ID3242:无法对安全令牌进行身份验证或授权
[英]ID3242: The security token could not be authenticated or authorized
问题描述
At the moment i'm working on a project where my application has to validate with ADFS to login. 
目前我正在开展一个项目,我的应用程序必须通过ADFS验证才能登录。
I found some code to get the token from ADFS but it keeps giving me the error above without any good description about the error. 我找到了一些从ADFS获取令牌的代码,但是它一直给我上面的错误而没有任何关于错误的好描述。
This is the code I use: 这是我使用的代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.Net;
using System.IdentityModel.Protocols.WSTrust;
using System.IdentityModel.Tokens;
namespace ADFS_token_test_3
{
class Program
{
static void Main(string[] args)
{
go();
}
static public EndpointAddress ep;
static public WSTrustChannelFactory factory;
public static string go()
{
WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
ep = new EndpointAddress("https://companyname.nl/adfs/services/trust/13/usernamemixed");
factory = new WSTrustChannelFactory(binding, ep);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
factory.Credentials.UserName.UserName = "username";
factory.Credentials.UserName.Password = "password";
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference("https://companyname.nl/adfs/services/trust/13/usernamemixedr"),
KeyType = KeyTypes.Bearer,
};
IWSTrustChannelContract channel = factory.CreateChannel();
// Error line
GenericXmlSecurityToken genericToken = channel.Issue(rst)
as GenericXmlSecurityToken;
return genericToken.TokenXml.InnerXml.ToString();
}
}
}
Error occurs on the line with the error comment. 带有错误注释的行发生错误。
Anybody has a clue? 有人有线索吗?
1 个解决方案
解决方案1
0 2017-11-07 20:10:28
Check that your CRL Distribution Point can be reached. 检查是否可以访问您的CRL分发点。
I have encountered that problem in some of the ADFS Single SignOn web applications. 我在某些ADFS Single SignOn Web应用程序中遇到了这个问题。 ADFS uses PKI Certificates (eg for signing the tokens). ADFS使用PKI证书(例如,用于签署令牌)。 These certificates often have a CRL (Certificate Revocation List) that must be reachable. 这些证书通常具有必须可访问的CRL(证书吊销列表)。 If the revocation list cannot be checked, you tend to have the above error message. 如果无法检查吊销列表,则往往会出现上述错误消息。 For me it was a firewall standing in between my application and the CDP (CRL Distribution Point) server. 对我来说,这是我的应用程序和CDP(CRL分发点)服务器之间的防火墙。
PS. PS。 You can verify the CDP when looking at the details of the certificate itself. 您可以在查看证书本身的详细信息时验证CDP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.