下面的.net console application,添加System.ServiceModel.dll程序集引用即可,不需要配置文件。
/* ===SET CERT=== makecert.exe -a sha1 -n CN=MyService.com -sr LocalMachine -ss My -sky exchange -sk MyService certmgr.exe -add -c -n MyService.com -s -r localMachine My -s -r localMachine TrustedPeople makecert.exe -a sha1 -n CN=MyClient.com -sr LocalMachine -ss My -sky exchange -sk MyClient certmgr.exe -add -c -n MyClient.com -s -r localMachine My -s -r localMachine TrustedPeople ===CLEAN CERT=== certmgr.exe -del -c -n MyService.com -r localmachine -s My certmgr.exe -del -c -n MyService.com -r localmachine -s TrustedPeople certmgr.exe -del -c -n MyClient.com -r localmachine -s My certmgr.exe -del -c -n MyClient.com -r localmachine -s TrustedPeople */ using System; using System.ServiceModel; using System.ServiceModel.Description; using System.ServiceModel.Security; using System.Security.Cryptography.X509Certificates; [ServiceContract] interface ISomeContract { [OperationContract] string SomeOperation(int i); } class SomeService : ISomeContract { string ISomeContract.SomeOperation(int i) { Console.WriteLine("SomeOperation:" + i); return i.ToString("X"); } static void Main() { using (ServiceHost sh = new ServiceHost(typeof(SomeService), new Uri("http://localhost:8000"))) { WS2007HttpBinding b = new WS2007HttpBinding(SecurityMode.Message); b.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; b.Security.Message.NegotiateServiceCredential = false; b.Security.Message.EstablishSecurityContext = false; sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "MyService.com"); sh.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; sh.AddServiceEndpoint(typeof(ISomeContract), b, ""); ServiceMetadataBehavior smb = new ServiceMetadataBehavior() { HttpGetEnabled = true }; sh.Description.Behaviors.Add(smb); sh.Open(); Console.Write("Service started, press any key to start client..."); Console.ReadLine(); ChannelFactory<ISomeContract> cf = new ChannelFactory<ISomeContract>(b, new EndpointAddress(new Uri("http://localhost:8000"), EndpointIdentity.CreateDnsIdentity("MyService.com"))); cf.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "MyClient.com"); cf.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "MyService.com"); //cf.Endpoint.Behaviors.Add(new ClientViaBehavior(new Uri("http://localhost:8001"))); ISomeContract sc = cf.CreateChannel(); using (sc as IDisposable) { Console.WriteLine("Client:" + sc.SomeOperation(15)); } Console.Write("Press any key to end..."); Console.ReadLine(); } } }
对代码不太理解没关系,现在重点是SOAP message,去掉代码中唯一的单行注释,run,使用tcpTrace或其它工具来查看:
(本来想兴致勃勃的写一篇,当看到血淋淋的SOAP msg/WSDL,并且要分析,太TM累了,没老赵那份闲心,打退堂鼓,闪人,有兴趣的同学推荐阅读WS-SecurityPolicy Examples)
8月26日:既然标题是感性认识,那还是把SOAP消息,WSDL贴出来感性下,不解释(其实是无法解释,真要解释,那得写个长长的系列,从XML Signature到WS-Security到SAML到WS-Trust到深入剖析WCF到……,没那闲心,再说我是半罐水,没那本事:)
client request SOAP msg
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1" u:Id="_5">http://tempuri.org/ISomeContract/SomeOperation</a:Action> <a:MessageID u:Id="_6">urn:uuid:7facce06-0318-4add-842e-d883f150ca5e</a:MessageID> <a:ReplyTo u:Id="_7"> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1" u:Id="_8">http://localhost:8000/</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-2"> <u:Created>2010-08-25T16:04:30.452Z</u:Created> <u:Expires>2010-08-25T16:09:30.452Z</u:Expires> </u:Timestamp> <e:EncryptedKey Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/> </e:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Jw8IjGZ1i0ib2rthgjUV/vuD6EU=</o:KeyIdentifier> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>qIkV9XsDQMAVYlwUqONf6gyzm3+8DEVuWB1J+4sHUs5xWRWUTlrBQvFK6u9rIG1aBlHSDOvjHdLwsz0BS3NvigemqTPu+r+AOqmL5/kWIZ/kx+d93YEMmbxu5mImwZ7Ep4tNrTU2ki/weAjdW9MidC/iysdPZ1KO1MysANB74tw=</e:CipherValue> </e:CipherData> </e:EncryptedKey> <sc:DerivedKeyToken u:Id="_0" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"> <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1"/> </o:SecurityTokenReference> <sc:Offset>0</sc:Offset> <sc:Length>24</sc:Length> <sc:Nonce>b8iYHNwm6G9y1/hPjBx+xA==</sc:Nonce> </sc:DerivedKeyToken> <sc:DerivedKeyToken u:Id="_2" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"> <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <o:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-1"/> </o:SecurityTokenReference> <sc:Nonce>4Tx9T//CwTucEi1tMXokAQ==</sc:Nonce> </sc:DerivedKeyToken> <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:DataReference URI="#_4"/> <e:DataReference URI="#_9"/> <e:DataReference URI="#_10"/> </e:ReferenceList> <o:BinarySecurityToken