c# – 使用从STS分配的令牌来调用WCF服务

@H_502_0@

我一整天都在盯着这一点无济于事,我没有想法. IP-STS处理登录,然后将其传递给RP-STS,RP-STS用声明填充令牌,然后到网站上.这工作正常.我在IP-STS上有一些WCF功能,例如更改密码/重置密码,需要访问它们.阅读后,我应该能够将已经分配的令牌发送到WCF,以确保用户通过身份验证.从我可以看到它发送令牌但不正确,也不是我想要的方式,因为它似乎需要一个用户名.

理想情况下,我希望它获取分配给用户的令牌,而不必重新请求或重新创建任何内容,并且绝对不需要用户名/密码.@H_502_3@

我目前得到的错误是：
从另一方收到了不安全或不正确安全的故障.有关错误代码和详细信息,请参阅内部FaultException.@H_502_3@

详情：
邮件无法处理.这很可能是因为“http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue”操作不正确,或者因为邮件包含无效或过期的安全上下文令牌,或者因为存在不匹配绑定之间.如果服务由于不活动而中止了通道,则安全上下文令牌将无效.要防止服务中止空闲会话,请过早增加服务端点绑定的接收超时.@H_502_3@

这是我的网络配置中的相关位.@H_502_3@

客户端web.config@H_502_3@

<system.serviceModel>
<bindings>
  <customBinding>
    <binding name="UsernameBinding">          <security authenticationMode="UserNameForCertificate"                  requireSecurityContextCancellation ="false"                  requireSignatureConfirmation="false"                  messageProtectionOrder ="SignBeforeEncryptAndEncryptSignature"                  requirederivedKeys="true">
      </security>
      <httpTransport/>
    </binding>
  </customBinding>
  <wsFederationHttpBinding>
    <binding name="HTTPEndpoint" closeTimeout="00:10:00" openTimeout="00:10:00"
      receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false"
      transactionFlow="false" hostNameComparisonMode="StrongWildcard"
      maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
      textEncoding="utf-8" useDefaultWebProxy="true">
      <security mode="Message">
        <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"   negotiateServiceCredential="false">              <claimTypeRequirements>
 
            <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" />
          </claimTypeRequirements>
 
          <issuer address="http://localhost:13422/MembershipService" bindingConfiguration="UsernameBinding" binding="customBinding">
            <identity>
              <certificateReference findValue="STSTestCert" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
            </identity>
          </issuer>
        </message>
 
      </security>
    </binding>
  </wsFederationHttpBinding>
</bindings>
 
<behaviors>
  <!-- Credentials configuration -->
  <endpointBehaviors>
    <behavior name="ServiceBehavior">
      <clientCredentials>
 
        <clientCertificate findValue="STSTestCert" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
        <serviceCertificate>
          <defaultCertificate findValue="STSTestCert" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>
          <authentication certificateValidationMode="PeerOrChainTrust"  />
        </serviceCertificate>
 
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
 
<client>
  <endpoint address="http://localhost:13422/MembershipService"
    binding="wsFederationHttpBinding" bindingConfiguration="HTTPEndpoint"
    contract="MembershipService.IAccountMembershipService" name="HTTPEndpoint" behaviorConfiguration="ServiceBehavior">
    <identity>
      <dns value="localhost"/>
    </identity>
  </endpoint>
</client>

服务方面：@H_502_3@

<system.serviceModel>
 
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true">
  <serviceActivations>
    <add relativeAddress="IAccountMembershipService.svc" service="AccountMembershipService" factory="System.ServiceModel.Activation.WebServiceHostFactory" />
  </serviceActivations>
</serviceHostingEnvironment>
 
<bindings>
  <wsHttpBinding>
    <binding name="federationBinding" receiveTimeout="00:10:00" sendTimeout="00:10:00" closeTimeout="00:10:00" openTimeout="00:10:00">
 
      <security mode="Message">
        <message negotiateServiceCredential="true" />
      </security>
    </binding>
 
  </wsHttpBinding>
  <wsFederationHttpBinding>
    <binding name="federationBinding" closeTimeout="00:10:00" openTimeout="00:10:00"
      receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="false"
      transactionFlow="false" hostNameComparisonMode="StrongWildcard"
      maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
      textEncoding="utf-8" useDefaultWebProxy="true">
 
      <security mode="Message">
        <message issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" negotiateServiceCredential="false">
          <claimTypeRequirements>
 
            <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" />
          </claimTypeRequirements>
 
          <issuer address="http://localhost:13422/MembershipService" bindingConfiguration="UsernameBinding" binding="customBinding">
            <identity>
              <certificateReference findValue="STSTestCert" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="TrustedPeople" />
            </identity>
          </issuer>
        </message>
      </security>
    </binding>
  </wsFederationHttpBinding>
</bindings>
 
 
<behaviors>
  <serviceBehaviors>
    <behavior name="serviceBehavior">
      <serviceMetadata httpGetEnabled="true" />
 
      <serviceCredentials>
        <serviceCertificate findValue="CN=STSTestCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>
 
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>
 
<extensions>
  <behaviorExtensions>
    <!-- This behavior extension will enable the service host to be Claims aware -->
    <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement,Microsoft.IdentityModel,Version=0.6.1.0,Culture=neutral,PublicKeyToken=31bf3856ad364e35"/>
  </behaviorExtensions>
</extensions>
 
<services>
  <service behaviorConfiguration="serviceBehavior" name="STS.IP.Models.AccountMembershipService">
    <endpoint binding="wsFederationHttpBinding" bindingConfiguration="federationBinding" name="HTTPEndpoint" contract="STS.IP.Infrastructure.IAccountMembershipService" >
      <identity>
        <dns value="localhost"/>
      </identity>
    </endpoint>
    <!-- <endpoint binding="wsHttpBinding" bindingConfiguration="" name="HTTPEndpoint" contract="Aurora.WCFIsAlive.IIsAlive" />-->
 
  </service>
</services>

对不起,大量的粘贴,但希望有人能发现我的错误！
我只是以错误的方式接近它吗？@H_502_3@

解决方法

我不知道这是否有任何帮助,但它可能有点相关…你可以重复使用已发布的令牌,这是我之前做过的事情.我的场景是说ASP.NET站点或WCF服务是WIF安全的,但是ASP.NET站点或WCF服务需要调用另一个需要SAML令牌/ WIF的服务,依此类推如果你可以重用令牌将WIF设置为使用bootstraping.只要第二个Web服务信任相同的STS.

http://msdn.microsoft.com/en-us/library/ee517256.aspx#_bootstrap@H_502_3@

配置设置如下：@H_502_3@

<microsoft.IdentityModel><service><securityTokenHandlers>:

这个值：@H_502_3@

<securityTokenHandlerConfiguration saveBootstrapTokens="true" />

c# – 使用从STS分配的令牌来调用WCF服务

解决方法

猜你在找的C#相关文章