4ImcF7NlCItlrAK0H1RkJKlC410oCEYd2sroRjtXQUqTzS/TG7EGVmFlRNj6N9yRh/yEdVIPRaN19PQASqJm7eJFXqUitCTB4BZEAVNw3keHJJa4rxjzH3QwvhL1Qimuewa07f5Aim2V+U8SF5eBT6RbQzK2iZie1X4921dGsgZr93A2HirIh+WieUvPStN6xD859dz+OKDKbiBHmuQz/Q4/hWSFF6igU0pJ+LgJJYDxVC4xJo2XhTVoplT8iKHlK9Dudrid674GF3AVUp7jkuoOjNHd2D+1NWJFaHff0TiUc5iXA+DwceOScZUPrB9K5GifD4exxM3s2gWm4n4s/HD80oJOqTUOTKIHeVIs1CFubj4LF7ZCq39sXtI4YO5GjxTio4W7pC8NtY7V7VR6Vm60ikYMErww3FfqAia0crEfRm0vOiNU3bfItXPDGJCbzYn+XRWjvcfD3qzklfpkxMzJiCLCdeXtGM1m0EX9MXscafH6PJTbN1e44fxbEYDLbqy4rQ9pXAdmEW8etT/hrnVVMwNBSTBAnSwJRlGVmXGCP2VCY90sdkStpdQXWqKx+HrLgfHbX+IWANgNhFWlgMD3ju7yg04NrOVhGT4dFfBZ/BqLmJJZ7DgRLG9ikcbRadUnUPpN4U4VxQRI/L9CXOPTZVusG9U9B8SSZTYKS3LnEOKhz/af9B+ou2Gr04hEO5E4+1PBO7tZw+sz5NB5XiNij6KyWnpVSD9xKIJm7TxRACd80DWMsunc0LCAtHl9q9eUcyRHi51ZP8hXBuaJAss91W5rFFjuq3PoYu+iK3Bct0O847fALUIThRt44MXvJkw0n4BWayoPOa0Mah4tNEmTMY+20JoaPBeme4ZWlvTWIMoquOjEWx0DqWn66XYkjDXeFXn7atS5fj+Al9XWy1I7VnmFCsK7Wg2haGay4O3nkuAoQqQqM0bJnnxjEakpOjjOxBX1XVHLR+A8E3FZGPvKLUG6T2dIXz/YHIAH9vgElNIxQNJDgroLrM3Zq+jAz7I9bZV3KVmopsQP9FGJSXIXL9zb+N5M2lPmt6VJO4VrzexLzy5bPGZjoiZ8ToCdiB5AELsE94O54Ui0V0W7MIJQ1nWBPMWeNDRhb8/IYS5QPCNVi1b0a3MOdMBQBQ+9mV7qubmH+jPssmrIPmUTDhr9HTj5wFCc5Kgb+3TkPOtR/BjukghiJC+D91jE40TYZXX8RUbybTefnNUAZoOiDAV5qzyBSolNji5p5jBhdnoXYN5DD7xNyzjl9jNp9v4cvFvnalDD0+VZzgyUFcs697D0Q1YXlp4rr2Q/tABFlwAlLSJ5xj9YulPQ6AYiZWij/5zkWPlta/FWipWVSRWLOXdpJwk83WHwzE1jmwFY2ufIIkI1q4bSUfVdf5qRkeNftDeri4MMLJbBYDd96tfwCqlTuGOrKvdjeXbjUroeLLyQJ+zfKDROjIgAc+IR68DodhxR22Ajp+8EV/J1zDMGISVHvhpoc4F5xVkl3WIz4Rrsrkw8I1fpuiIZNuhXuM5PhYZa/HCKTu3gQWlSsLI2HGXtuwQn4mUiDDov24gv+jqFJisGYNHTesjtg9heZzwTBa0gW9S/BxHA/m2YDI5l2Us5FvYfBAp/PHlzPVzyzOqQgb0gjfZ3BHyB42uNibUgz2qtrXnUGBV+WUP1rCqaCqaAyKBsxfbgN7gM0iwg=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
<e:EncryptedData Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>SObswo46El3WH+dQXbtNbG2g48i+5YDCOwHoTasO67gCntuZkR1DQ3TpsrsPzYjlVvQMQYijeOWzWIdHLwM6gYfwxYSwDh227GAHwRlj1Sj0UGB467OnGAuSd1uw0cZsIyMPna1dDKB3DXsm5Zaw9Dv/icToqdE6l75B21xdEnDBgbnOfV0W/C6O8W0dz+W2y5Zyrau7WnI05NnJFyCIiGo3eNPPJ90Wt7isTr7sUnjYw4Kvm9FbSfgK01QlW21ZQoS9zrDIzRoKpOKF38ONx6GAiRJas63kcEl3PBq9Kg0UdQYH2NjrEFPurTfBdVoXCURH9XMMVKt3AHvOj5nVvFBwi5KITZaZzm6lGf7OpleL2d5osoeFpugRQkCej29e+pJUB4CSwiU3nR7F5Ffb4dtIuMtEvLoSw4yGV/xt5O9nyOMvdSzr8a7VWawkRRvnLwLC3vRlah1kll7Vm1sgDwRvVBPQWKvaBV+gqY5bIgZAHnKOeK5A9HNDKyWnRlgTT3Av2/7ubcly6mcLwhwzjUubi7/o8sUGxcLtWQTmPFtI3o6k+IkwwUPJDkxuS1nxmjxKA2tSMBw80Iu3ZNstjVapmNxZrJmEhdyfDz2Vv8YpyMY5rUuNkS3u2ByrG+uT8a3v/ekHEMz6w3KPhtp1prmffOQIAvIyAKKGCnOATcLkLlJrWbhsSGsX385fIeQs1AF0WF14JdxnRJS8cGILQnjxzCm9SS3I+qM2ohjC7Q9htLgT9ABMt0S0v2thNkfrnzXzZr4agESFgU/Fsmm69SsPXvjefZyGAHPPl5fEESu4C+lvf7USWqG/8Y5plXvPAfuZn257sE+5tQEx5h+mS+K1/CPif/U3/uyasL165XTMmMPkJb/5L42v4Qsflaj5c3WEl+BEIjn+Zqq+B5K/U7viYrMttPARhQry7useNfKZdLr645phvDt1vhZNQraW2jSJ9LX+acXdkrW72apWtdoMlEke66FsPPWVHw/CnqmRZ6hLJ4UjwWA+t+Qx22ub8eYpFXtRxcfLuVnDKZz5TAajqzoiMXSeSr8OYYPm0JW4eCQaWTmSlCQ/z3UvAH0308wBQRpKXi4W1Y4LVfxcY9kUwRQuxKGU+6vFE+PrcCJg4z6GxSoElDxllMECKuu+XRUcTY8YyDd2iYg7Igl6tA35YwHTyrAqGeXbsIPslDlQ/1wtAprrOgR/24W9a/QBOmrMiwohKzFF4Pn06wu8z2t0gGEV2oibeRrd7Ga+4YNcFjPq3RX6R0T4kmp/R7YXY0rYYUW6LSVfG9lt8ZmkrdD3bwFizO7xcghrs42Ac0ZcTBFF/jkpoRPKvin+lnNgP/uN1QN0+aKa3pp+y0Hr5h5VU5JuJnRriIG/jlT+MEg=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_3">
<e:EncryptedData Id="_4" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>bFaKXbJWXpX2c34J8E/JBSasfom4fMX7Zr3mysTKL92WJ7dLHmu0cG0gb+ICF/YtOZj2kB1RSCNkV4vHrDBPfU/Ke294+4kOOqZacYfayaE2aDrH1UMBOYebNHtvNVGH</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
service response SOAP msg
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1" u:Id="_6">http://tempuri.org/ISomeContract/SomeOperationResponse</a:Action>
<a:RelatesTo u:Id="_7">urn:uuid:7facce06-0318-4add-842e-d883f150ca5e</a:RelatesTo>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-7">
<u:Created>2010-08-25T16:04:31.063Z</u:Created>
<u:Expires>2010-08-25T16:09:31.063Z</u:Expires>
</u:Timestamp>
<sc:DerivedKeyToken u:Id="_0" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">So9bbUZ//6FShYKoT4RWSNJXx5U=</o:KeyIdentifier>
</o:SecurityTokenReference>
<sc:Offset>0</sc:Offset>
<sc:Length>24</sc:Length>
<sc:Nonce>JRAkR4cW1AgvXffkm/zqiQ==</sc:Nonce>
</sc:DerivedKeyToken>
<sc:DerivedKeyToken u:Id="_3" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512">
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">So9bbUZ//6FShYKoT4RWSNJXx5U=</o:KeyIdentifier>
</o:SecurityTokenReference>
<sc:Nonce>RzAQKnDPSui8uVrNmZI3/A==</sc:Nonce>
</sc:DerivedKeyToken>
<e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:DataReference URI="#_5"/>
<e:DataReference URI="#_8"/>
<e:DataReference URI="#_9"/>
<e:DataReference URI="#_10"/>
</e:ReferenceList>
<e:EncryptedData Id="_9" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>FQEzq6iOj1YZikI2Yvy6cZjYiMBNoWLumMtn1l5ZHr3CqMNAxygPhwLDZ4yFGpnu9LbFf5t5cNj1cXx81dVXdz6o17o1XX260u52/SPnN9ld8TBJm9kQItQxVEhrU7mVqJUO7lA/pCf36cGVXX+ZlTCzRUOJN97I391oREMUJoyFQvDNpHetSzmuvzUmJYbE7KACUZiuESdcmXFcF+YToY2C2pS0eQWURkzzq/j+tVVMNZ97MtXV+p3KOfsKHf2N5q66bf9jqcsuOPTBL7ADQVZ9vtHwxioPtB5JSUn7RhFIr9LF8z6q01wmG2LhrCOW+R8tWyXfiKrmvAXcTQH0fohAVglKm/xGHHMddzNAq8E=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
<e:EncryptedData Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>AtsAdvSnRvyNEIf7LF9s+L9gVZFv2dTG+f91WHoPNV15BnE1H4Ol0jNDTx2ObsjzQE980xK+VxTrMYO0j1516afBxkZKfdwtBwMxqvtWL6b10bKaXik0/ZSWICS4GI+o+ESNzWsi/6dszrkTSreklwHYeDaOhtb1U3Y8ZcppO5uBH17TrJHI5AqeTviCGv/HVvEUgEnuMORnq8PfNrMfcGC2VfvnRpt3NVfnZNlRgKHIyKBXwh4Ql9DTeciDmfaEbXlhUgL2D+eXLxb20gaqoGzPtnfhzUGsJ9Fq7auT96GH6OZPHz5XfTT5bMyvZkC7B78hyGROFEGJvlCK/JY2WwUc2CalEB3hiEzxknvVuCAbvA9BTkuHOR3udMTE7X6c/D42AUmA1DAqKyXXeCXNdwRfwIAAjMhCNEgdTqTuir2JHJ3Sbi2oDTy11PyGUMBXFyQZQHaCZdFvtDWrrSr5fW5lb4Kesl9DXnNqyjPNSppUFgInTAq4ymb3TLcm9B1QJVRkbUHlL65w2jpPRVKNARuBz0JzKa8opDfCcl3BTuM=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
<e:EncryptedData Id="_8" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>OsguTP5FCI7+ldMCRNcyf8Ke1L1YTrrpICqKeym4X0RFLtDfzCf+I9nktec7pbXxJcTWoSr0nSIeyUkZmJ7RjC5qnUqKFl3P8ZKmBp+BKUWF6jWPuuoEqifZh3X8uPyHHH5WHrD/zhemwtjahX8BsO4Z7keH5xhdGry5cexenk0oqFGjdWdGCeyP9cMYTGqIdDJ1iztEZQPApJGJpqnHUkKi69OjM7evzCPc2Hl6IlSt7nvPlFdFfk6U0gE5d9kdCUYO10QTHNYNaes2D8aFtzykQtDlRKal5+et877UUEES1nYWw9F9vDA4vqipazFC5/hQKAM/ZhBF53+Bh6oE3rApRjhndOzs3Iau8ZOutqQvPU/uYlbVsRc0faco3kNGZKCS9qDw3YISGMC3391le/sgQ0nA5bXB33b39PBF/KHJAsbMiKbqwUvh1Q93UPWvwZq2Bq+rQ5Vr5jPgQDGhY2rJ97NqE9uadnDdd38EkgnAekG3Zz4DjSmT/ATNRKHwkshjd0McZYVO0a3P0PqKDMzrNXCHZ9SwzdTY50nAo8sRTFnn7sDFUPgsSJ/k8VOTsaRbtYY4RBDOe7AOcgcFCXXlbAqwu8CPQNynP5zgskwsL/l1HRvQf0+/URJ3UU9JXZ1k1uEufzmUhJfEQY6VZxY3MsHNynruM01rPnVRZs0M++WJSzVfRy2ObsOJEmkr6zrIwPiHXz9tXJ9Ppp3yhbnuZ1kRCGESe9qc6RqJ9bV6NBEbUBHiw5/ZvpvR63hSSee04t6PlrfdfL84JJgXvggne1nL4qKJwfnaOJ3Pr5wXXoWGSyjXQgTedmD+MKEa0audrgHpxer3Trq9K5/q6WjtDhAfZy03c6OqXHFVrdpKDxk/xNupG3AVV2VASWJSAi+lykkM6LL90rWjvKcpcAysmNwbFZmbkoHztTh2Mr1QuS1B/AWRoMU2N3qwSDRpWxKXQQ3w13a0CBQwfBf7fBET47RA16WxpjiF8l8pCfelDt3N7q40BSv1F0T1cei/sUhOUPuDrmO8ah+zv9hisaAApHj9R4d9HIUgoVu/fWbtU/nOwLHLbfebgWr9gRKy9ObDusRKmElbkyao7ZurRNxDOxS4u4d8Tw52uNzbHSWNg6aVYAmbpi7Py65k0TCFQMXW9+sW43qcFCFEqKrc1gaHgeV+CmeLHAYfrqbEX904SlvwTFSbjN6vXWmxI2Y5XxphsKMOovKUYIfXgkFeIAyx9w1zDsmk7DONBUF//7WAboeZMfx2zGqzeaBXqQ1PvDee5sWns/HShgtDJb2Tb4mxY37kqOr+/LgXlDgFNHgdiXEAuMEdPb7dkwmLWo7O5yi3dcObKpabQdsaZegPgMRRIk54xziTnWf3Kp+F6O7WyfmE0T1Pa8s1QbzujQZJMwzfsplr83dNimZn7Sdj6scr7f+95lB0AZ4acsIsalnHsFqUgRkMDFTO9+ziX/rFxh07MycmybtnHpwM4VPq93oJCUmDITnZk+GUvpPfTpuQxU+DonLvw6d1lJn5sQjtRP9c9YUJqGYjaqP+Xf9V3nzUMv3lrWAelqMmrs79gaPZyD5KAA203HZ2OqWf0txjL98fZC7I4YTb2pbnX/xcHKiWo7gAFU40/69uv29ngJJ8LVVTccF849rxsikrEgSFMNOFL+nWe0O8ne0hqj/s1UXzapsnm2LfeG2sbpXZIWiWalridOv93sproBRsxlmfPmQw+lGOFarHotRg3jNPcEolAwMsnV3YPcE8ONxAtEtqvx05dw1RiNlW/n9Fxcdk51sWC2LqImyFOkWWp3QAeaWgNnq8dKbduGlfXPE+NL4SYN+i5pvxlEyYvd/QrlzHKMLxyfkeKvu/VFnGA9VYKnXdJXuMyHEJszjTGELAH9TqWqqz8+TDFcYziwR9VsL3glCGjti13kdW4bn8t/n2uKbDqp4AILVJD9UHYyPuCNNYBGQhLxvZBGwbOPvlZT2GR1FpZHpIsldzbIKp4dTyooYz7e4zJLC5vnazrtwHBsCoEJLtm8JwkMdSVG+y2g+PmvSbDAciqaw1rbsQ5NwhDcIHynpg/EFKRNWdSy8ENy135K7y0IYy7vJnXoCKr8CoUhtrw+0Xu2iEOk4SmXA5KEMmYLCnCVzjnDew6jCU6j/Oq5sfceaVP8ciL75W/L4XcZzJ1yKi2qFizZ38XrP3HKh7uYCaAGGuCHW96avItNDiGvxwIGdu3vWx6lRthUf4yXWutr9u/92PPyAHI6bPdA9wpfcIG7H5aX6PwBnmAvBVFoOfmZexxs4Vz34Dvvfau5QQmikGia7S5nhsE/nBYcShzpiqZOzqh6ESvtIrAbzOFJxaEkfY/RsmCBTrLjy8oBxO1i7fHZefNqMJ2SXimaK10MRN6HAXLaMf68cwPBkBjjUvnOXIkxZON7RuqL9uX/uOGZFIEeGUrge1aWdS/Jjgv6/9YrKFrUPk82ZmNdKQDLRRsw1UwCxFJeTzEHHPEIM1GFTxNbGZtQAp6jkcZr7Fx91muooBGG3yhHQFhay0LeHY7xSck3FMc01MFMeH2hVAoFymOZFYJMDw5M7jWGaFZnSvTkNs9kc6o+fFUptxm3x0uV5aKgdR/kS6jcFz7VdOAXV1HMUrO2gtBg51mLxgSHj8KCkwPG5AeNJj4LhmQsKNVD6qeMw6MFQL4LLCo2TyaJFCoTppPhSQ34rYidTtAH5CI6/erYWvi1d3lniJo0/K/aZN0Ka8BEr+g0mHsKmuy5KGAFNNnTcYpiNagSdo0OjBGG33lmpmNPxzNFY=</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</o:Security>
</s:Header>
<s:Body u:Id="_4">
<e:EncryptedData Id="_5" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>Cfab1ssHgyEdtXKDZh1l66RVDKH6rSvwSGeCpmOSN19LDBVbqi6vW7lmo18LdhT9SSacdTG+rTBeY6bu02wd9gLtjSBJvPPItWK8frll9gTBDR+1biloE5+iOVyF9pNoS+hPFS/pF+T1/Tvd4TA8Lw0CnacFYx0Rd3hLOTUE09pcYxXP4eWrIk79PVFKzjeT</e:CipherValue>
</e:CipherData>
</e:EncryptedData>
</s:Body>
</s:Envelope>
WSDL(部分)
<wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_SomeOperation_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_SomeOperation_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
