堆栈内存溢出
  简体   繁体   English

WCF服务和Thinktecture Identity服务器

[英]WCF service and Thinktecture Identity server

 原文  2013-05-21 13:03:39       wcf/ ssl/ sts-securitytokenservice/ thinktecture-ident-server

问题描述

im using the thinktecture identityserver Security Token Service im trying to set up a scenario where I have a client using a WCF service. 即时通讯使用thinktecture Identityserver安全令牌服务即时通讯试图建立一个我使用WCF服务的客户端的方案。 I'm stuck at a point where I get next error: 我陷入了下一个错误: 

MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.

I've setup the STS on a win2008 server and all working correct its already working with an MVC site. 我已经在win2008服务器上设置了STS,并且所有工作均正确无误,并且已经在MVC站点上运行。 But with a wcf service I cant get it to work. 但是,使用wcf服务我无法使其正常工作。 I'm using bearerkey as SecurityKeyType. 我正在使用bearerkey作为SecurityKeyType。 I do get a token in the client app function RequestToken(). 我确实在客户端应用程序功能RequestToken()中获得了令牌。 Here is my wcf service config: 这是我的wcf服务配置: 

<system.serviceModel>
    <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
        <host>
          <baseAddresses>
            <add baseAddress="https://anno99-pc/"/>
          </baseAddresses>
        </host>
      </service>
    </services>  
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name="">
          <security mode="TransportWithMessageCredential">
            <message establishSecurityContext="false" issuedKeyType="BearerKey">
               <issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
            </message>
          </security>
        </binding>
      </ws2007FederationHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          <serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

  </system.serviceModel>

  <!-- Config STS -->
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
      </audienceUris>
      <!--Commented by Identity and Access VS Package-->
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://identityserver.v2.wkp.com/trust/wkp">
          <keys>
            <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
          </keys>
          <validIssuers>
            <add name="http://identityserver.v2.wkp.com/trust/wkp" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>

This is the client: It is just a console app. 这是客户端:这只是一个控制台应用程序。 

static void Main(string[] args)
{
   var token = RequestToken();
   CallService(token);
}

 static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
 static string _realm = "https://anno99-pc/ClaimWcfService/";

 private static void CallService(SecurityToken token)
 {
     var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";

     var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
     binding.Security.Message.EstablishSecurityContext = false;
     binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;

     var factory = new ChannelFactory<IService1>(binding,
            new EndpointAddress(serviceEndpoint));
     factory.Credentials.SupportInteractive = false;
     factory.Credentials.UseIdentityConfiguration = true;

     var channel = factory.CreateChannelWithIssuedToken(token);

        var data = channel.GetData(1);
 }

 private static SecurityToken RequestToken()
 {
     var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

     var credentials = new ClientCredentials();
     credentials.UserName.UserName = "username";
     credentials.UserName.Password = "password";

     return WSTrustClient.Issue(
            new EndpointAddress(_idsrvEndpoint),
            new EndpointAddress(_realm),
            binding,
            credentials);
 }

If anyone could help me, that would be great. 如果有人可以帮助我,那就太好了。

1 个解决方案

解决方案1
 6 已采纳  2013-05-23 08:06:39

After some googling and trying, I got it to work. 经过谷歌搜索和尝试后,我开始使用它。 I had to change these parts of the configuration. 我必须更改配置的这些部分。 

  <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
      </service>
    </services>


     <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

  <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/" />
      </audienceUris>

      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
               name="idsrv" />
        </trustedIssuers>
      </issuerNameRegistry>

    </identityConfiguration>
  </system.identityModel>

I hope this helps someone 我希望这可以帮助别人

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WIF(使用Thinktecture Identity Server)和双工WCF通道 - WIF (using Thinktecture Identity Server) and Duplex WCF Channels 在SharePoint 2010中使用WCF STS引导令牌(思想身份服务器为sts和ActAs) - Using WCF STS Bootstrap token in SharePoint 2010 (thinktecture identity server as sts and ActAs) 使用Thinktecture和WCF的SAML2 - SAML2 using Thinktecture and WCF WCF服务客户端和服务器 - WCF service Client and Server WCF服务中的ASP.NET身份验证 - Asp.net identity authentication in wcf service wcf Web服务标识servicePrincipalName需要说明 - wcf web service identity servicePrincipalName explanation required IIS托管WCF服务中的身份检查问题 - Identity Check Issues in IIS Hosted WCF Service WCF服务并添加自定义身份声明 - WCF service and adding custom Identity claims 调试服务器上的WCF服务超时 - Debugging a WCF service timeout on the server 在同一服务器上访问WCF服务 - Access WCF service on same server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM