学步园

    WSE 3.0 UsernameToken应用中的例子，一个调用HelloWorld() Web Service示例，应用了WSE 3.0 UsernameToken方式，下面对照不同的配置下SOAP消息的差异。

    1. 未使用WSE时的SOAP消息。

<soap:Envelope ... >
  <soap:Body>
    <HelloWorld xmlns="http://tempuri.org/" />
  </soap:Body>
</soap:Envelope>

    2. 启用WSE，使用UsernameToken，但不启用WS-Security 1.1 Extensions（UsernameOverTransportAssertion）。
    SOAP消息如下：

<soap:Envelope ... >
  <soap:Header>
    <wsa:Action>http://tempuri.org/HelloWorld</wsa:Action>
    <wsa:MessageID>urn:uuid:b637fb86-8712-4845-a71c-8f91320168ac</wsa:MessageID>
    <wsa:ReplyTo>
      <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
    </wsa:ReplyTo>
    <wsa:To>http://.../WSEServer/MyService.asmx</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp wsu:Id="Timestamp-72b13f43-5c2e-46ea-81cb-dbc0f99b3605">
        <wsu:Created>2007-03-15T04:47:47Z</wsu:Created>
        <wsu:Expires>2007-03-15T04:52:47Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken xmlns:wsu="......" wsu:Id="SecurityToken-a2526d47-d01b-476c-a15b-b7f84e55181d">
        <wsse:Username>Administrator</wsse:Username>
        <wsse:Password Type="......">5W0xOMVVDnlCRwclYMszo9ZEwOs=</wsse:Password>
        <wsse:Nonce>ttsA3uaB4KqBa2Vrcd7X8A==</wsse:Nonce>
        <wsu:Created>2007-03-15T04:47:47Z</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  </soap:Header>
  <soap:Body>
    <HelloWorld xmlns="http://tempuri.org/" />
  </soap:Body>
</soap:Envelope>

    wsa:的节点是WS-Addressing内容，wsse:Security节点里面就是WSE安全性扩展的内容了，包括了UsernameToken认证信息，密码经过了加密处理。WS-Addressing可参考：WS-Addressing 从理论到实践。

    3. 在WS-Security 1.1扩展中选择Sign-Only选项（UsernameForCertificateAssertion）。

完整的SOAP消息内容
<soap:Envelope ... >
  <soap:Header>
    <wsa:Action wsu:Id="Id-7b15dc35-0eb2-4df7-890c-79b3e3b70917">http://tempuri.org/HelloWorld</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3867fb2e-3f70-4ab8-9c71-1051104fc7e5">urn:uuid:...</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b7e40812-850d-4de6-b2a1-511a8661c526">
      <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
    </wsa:ReplyTo>
    <wsa:To wsu:Id="Id-6528e50b-b801-487d-bce8-8d016064490e">http://.../WSEServer/MyService.asmx</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp wsu:Id="Timestamp-a74f13f4-f22a-4891-9f6c-305453df2170">
        <wsu:Created>2007-03-15T04:58:24Z</wsu:Created>
        <wsu:Expires>2007-03-15T05:03:24Z</wsu:Expires>
      </wsu:Timestamp>
      <xenc:EncryptedKey Id="SecurityToken-6154d45b-e47f-4ee2-bc30-c70c655ecca0" 
               xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
          <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
               Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        </xenc:EncryptionMethod>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference>
            <wsse:KeyIdentifier 
                  ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" 
                  EncodingType="...">...
            </wsse:KeyIdentifier>
          </wsse:SecurityTokenReference>
        </KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>...</xenc:CipherValue>
        </xenc:CipherData>
      </xenc:EncryptedKey>
      <wssc:DerivedKeyToken wsu:Id="SecurityToken-1bcf5e7d-34ad-429d-93f5-d2818446418e" 
                            Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1" 
                            xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc">
        <wsse:SecurityTokenReference>
          <wsse:Reference URI="#SecurityToken-6154d45b-e47f-4ee2-bc30-c70c655ecca0" 
                          ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
        </wsse:SecurityTokenReference>
        <wssc:Generation>0</wssc:Generation>
        <wssc:Length>32</wssc:Length>
        <wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
        <wssc:Nonce>SetU9IzX1rRSG0jTjtBZMw==</wssc:Nonce>
      </wssc:DerivedKeyToken>
      <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:DataReference URI="#Enc-b1232155-f376-4ff7-9521-6f66e8a2acc7" />
      </xenc:ReferenceList>
      <xenc:EncryptedData Id="Enc-b1232155-f376-4ff7-9521-6f66e8a2acc7" 
                          Type="http://www.w3.org/2001/04/xmlenc#Element" 
                          xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="#SecurityToken-1bcf5e7d-34ad-429d-93f5-d2818446418e" 
                            ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>...</xenc:CipherValue>
        </xenc:CipherData>
      </xenc:EncryptedData>
      <wssc:DerivedKeyToken wsu:Id="SecurityToken-7b9ff86e-8d7d-430a-ac0b-1a330d036d1c" 
                            Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1" 
                            xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc">
        <wsse:SecurityTokenReference>
          <wsse:Reference URI="#SecurityToken-6154d45b-e47f-4ee2-bc30-c70c655ecca0" 
                          ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
        </wsse:SecurityTokenReference>
        <wssc:Generation>0</wssc:Generation>
        <wssc:Length>24</wssc:Length>
        <wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
        <wssc:Nonce>KZjjeWIrAttvSGy/SDIQJg==</wssc:Nonce>
      </wssc:DerivedKeyToken>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" 
                                     xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
          <Reference URI="#SecurityToken-b25e7443-682b-479b-be6f-dd61c9f38e82">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>bWKr1tPyn/7WJ+q+H3UhXd6mBto=</DigestValue>
          </Reference>
          <Reference URI="#Id-7b15dc35-0eb2-4df7-890c-79b3e3b70917">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>CEQ4tL8RquLj5R4Y//FSsIbuoAE=</DigestValue>
          </Reference>
          <Reference URI="#Id-3867fb2e-3f70-4ab8-9c71-1051104fc7e5">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>SF1nwADKEG5cbINm1nu4qhdEhSE=</DigestValue>
          </Reference>
          <Reference URI="#Id-b7e40812-850d-4de6-b2a1-511a8661c526">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>yYlqO1//IYIY9dwd6JANZXIYnrs=</DigestValue>
          </Reference>
          <Reference URI="#Id-6528e50b-b801-487d-bce8-8d016064490e">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>f06oaaWs6hLZywcRGT3BAr5JL9I=</DigestValue>
          </Reference>
          <Reference URI="#Timestamp-a74f13f4-f22a-4891-9f6c-305453df2170">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>hzcjskaes7FOyFV661Puf9lvP6g=</DigestValue>
          </Reference>
          <Reference URI="#Id-657b476d-f5a5-4d60-9476-9ae7087caad6">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <DigestValue>3JxHUeuPitbwpWvCjCC9OfVMK50=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>xL7BlslQN8GrE3E9IPaSzoMcu5Y=</SignatureValue>
        <KeyInfo>
          <wsse:SecurityTokenReference>
            <wsse:Reference URI="#SecurityToken-7b9ff86e-8d7d-430a-ac0b-1a330d036d1c" 
                            ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
          </wsse:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </wsse:Security>
  </soap:Header>
  <soap:Body wsu:Id="Id-657b476d-f5a5-4d60-9476-9ae7087caad6">
    <HelloWorld xmlns="http://tempuri.org/" />
  </soap:Body>
</soap:Envelope>

    主要元素结构如下：

<soap:Envelope ... >
  <soap:Header>
    <wsa:Action wsu:Id="Id-7b15dc35-0eb2-4df7-890c-79b3e3b70917">http://tempuri.org/HelloWorld</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3867fb2e-3f70-4ab8-9c71-1051104fc7e5">urn:uuid:...</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b7e40812-850d-4de6-b2a1-511a8661c526">...</wsa:ReplyTo>
    <wsa:To wsu:Id="Id-6528e50b-b801-487d-bce8-8d016064490e">http://.../WSEServer/MyService.asmx</wsa:To>
    <wsse:Security soap:mustUnderstand="1">
      <wsu:Timestamp wsu:Id="Timestamp-a74f13f4-f22a-4891-9f6c-305453df2170">...</wsu:Timestamp>
      <xenc:EncryptedKey Id="SecurityToken-6154d45b-e47f-4ee2-bc30-c70c655ecca0" xmlns:xenc="...">