想从WCF message来了解WS-trust协议（提问）,问题难，希望大家帮忙。

shclhs 2011-11-17 12:10:42

最近在看一些WS协议的东西，于是就用wcf去反向的验证，其中在做UserNameForSslNegotiated时，遇到了一些问题，我国内外论坛都搜索了但是始终没有找到比较好的资料，于是只能麻烦大家了，
这是我服务的配置:

<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior1" name="Harold.Net.Wcf.Security.Others.UserNameForSslNegotiated.Service.CalculatorService">
<endpoint address="http://localhost:9090/CalculatorService" binding="customBinding" behaviorConfiguration="endpointBehavior1"
bindingConfiguration="customBinding1" contract="Harold.Net.Wcf.Common.Contracts.ICalculator">
endpoint>
service>
services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior1">
<serviceMetadata httpGetEnabled="true" httpGetUrl="http://localhost:8080/mex" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="TestWcfCert7" storeLocation="CurrentUser" x509FindType="FindBySubjectName" storeName="My" />
<issuedTokenAuthentication allowUntrustedRsaIssuers="true" />
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Harold.Net.Wcf.Security.Others.UserNameForSslNegotiated.Service.CustomUserNamePasswordValidator, Harold.Net.Wcf.Security.Others.UserNameForSslNegotiated.Service"/>
serviceCredentials>
behavior>
serviceBehaviors>
behaviors>
<bindings>
<customBinding>
<binding name="customBinding1">
<security authenticationMode="UserNameForSslNegotiated" includeTimestamp="true" requireDerivedKeys="false">
security>
<textMessageEncoding />
<httpTransport />
binding>
customBinding>
bindings>
system.serviceModel>

这个是我客户端的配置:

<bindings>
<customBinding>
<binding name="customBinding1" >
<security authenticationMode="UserNameForSslNegotiated" includeTimestamp="true" requireDerivedKeys="false">
security>
<textMessageEncoding />
<httpTransport />
binding>

customBinding>
bindings>
<client>
<endpoint address="http://localhost:9090/CalculatorService" binding="customBinding" bindingConfiguration="customBinding1" contract="Harold.Net.Wcf.Common.Contracts.ICalculator"
name="customBinding1_CalculatorService" behaviorConfiguration="endpointBehavior1" >
<identity>
<dns value="TestWcfCert7"/>
identity>
endpoint>

client>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior1">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="Harold.Net.Wcf.Extensions.X509Validator.CustomX509Validator, Harold.Net.Wcf.Extensions" />
serviceCertificate>
clientCredentials>
behavior>
endpointBehaviors>
behaviors>

使用tcptrace我得到了多条消息，第一条Request和Response如下：



Request1:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">

<s:Header>

<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuea:Action>

<a:MessageID>urn:uuid:743949b3-5c8e-4eb6-ab22-fcd6381d8ab7a:MessageID>

<a:ReplyTo>

<a:Address>http://www.w3.org/2005/08/addressing/anonymousa:Address>

a:ReplyTo>

<a:To s:mustUnderstand="1">http://localhost:9090/CalculatorServicea:To>

s:Header>

<s:Body>

<t:RequestSecurityToken Context="uuid-7f50e612-728d-4a55-83fb-a39a95b4d3b8-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">

<t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sctt:TokenType>

<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issuet:RequestType>

<t:KeySize>256t:KeySize>

<t:BinaryExchange ValueType=" http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBAFoBAABWAwFOuhObGHLNsHfpBrdMLlKZmxxqupR52U1YASOPbGu49gAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAABX/AQABAAAKAAYABAAXABgACwACAQA=t:BinaryExchange>

t:RequestSecurityToken>

s:Body>

s:Envelope>





Response1:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">

<s:Header>

<a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuea:Action>

<a:RelatesTo>urn:uuid:743949b3-5c8e-4eb6-ab22-fcd6381d8ab7a:RelatesTo>

s:Header>

<s:Body>

<t:RequestSecurityTokenResponse Context="uuid-7f50e612-728d-4a55-83fb-a39a95b4d3b8-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<t:BinaryExchange ValueType=" http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">FgMBApMCAABNAwFOuhOdNh940uFvuq57h/VNc1juMRZQveLvUCBc8aNieiCwRgAAthTPXJvZaMqeUEHBnVGuAnuEM+U8lf4zKOfvuwAvAAAF/wEAAQALAAI6AAI3AAI0MIICMDCCAZ2gAwIBAgIQUQYNLqGJ6axOQ2A8ONu5yDAJBgUrDgMCHQUAMBcxFTATBgNVBAMTDFRlc3RXY2ZDZXJ0NjAeFw0xMTExMDQwMjM2NTNaFw0zOTEyMzEyMzU5NTlaMBcxFTATBgNVBAMTDFRlc3RXY2ZDZXJ0NjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAk5QZ+jxwxDFqK6HUHPTrVVQHEDQYleco5M7a+gA/0SwfGh6+tKizh0vP+qt75vhXlQXjZejcVvs89XyG4oqrcICrvnLAwDO+/Bri7DUwCvuKQge0RY7vD47b4YuJmvVkCZQ7Fin+TTsOzSzy+ujqfKURgO6meVX+cPB2QlGxSRUCAwEAAaOBhDCBgTAgBgNVHQQBAf8EFjAUMA4wDAYKKwYBBAGCNwIBFQMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwSAYDVR0BBEEwP4AQoQXvn8Pu1tl5yw+m67WpU6EZMBcxFTATBgNVBAMTDFRlc3RXY2ZDZXJ0NoIQUQYNLqGJ6axOQ2A8ONu5yDAJBgUrDgMCHQUAA4GBAHVgDB7VNzsQ3xEBigU4go+TyR2DrGNqiZz7JPrmV70p2T40ul59AEaW/WbCLCUB5Q5XIlR+KXk9pJlyVHdMsW1RqAq3sa/M6QYxF2gp6seukGBQEDnAOqhEEYy5c2ZGTxMx+3fCIKyQYW8tBXQZVOyGGR7LO14pHnHgvh6PfGGnDgAAAA==t:BinaryExchange>

t:RequestSecurityTokenResponse>

s:Body>

s:Envelope>

我也知道这消息是用于向服务请求令牌，而且我也读了ws-trust (http://schemas.xmlsoap.org/ws/2005/02/trust/tls/wstrustfortls.pdf)这篇文章，但是我还是有下面的疑问：
1. 在请求1 中 BinaryExchange 的内容是什么？（我用base64解码之后也看不出什么）
2. BinaryExchange 的内容的明文是什么？怎样得到它的明文
3. BinaryExchange 的内容的作用是什么？服务器端是怎么利用它们的？
4. 还有响应中的BinaryExchange 的内容又是什么？

...全文