问题
I would like to add a security header to my WCF SOAP message that looks like the following:
<s:Header>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">URLWithAction</Action>
<Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>Username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Password</wsse:Password>
</wsse:UsernameToken>
</Security>
</s:Header>
Yet, I am unable to figure out if this can be done with basicHttpBinding or another standard one, or if I have to make a custom one and how I can make a custom one... Is anyone able to help?
回答1:
It turned out that I had to play a bit more with the attributes for the security element in my custom binding. I added the tag includeTimestamp="false" and then the security header worked, even though the action element was not added to the header.
Final result of the custombinding was:
<customBinding>
<binding name="BasicHttpBinding_WebService">
<textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8" />
<security authenticationMode="UserNameOverTransport"
includeTimestamp="false"/>
<httpsTransport />
</binding>
<binding name="BasicHttpBinding_WebService1"/>
</customBinding>
回答2:
If you are wanting to add the message on either the server or the client side then please look at this answer How to add a custom HTTP header to every WCF call?
来源:https://stackoverflow.com/questions/32505194/custom-binding-c-sharp-wcf