更新时间:2022-10-31 13:59:44
经过一番调查,我想出了以下几点:
After a bit of investigation I came up with the following:
WCF 消息安全不能与经典 ASP 一起使用
WCF Message security can't be used with classic ASP
我在具有以下绑定的服务上创建了第二个端点:
I created a second endpoint on the service which had the following bindings:
<basicHttpBinding>
<binding name="SecureBasic" >
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>"
关于这个的几点说明 -
Few notes about this -
您需要使用 HTTPS(即安装自我证书)
You'll need to use HTTPS (i.e. install a self-certificate)
这不是在 Internet 上使用的首选安全方法 - 理想情况下,您应该使用消息安全.
It's not the preffered method of security to use over the internet - ideally you should use Message security.
我使用客户用户名和密码验证器来验证客户端请求
I used a customer username and password validator to authentciate the client request
以下 ASP 代码可以很好地调用此服务:
The following ASP code works well calling this service:
soapServer = "YourSOAPAddress"
soapMessage = "Put Your SOAP Message in here use Charlies / Fiddler to determine the message"
Set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP.3.0")
xmlhttp.setOption(2) = 13056
xmlhttp.open "POST", soapServer, False
xmlhttp.setRequestHeader "SOAPAction", "urn:Alpha.Services.API.DeviceService/IDeviceService/GetDevices"
xmlhttp.setRequestHeader "Content-Type", "text/xml; charset=utf-8"
xmlhttp.send(soapMessage)
Response.Write "<br>Finished calling Web Service."
Response.Write "<br>Status = " & xmlhttp.statusText
Response.Write "<br>ResponseText = " & xmlhttp.responseText
对于使用不支持 WS-Security 的语言(例如 ASP)的客户端系统,这是一种可能的解决方案.
For client systems that use a language that does not support WS-Security (such as ASP) this is one possible solution.