Getting WCF to accept unsigned 'To' Header

别说谁变了你拦得住时间么 提交于 2019-12-02 16:43:23

问题


I have a WCF web service that is using WSHttpBinding. The security is TransportWithMessageCredential. I have a client connecting to me that is sending a Soap message with the To element in the header unsigned. My service doesn't like this and is throwing System.ServiceModel.Security.MessageSecurityException with the message "The message received over Transport security has unsigned 'To' header". I haven't been able to find the signing of the element specified specifically in the WS-Security spec but I have seen it recommended to prevent redirect attacks.

So does anyone know if there is anyway for me to configure my web service not to check for the To element to be signed? Also the other side of the issue but I cannot change how this client is connecting to me.


回答1:


We've had the same issue, and contacted Microsoft support about it. They released a hotfix for this. See the KB article at

https://support.microsoft.com/en-us/kb/2974335



来源:https://stackoverflow.com/questions/6088754/getting-wcf-to-accept-unsigned-to-header

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!