我试图混淆一名妇联客户,以消耗一个网络服务,回复以下回复信息:
<>Response information
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://myservice.wsdl">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" />
</env:Header>
<env:Body>
<ns0:StatusResponse>
<result>
...
</result>
</ns0:StatusResponse>
</env:Body>
</env:Envelope>
为此,我构筑了具有约束力的习惯(不工作)。 我不断收到“安全头盔是空洞的”信息。
<>9>
<customBinding>
<binding name="myCustomBindingForVestaServices">
<security authenticationMode="UserNameOverTransport"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11"
securityHeaderLayout="Strict"
includeTimestamp="false"
requireDerivedKeys="true">
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport authenticationScheme="Negotiate" requireClientCertificate ="false" realm =""/>
</binding>
</customBinding>
我的请求似乎使用了与回应相同的SOAP和WS安全版本,但使用不同的名称空间序号(“o”而不是“wsse”)。 我为什么要把“安全首脑是空洞的”信息拿到来?
<>Request information
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-d3b70d1f-0ebb-4a79-85e6-34f0d6aa3d0f-1">
<o:Username>user</o:Username>
<o:Password>pass</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<getPrdStatus xmlns="http://myservice.wsdl">
<request xmlns="" xmlns:a="http://myservice.wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
...
</request>
</getPrdStatus>
</s:Body>
</s:Envelope>
我需要怎样召集我的妇联客户,使其有能力利用这一网络服务?
任何帮助都受到高度赞赏。
Sander