u:Id="uuid-e5446b3d-948c-4a0e-a854-f79c901c22d6-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIBtDCCAWKgAwIBAgIQGwo/zn33qJJCf6CBuEubRDAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEwMDgyNTEwMTUyOVoXDTM5MTIzMTIzNTk1OVowFzEVMBMGA1UEAxMMTXlDbGllbnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOITMfevwaVli/spLmgfHi18zroNWB86rk0xza4tAcABCVo2GS+aIw0mvXBttcuHdchdo5KcNn+9uR/U+q6R7krpsPEImjcDsTNzq3DAktf8O0npfQHM0zcFXMz33ZDXeaL0DS6buN8Pf5baiTF2NnkrkzcyYhLoMQwU7ImBzDowIDAQABo0swSTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRjoRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwCQYFKw4DAh0FAANBAApURIsbCshaDNsGUSTc6nPCG7q2kAgiKOfKMEzOQ/MKOV/209igBPta92Xd0dsb82C8Vj72J5udmfz4oqwKSWE=</o:BinarySecurityToken> <e:EncryptedData Id="_9" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>OeIsMR3fqltIi+IAObx1i932EXNJkcv/KdQOMKYhgzv1IiSdh4sXOoPHBOO6sTCkxB0x7OqDVdCN+V9+IR+TYr3dF1H11vDazBxwMTnNvj5zeAEQY/IY1TbDawT9+w0saSJsK0ZGTmAp3DqyWGK9pJrShVLRYUokRolkzIQbideARgqab2pjHFkZNMHGgrCQ/HuB712a4RCxGk9DlMzsSe8bl4066wuhQGDtuJrV9kV+U+1GHNu9udo/iWxoiiyJ43h78EyJSTcNhgazAXaLhwfUqR02TsRPRty3+I2HvYbgqr33Y/T3Samwh9GSmVObeKhNOvCIXFEwkHOtweHcvFpFOkJmH+hExQxMeJ/G5T3v24RItL9w6u2NZ+rv7iveu1rECvcbxuvcLQH0oxGLwhZMXN2JGSEMb+CgjQw5g2VbcBRKlEf9YrdD92uAiRH8Vp9p3KrZTK+LzkTxMgeGc4rqkzJ5Lq73Ofx3uQy8rq4p2PigykXGPo0LmoCVecWHexsP9mpjgP87pVm5TBkh12Lrn6Y6cf2b1D3/7JtGou2yFpm22QxDMMM4oDBLbT3IoCL1QXM3csByzzst7TrmZKLjJCTAJgeRaQTZmcMJL22M9iL797l553HcjrGLdacoUd5Wtsu2o4wGs2sTnLs/Y4GjTD34A+KGrltVUdf0MdjX0RmYsonJoSdxFanMRlGtnUlpwvFMvCPdl4fT6XpkqjTSkJQKzYbTncNBXGk5o8nH1tXYLE1lfx3yKsbtAjFHsbYBYqoOKK9Qrka+15HqLGO1uBY4ThFNUvFVYJH42jXLF4dGjbAhtlt2NJSSmNp3tWP02V+cQv2KVCs3Qnlq8NuV4O8NVUOfScUhj4vKQ5AEdW+vq5gy7NKVQrJlzg4/LJDm8Ukrfieth+lIKx5qFj4CemjPTbtL+LqMrOHP6Oz906t4xgbT8zYCe0aGwWK5NtZyVFztHHu4AFjsYoVvKKZWhcwpDXFtgdjpmtC294xCcbbOPoboRhpQRL4lqvD+nsUIOX1h2WLatLEOyIQaPg8wkULbMZxu1XmkF8mNIxYqm+TviD0AIHIPvq2WB1VtWiF4ImcF7NlCItlrAK0H1RkJKlC410oCEYd2sroRjtXQUqTzS/TG7EGVmFlRNj6N9yRh/yEdVIPRaN19PQASqJm7eJFXqUitCTB4BZEAVNw3keHJJa4rxjzH3QwvhL1Qimuewa07f5Aim2V+U8SF5eBT6RbQzK2iZie1X4921dGsgZr93A2HirIh+WieUvPStN6xD859dz+OKDKbiBHmuQz/Q4/hWSFF6igU0pJ+LgJJYDxVC4xJo2XhTVoplT8iKHlK9Dudrid674GF3AVUp7jkuoOjNHd2D+1NWJFaHff0TiUc5iXA+DwceOScZUPrB9K5GifD4exxM3s2gWm4n4s/HD80oJOqTUOTKIHeVIs1CFubj4LF7ZCq39sXtI4YO5GjxTio4W7pC8NtY7V7VR6Vm60ikYMErww3FfqAia0crEfRm0vOiNU3bfItXPDGJCbzYn+XRWjvcfD3qzklfpkxMzJiCLCdeXtGM1m0EX9MXscafH6PJTbN1e44fxbEYDLbqy4rQ9pXAdmEW8etT/hrnVVMwNBSTBAnSwJRlGVmXGCP2VCY90sdkStpdQXWqKx+HrLgfHbX+IWANgNhFWlgMD3ju7yg04NrOVhGT4dFfBZ/BqLmJJZ7DgRLG9ikcbRadUnUPpN4U4VxQRI/L9CXOPTZVusG9U9B8SSZTYKS3LnEOKhz/af9B+ou2Gr04hEO5E4+1PBO7tZw+sz5NB5XiNij6KyWnpVSD9xKIJm7TxRACd80DWMsunc0LCAtHl9q9eUcyRHi51ZP8hXBuaJAss91W5rFFjuq3PoYu+iK3Bct0O847fALUIThRt44MXvJkw0n4BWayoPOa0Mah4tNEmTMY+20JoaPBeme4ZWlvTWIMoquOjEWx0DqWn66XYkjDXeFXn7atS5fj+Al9XWy1I7VnmFCsK7Wg2haGay4O3nkuAoQqQqM0bJnnxjEakpOjjOxBX1XVHLR+A8E3FZGPvKLUG6T2dIXz/YHIAH9vgElNIxQNJDgroLrM3Zq+jAz7I9bZV3KVmopsQP9FGJSXIXL9zb+N5M2lPmt6VJO4VrzexLzy5bPGZjoiZ8ToCdiB5AELsE94O54Ui0V0W7MIJQ1nWBPMWeNDRhb8/IYS5QPCNVi1b0a3MOdMBQBQ+9mV7qubmH+jPssmrIPmUTDhr9HTj5wFCc5Kgb+3TkPOtR/BjukghiJC+D91jE40TYZXX8RUbybTefnNUAZoOiDAV5qzyBSolNji5p5jBhdnoXYN5DD7xNyzjl9jNp9v4cvFvnalDD0+VZzgyUFcs697D0Q1YXlp4rr2Q/tABFlwAlLSJ5xj9YulPQ6AYiZWij/5zkWPlta/FWipWVSRWLOXdpJwk83WHwzE1jmwFY2ufIIkI1q4bSUfVdf5qRkeNftDeri4MMLJbBYDd96tfwCqlTuGOrKvdjeXbjUroeLLyQJ+zfKDROjIgAc+IR68DodhxR22Ajp+8EV/J1zDMGISVHvhpoc4F5xVkl3WIz4Rrsrkw8I1fpuiIZNuhXuM5PhYZa/HCKTu3gQWlSsLI2HGXtuwQn4mUiDDov24gv+jqFJisGYNHTesjtg9heZzwTBa0gW9S/BxHA/m2YDI5l2Us5FvYfBAp/PHlzPVzyzOqQgb0gjfZ3BHyB42uNibUgz2qtrXnUGBV+WUP1rCqaCqaAyKBsxfbgN7gM0iwg=</e:CipherValue> </e:CipherData> </e:EncryptedData> <e:EncryptedData Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>SObswo46El3WH+dQXbtNbG2g48i+5YDCOwHoTasO67gCntuZkR1DQ3TpsrsPzYjlVvQMQYijeOWzWIdHLwM6gYfwxYSwDh227GAHwRlj1Sj0UGB467OnGAuSd1uw0cZsIyMPna1dDKB3DXsm5Zaw9Dv/icToqdE6l75B21xdEnDBgbnOfV0W/C6O8W0dz+W2y5Zyrau7WnI05NnJFyCIiGo3eNPPJ90Wt7isTr7sUnjYw4Kvm9FbSfgK01QlW21ZQoS9zrDIzRoKpOKF38ONx6GAiRJas63kcEl3PBq9Kg0UdQYH2NjrEFPurTfBdVoXCURH9XMMVKt3AHvOj5nVvFBwi5KITZaZzm6lGf7OpleL2d5osoeFpugRQkCej29e+pJUB4CSwiU3nR7F5Ffb4dtIuMtEvLoSw4yGV/xt5O9nyOMvdSzr8a7VWawkRRvnLwLC3vRlah1kll7Vm1sgDwRvVBPQWKvaBV+gqY5bIgZAHnKOeK5A9HNDKyWnRlgTT3Av2/7ubcly6mcLwhwzjUubi7/o8sUGxcLtWQTmPFtI3o6k+IkwwUPJDkxuS1nxmjxKA2tSMBw80Iu3ZNstjVapmNxZrJmEhdyfDz2Vv8YpyMY5rUuNkS3u2ByrG+uT8a3v/ekHEMz6w3KPhtp1prmffOQIAvIyAKKGCnOATcLkLlJrWbhsSGsX385fIeQs1AF0WF14JdxnRJS8cGILQnjxzCm9SS3I+qM2ohjC7Q9htLgT9ABMt0S0v2thNkfrnzXzZr4agESFgU/Fsmm69SsPXvjefZyGAHPPl5fEESu4C+lvf7USWqG/8Y5plXvPAfuZn257sE+5tQEx5h+mS+K1/CPif/U3/uyasL165XTMmMPkJb/5L42v4Qsflaj5c3WEl+BEIjn+Zqq+B5K/U7viYrMttPARhQry7useNfKZdLr645phvDt1vhZNQraW2jSJ9LX+acXdkrW72apWtdoMlEke66FsPPWVHw/CnqmRZ6hLJ4UjwWA+t+Qx22ub8eYpFXtRxcfLuVnDKZz5TAajqzoiMXSeSr8OYYPm0JW4eCQaWTmSlCQ/z3UvAH0308wBQRpKXi4W1Y4LVfxcY9kUwRQuxKGU+6vFE+PrcCJg4z6GxSoElDxllMECKuu+XRUcTY8YyDd2iYg7Igl6tA35YwHTyrAqGeXbsIPslDlQ/1wtAprrOgR/24W9a/QBOmrMiwohKzFF4Pn06wu8z2t0gGEV2oibeRrd7Ga+4YNcFjPq3RX6R0T4kmp/R7YXY0rYYUW6LSVfG9lt8ZmkrdD3bwFizO7xcghrs42Ac0ZcTBFF/jkpoRPKvin+lnNgP/uN1QN0+aKa3pp+y0Hr5h5VU5JuJnRriIG/jlT+MEg=</e:CipherValue> </e:CipherData> </e:EncryptedData> </o:Security> </s:Header> <s:Body