wcf - Timestamp must be signed error in response -

-

for starters, know you'd think duplicate if read them you'll notice people deleting timestamp fix , others tell otherwise.

i'm trying connect java soap webservice certificates using .net 3.5 when receive response throws error : "the security header element 'timestamp' 'timestamp-984' id must signed."

var b = new custombinding(); b.name = "avbinding"; b.closetimeout = new timespan(0, 1, 0); b.opentimeout = new timespan(0, 1, 0); b.receivetimeout = new timespan(0, 10, 0); b.sendtimeout = new timespan(0, 1, 0);  asymmetricsecuritybindingelement security = new asymmetricsecuritybindingelement(); security.includetimestamp = true; security.messagesecurityversion = messagesecurityversion.wssecurity11wstrust13wssecureconversation13wssecuritypolicy12; security.recipienttokenparameters = new x509securitytokenparameters(x509keyidentifierclausetype.any, securitytokeninclusionmode.alwaystoinitiator); security.initiatortokenparameters = new x509securitytokenparameters(x509keyidentifierclausetype.any, securitytokeninclusionmode.alwaystorecipient); security.securityheaderlayout = securityheaderlayout.lax; security.defaultalgorithmsuite = system.servicemodel.security.securityalgorithmsuite.basic256sha256rsa15; security.allowserializedsigningtokenonreply = true; security.allowinsecuretransport = true; security.enableunsecuredresponse = true; security.requiresignatureconfirmation = true;  security.securityheaderlayout = securityheaderlayout.lax;  extensionelement extensionelement = new extensionelement();  b.elements.add(security); b.elements.add(new textmessageencodingbindingelement(messageversion.soap11, encoding.utf8)); httpstransportbindingelement httpsbinding = new httpstransportbindingelement(); b.elements.add(httpsbinding);  string certmappath = server.mappath("~/app_data"); x509certificate2 cert = new x509certificate2(certmappath + "\\_certname_", "x"); x509certificate2 sercert = new x509certificate2(certmappath + "\\_certname2_.cer"); asymmetricalgorithm key = new system.security.cryptography.rsacryptoserviceprovider(); key.fromxmlstring("_key_"); cert.privatekey = key;  client.endpoint.contract.protectionlevel = system.net.security.protectionlevel.sign;

question is, have do?

my request : 

<s:envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:header> <activityid correlationid="7d9e44cb-cecd-4c49-9a71-79a2ad04a2ec" xmlns="http://schemas.microsoft.com/2004/09/servicemodel/diagnostics">63bde0b8-8953-41b8-b5c2-a69c712346b6</activityid> <vsdebuggercausalitydata xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uidpo3dbgzwnrwhdouje+vgku4maaaaazmphur/flusuy0rxovaj8nk4gsfjc6xog46yq3o0zmqacqaa</vsdebuggercausalitydata> <o:security s:mustunderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:binarysecuritytoken> <!-- removed--> </o:binarysecuritytoken> <signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <signedinfo> <canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></canonicalizationmethod> <signaturemethod algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></signaturemethod> <reference uri="#_2"> <transforms> <transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></transform> </transforms> <digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></digestmethod> <digestvalue>z4ohois/bvcwirolbfcxjfjuxv0eba/so8wqwuptrqo=</digestvalue> </reference> <reference uri="#uuid-f52585e9-3358-46f6-8e9f-9a16b5c0f29b-1"> <transforms> <transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></transform> </transforms> <digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></digestmethod> <digestvalue>pnp4gakunbomfe2lgldsfzpbl+7fhqxacvg/mr7as6c=</digestvalue> </reference> </signedinfo> <signaturevalue>nse/pevoxxhexoqynt1qx7uzpohsms35fmjxlf4lbuodd9tz8/tcwzmaaddargwc6vjmdw1jvx5tnchyvaqignsprgtwb+tsbmvuz6umwoghzwrh8rxjyw34ehdewwbzg0u1ves6yny88vjw0ofywiifcngkeuy140x7h/ev+3i=</signaturevalue> <keyinfo> <o:securitytokenreference> <o:reference uri="#uuid-da5ccb9b-2c40-4ede-9079-c94abf912843-2"></o:reference> </o:securitytokenreference> </keyinfo> </signature> <u:timestamp u:id="uuid-f52585e9-3358-46f6-8e9f-9a16b5c0f29b-1"> <u:created>2013-03-04t09:27:15.087z</u:created> <u:expires>2013-03-04t09:32:15.087z</u:expires> </u:timestamp> </o:security> </s:header> <s:body u:id="_2" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:xsd="http://www.w3.org/2001/xmlschema"> <getavailabilityrequest xmlns="_url_"> <userid xmlns="">_userid_</userid> <password xmlns="">_pass_</password> <requestid xmlns="">_request_</requestid> <systemidentifier xmlns="">?</systemidentifier> </getavailabilityrequest> </s:body> </s:envelope>

response : 

<soap-env:envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"> <soap-env:header> <wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap-env:mustunderstand="1"> <wsu:timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:id="timestamp-932"> <wsu:created>2013-03-04t09:27:24.013z</wsu:created> <wsu:expires>2013-03-04t09:32:24.013z</wsu:expires> </wsu:timestamp> <wsse:binarysecuritytoken> <!-- removed--> </wsse:binarysecuritytoken> <ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="signature-930"> <ds:signedinfo> <ds:canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:canonicalizationmethod> <ds:signaturemethod algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:signaturemethod> <ds:reference uri="#id-931"> <ds:transforms> <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:transform> </ds:transforms> <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:digestmethod> <ds:digestvalue>+/njn562auh5u5t4vxgrbdu28+jlmw2bdhg1glf/swg=</ds:digestvalue> </ds:reference> <ds:reference uri="#sigconf-929"> <ds:transforms> <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:transform> </ds:transforms> <ds:digestmethod algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:digestmethod> <ds:digestvalue>uzljmox3dam90+8p10b2/xe5ooonep81ndtlefcboc8=</ds:digestvalue> </ds:reference> </ds:signedinfo> <ds:signaturevalue>fixb+0tnwq2kflqywusmwckf8ovobp/blqikfladyv1u97+nzkzcmrsjjsd0a0sdhjz+lo/kohve kby12zzdp9xe+k9lhalwziq3a2gvbktfr3p5ncyfqm4cba/x/bvpeqdyzqysoxnxmog46dfn5klo do0pjkmixkvlbhrcpztm26aovd5wqld694eeixt4jey15zvgzkz88enfhqniya1wu2huotcnsjrv hqkhmjkpdzn9+zsohsulvr5xtgfqd7gwl6llfemqthd2a10kman43qd62smucb64o+l/m+l89+oo abe0s2gxp3vvsa3zogduktwlynlc7qz/iww0qg== </ds:signaturevalue> <ds:keyinfo id="keyid-83f04dbb53b92e8e1f1362389243499698"> <wsse:securitytokenreference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:id="strid-83f04dbb53b92e8e1f1362389243499699" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:reference uri="#certid-83f04dbb53b92e8e1f1362389243499697" valuetype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#x509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"></wsse:reference> </wsse:securitytokenreference> </ds:keyinfo> </ds:signature> <wsse11:signatureconfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" value="nse/pevoxxhexoqynt1qx7uzpohsms35fmjxlf4lbuodd9tz8/tcwzmaaddargwc6vjmdw1jvx5tnchyvaqignsprgtwb+tsbmvuz6umwoghzwrh8rxjyw34ehdewwbzg0u1ves6yny88vjw0ofywiifcngkeuy140x7h/ev+3i=" wsu:id="sigconf-929"></wsse11:signatureconfirmation> </wsse:security> </soap-env:header> <soap-env:body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:id="id-931"> <ns3:getavailabilityresponse xmlns:ns3="_url_" xmlns=""> <requestid>_requestid_</requestid> <status>available</status> <version>1.32.0</version> </ns3:getavailabilityresponse> </soap-env:body> </soap-env:envelope>

please publish full request , response messages here (you can them wcf log or fiddler). in general, if wcf sends signed timestamp, , response contains timestamp, response ts must signed. there various workarouns depending on exact messages, including not sending timestamp first place, or sending via pushing message in handler, or removing timestamp response.


Comments

Post a Comment

Popular posts from this blog

ruby - Trying to change last to "x"s to 23 -

-
i have been playing around irb , have string looks this: irb(main):072:0> puts ["[\"4354 5432 5432 xxxxx\", \"6547 6547 8543 xxxxx\", \"2344 6543 6674 xxxxx\", \"2346 6236 7543 xxxxx\", \"1273 5585 5587 xxxxx\"]"] => nil irb(main):073:0> what want gsub last 2 "x" s of each 17 digit combination, 23 . what i've tried far (i've been using rubular): a.gsub(/\d[x]/,"23") <= grabs "x" s i'm close a.gsub(/\w[x{2}]/,"23") <= grabs "x" s grabs two digits each combination. is there easier way i'm not understanding? a.gsub(/\d{4} \d{4} \d{4} xxx\kxx/, '23') \d{4} = 4 digits what \k drop matched far. can use don't replace entire number, still able validate have in desired format.
Read more

jquery - Clone last and append item to closest class -

-
this bare-bones code on page: <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <div class="list-container"> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> <div class="single-list-item"> <button>remove</button> </div> </div> <p><button class="add-list-item">add</button></p> <di
Read more

c - Unrecognised emulation mode: elf_i386 on MinGW32 -

-
i'm trying make kernel, , cannot link c output assembly. ld . i'm getting error: unrecognized emulation mode: elf_i386 i'm using windows 10 professional mingw32 , msys. code using: link.ld /* * link.ld */ output_format(elf32-i386) entry(start) sections { . = 0x100000; .text : { *(.text) } .data : { *(.data) } .bss : { *(.bss) } } kernel.c /* * kernel.c */ void kmain(void) { const char *str = "my first kernel"; char *vidptr = (char*)0xb8000; //video mem begins here. unsigned int = 0; unsigned int j = 0; /* loops clears screen * there 25 lines each of 80 columns; each element takes 2 bytes */ while(j < 80 * 25 * 2) { /* blank character */ vidptr[j] = ' '; /* attribute-byte - light grey on black screen */ vidptr[j+1] = 0x07; j = j + 2; } j = 0; /* loop writes string video memory */ while(str[j] != '\0') { /
Read more