u:Id="_3"> <e:EncryptedData Id="_4" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_2"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>bFaKXbJWXpX2c34J8E/JBSasfom4fMX7Zr3mysTKL92WJ7dLHmu0cG0gb+ICF/YtOZj2kB1RSCNkV4vHrDBPfU/Ke294+4kOOqZacYfayaE2aDrH1UMBOYebNHtvNVGH</e:CipherValue> </e:CipherData> </e:EncryptedData> </s:Body> </s:Envelope>
service response SOAP msg
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1" u:Id="_6">http://tempuri.org/ISomeContract/SomeOperationResponse</a:Action> <a:RelatesTo u:Id="_7">urn:uuid:7facce06-0318-4add-842e-d883f150ca5e</a:RelatesTo> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="uuid-cf6d5be9-956c-44fa-8bdc-37a67bc1e1a2-7"> <u:Created>2010-08-25T16:04:31.063Z</u:Created> <u:Expires>2010-08-25T16:09:31.063Z</u:Expires> </u:Timestamp> <sc:DerivedKeyToken u:Id="_0" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"> <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">So9bbUZ//6FShYKoT4RWSNJXx5U=</o:KeyIdentifier> </o:SecurityTokenReference> <sc:Offset>0</sc:Offset> <sc:Length>24</sc:Length> <sc:Nonce>JRAkR4cW1AgvXffkm/zqiQ==</sc:Nonce> </sc:DerivedKeyToken> <sc:DerivedKeyToken u:Id="_3" xmlns:sc="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"> <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">So9bbUZ//6FShYKoT4RWSNJXx5U=</o:KeyIdentifier> </o:SecurityTokenReference> <sc:Nonce>RzAQKnDPSui8uVrNmZI3/A==</sc:Nonce> </sc:DerivedKeyToken> <e:ReferenceList xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:DataReference URI="#_5"/> <e:DataReference URI="#_8"/> <e:DataReference URI="#_9"/> <e:DataReference URI="#_10"/> </e:ReferenceList> <e:EncryptedData Id="_9" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>FQEzq6iOj1YZikI2Yvy6cZjYiMBNoWLumMtn1l5ZHr3CqMNAxygPhwLDZ4yFGpnu9LbFf5t5cNj1cXx81dVXdz6o17o1XX260u52/SPnN9ld8TBJm9kQItQxVEhrU7mVqJUO7lA/pCf36cGVXX+ZlTCzRUOJN97I391oREMUJoyFQvDNpHetSzmuvzUmJYbE7KACUZiuESdcmXFcF+YToY2C2pS0eQWURkzzq/j+tVVMNZ97MtXV+p3KOfsKHf2N5q66bf9jqcsuOPTBL7ADQVZ9vtHwxioPtB5JSUn7RhFIr9LF8z6q01wmG2LhrCOW+R8tWyXfiKrmvAXcTQH0fohAVglKm/xGHHMddzNAq8E=</e:CipherValue> </e:CipherData> </e:EncryptedData> <e:EncryptedData Id="_10" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>AtsAdvSnRvyNEIf7LF9s+L9gVZFv2dTG+f91WHoPNV15BnE1H4Ol0jNDTx2ObsjzQE980xK+VxTrMYO0j1516afBxkZKfdwtBwMxqvtWL6b10bKaXik0/ZSWICS4GI+o+ESNzWsi/6dszrkTSreklwHYeDaOhtb1U3Y8ZcppO5uBH17TrJHI5AqeTviCGv/HVvEUgEnuMORnq8PfNrMfcGC2VfvnRpt3NVfnZNlRgKHIyKBXwh4Ql9DTeciDmfaEbXlhUgL2D+eXLxb20gaqoGzPtnfhzUGsJ9Fq7auT96GH6OZPHz5XfTT5bMyvZkC7B78hyGROFEGJvlCK/JY2WwUc2CalEB3hiEzxknvVuCAbvA9BTkuHOR3udMTE7X6c/D42AUmA1DAqKyXXeCXNdwRfwIAAjMhCNEgdTqTuir2JHJ3Sbi2oDTy11PyGUMBXFyQZQHaCZdFvtDWrrSr5fW5lb4Kesl9DXnNqyjPNSppUFgInTAq4ymb3TLcm9B1QJVRkbUHlL65w2jpPRVKNARuBz0JzKa8opDfCcl3BTuM=</e:CipherValue> </e:CipherData> </e:EncryptedData> <e:EncryptedData Id="_8" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>OsguTP5FCI7+ldMCRNcyf8Ke1L1YTrrpICqKeym4X0RFLtDfzCf+I9nktec7pbXxJcTWoSr0nSIeyUkZmJ7RjC5qnUqKFl3P8ZKmBp+BKUWF6jWPuuoEqifZh3X8uPyHHH5WHrD/zhemwtjahX8BsO4Z7keH5xhdGry5cexenk0oqFGjdWdGCeyP9cMYTGqIdDJ1iztEZQPApJGJpqnHUkKi69OjM7evzCPc2Hl6IlSt7nvPlFdFfk6U0gE5d9kdCUYO10QTHNYNaes2D8aFtzykQtDlRKal5+et877UUEES1nYWw9F9vDA4vqipazFC5/hQKAM/ZhBF53+Bh6oE3rApRjhndOzs3Iau8ZOutqQvPU/uYlbVsRc0faco3kNGZKCS9qDw3YISGMC3391le/sgQ0nA5bXB33b39PBF/KHJAsbMiKbqwUvh1Q93UPWvwZq2Bq+rQ5Vr5jPgQDGhY2rJ97NqE9uadnDdd38EkgnAekG3Zz4DjSmT/ATNRKHwkshjd0McZYVO0a3P0PqKDMzrNXCHZ9SwzdTY50nAo8sRTFnn7sDFUPgsSJ/k8VOTsaRbtYY4RBDOe7AOcgcFCXXlbAqwu8CPQNynP5zgskwsL/l1HRvQf0+/URJ3UU9JXZ1k1uEufzmUhJfEQY6VZxY3MsHNynruM01rPnVRZs0M++WJSzVfRy2ObsOJEmkr6zrIwPiHXz9tXJ9Ppp3yhbnuZ1kRCGESe9qc6RqJ9bV6NBEbUBHiw5/ZvpvR63hSSee04t6PlrfdfL84JJgXvggne1nL4qKJwfnaOJ3Pr5wXXoWGSyjXQgTedmD+MKEa0audrgHpxer3Trq9K5/q6WjtDhAfZy03c6OqXHFVrdpKDxk/xNupG3AVV2VASWJSAi+lykkM6LL90rWjvKcpcAysmNwbFZmbkoHztTh2Mr1QuS1B/AWRoMU2N3qwSDRpWxKXQQ3w13a0CBQwfBf7fBET47RA16WxpjiF8l8pCfelDt3N7q40BSv1F0T1cei/sUhOUPuDrmO8ah+zv9hisaAApHj9R4d9HIUgoVu/fWbtU/nOwLHLbfebgWr9gRKy9ObDusRKmElbkyao7ZurRNxDOxS4u4d8Tw52uNzbHSWNg6aVYAmbpi7Py65k0TCFQMXW9+sW43qcFCFEqKrc1gaHgeV+CmeLHAYfrqbEX904SlvwTFSbjN6vXWmxI2Y5XxphsKMOovKUYIfXgkFeIAyx9w1zDsmk7DONBUF//7WAboeZMfx2zGqzeaBXqQ1PvDee5sWns/HShgtDJb2Tb4mxY37kqOr+/LgXlDgFNHgdiXEAuMEdPb7dkwmLWo7O5yi3dcObKpabQdsaZegPgMRRIk54xziTnWf3Kp+F6O7WyfmE0T1Pa8s1QbzujQZJMwzfsplr83dNimZn7Sdj6scr7f+95lB0AZ4acsIsalnHsFqUgRkMDFTO9+ziX/rFxh07MycmybtnHpwM4VPq93oJCUmDITnZk+GUvpPfTpuQxU+DonLvw6d1lJn5sQjtRP9c9YUJqGYjaqP+Xf9V3nzUMv3lrWAelqMmrs79gaPZyD5KAA203HZ2OqWf0txjL98fZC7I4YTb2pbnX/xcHKiWo7gAFU40/69uv29ngJJ8LVVTccF849rxsikrEgSFMNOFL+nWe0O8ne0hqj/s1UXzapsnm2LfeG2sbpXZIWiWalridOv93sproBRsxlmfPmQw+lGOFarHotRg3jNPcEolAwMsnV3YPcE8ONxAtEtqvx05dw1RiNlW/n9Fxcdk51sWC2LqImyFOkWWp3QAeaWgNnq8dKbduGlfXPE+NL4SYN+i5pvxlEyYvd/QrlzHKMLxyfkeKvu/VFnGA9VYKnXdJXuMyHEJszjTGELAH9TqWqqz8+TDFcYziwR9VsL3glCGjti13kdW4bn8t/n2uKbDqp4AILVJD9UHYyPuCNNYBGQhLxvZBGwbOPvlZT2GR1FpZHpIsldzbIKp4dTyooYz7e4zJLC5vnazrtwHBsCoEJLtm8JwkMdSVG+y2g+PmvSbDAciqaw1rbsQ5NwhDcIHynpg/EFKRNWdSy8ENy135K7y0IYy7vJnXoCKr8CoUhtrw+0Xu2iEOk4SmXA5KEMmYLCnCVzjnDew6jCU6j/Oq5sfceaVP8ciL75W/L4XcZzJ1yKi2qFizZ38XrP3HKh7uYCaAGGuCHW96avItNDiGvxwIGdu3vWx6lRthUf4yXWutr9u/92PPyAHI6bPdA9wpfcIG7H5aX6PwBnmAvBVFoOfmZexxs4Vz34Dvvfau5QQmikGia7S5nhsE/nBYcShzpiqZOzqh6ESvtIrAbzOFJxaEkfY/RsmCBTrLjy8oBxO1i7fHZefNqMJ2SXimaK10MRN6HAXLaMf68cwPBkBjjUvnOXIkxZON7RuqL9uX/uOGZFIEeGUrge1aWdS/Jjgv6/9YrKFrUPk82ZmNdKQDLRRsw1UwCxFJeTzEHHPEIM1GFTxNbGZtQAp6jkcZr7Fx91muooBGG3yhHQFhay0LeHY7xSck3FMc01MFMeH2hVAoFymOZFYJMDw5M7jWGaFZnSvTkNs9kc6o+fFUptxm3x0uV5aKgdR/kS6jcFz7VdOAXV1HMUrO2gtBg51mLxgSHj8KCkwPG5AeNJj4LhmQsKNVD6qeMw6MFQL4LLCo2TyaJFCoTppPhSQ34rYidTtAH5CI6/erYWvi1d3lniJo0/K/aZN0Ka8BEr+g0mHsKmuy5KGAFNNnTcYpiNagSdo0OjBGG33lmpmNPxzNFY=</e:CipherValue> </e:CipherData> </e:EncryptedData> </o:Security> </s:Header> <s:Body u:Id="_4"> <e:EncryptedData Id="_5" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:Reference ValueType="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk" URI="#_3"/> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Cfab1ssHgyEdtXKDZh1l66RVDKH6rSvwSGeCpmOSN19LDBVbqi6vW7lmo18LdhT9SSacdTG+rTBeY6bu02wd9gLtjSBJvPPItWK8frll9gTBDR+1biloE5+iOVyF9pNoS+hPFS/pF+T1/Tvd4TA8Lw0CnacFYx0Rd3hLOTUE09pcYxXP4eWrIk79PVFKzjeT</e:CipherValue> </e:CipherData> </e:EncryptedData> </s:Body> </s:Envelope>
WSDL(部分)
<wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_policy"> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:EncryptSignature/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:MustSupportRefThumbprint/> <sp:MustSupportRefEncryptedKey/> <sp:RequireSignatureConfirmation/> </wsp:Policy> </sp:Wss11> <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust13> <wsaw:UsingAddressing/> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_SomeOperation_Input_policy"> <wsp:ExactlyOne> <wsp:All> <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body/> </sp:EncryptedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsp:Policy wsu:Id="WS2007HttpBinding_ISomeContract_SomeOperation_output_policy"> <wsp:ExactlyOne> <wsp:All> <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body/> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> <sp:Body/> </sp:EncryptedParts> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>