在Azure上访问自定义STS(WCF服务)时出错
[英]Error while accessing Custom STS(WCF Service) on Azure
问题描述
I've a custom STS having active federation endpoint that works well on local box. 
我有一个具有活动联合端点的自定义STS,该端点在本地盒上运行良好。 Local Url is "https://localhost/CustomIDP/Service.svc" 本地网址为“ https://localhost/CustomIDP/Service.svc”
After hosting on Azure on the final step of acquiring SAML token I am getting the following error while acquiring token from STS: 在获取SAML令牌的最后一步托管在Azure上之后,从STS获取令牌时遇到以下错误:
[System.ServiceModel.CommunicationException] {"An error occurred while receiving the HTTP response to "https:// mysts .cloudapp.net/Service.svc". This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details."} [System.ServiceModel.CommunicationException] {HTTPS“,而接收到该HTTP响应时出现错误‘:// mysts .cloudapp.net / Service.svc’这可能是由于不使用HTTP协议的服务端点绑定这也可能是由于服务器终止了HTTP请求上下文(可能是由于服务关闭了)。有关更多详细信息,请参阅服务器日志。“}
InnerException: [System.Net.WebException]: {"The underlying connection was closed: An unexpected error occurred on a receive."} InnerException:[System.Net.WebException]:{“基础连接已关闭:接收时发生意外错误。”}
InnerException: [System.IO.IOException]:{"Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host."} InnerException:[System.IO.IOException]:{“无法从传输连接读取数据:远程主机强行关闭了现有连接。”}
InnerException: [System.Net.Sockets.SocketException]: {"An existing connection was forcibly closed by the remote host"}: at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) InnerException:[System.Net.Sockets.SocketException]:{“现有的连接被远程主机强行关闭”“}:在System.Net.Sockets.Socket.Receive(Byte []缓冲区,Int32偏移量,Int32大小,SocketFlags System.Net.Sockets.NetworkStream.Read处的socketFlags)(Byte [] buffer,Int32 offset,Int32 size)
Appreciate any inputs. 感谢任何输入。 Please find below the code snippet used for calling the STS for acquiring SAML token. 请在下面找到用于调用STS以获得SAML令牌的代码段。 The error occurs at channel.Issue statement. 该错误发生在channel.Issue语句中。
using (var factory = new WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(new Uri(stsEndpoint))))
{
factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = password;
factory.TrustVersion = TrustVersion.WSTrust13;
WSTrustChannel channel = null;
try
{
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(realm),
KeyType = KeyTypes.Bearer,
};
channel = (WSTrustChannel)factory.CreateChannel();
return channel.Issue(rst);
}
finally
{
if (channel != null)
{
channel.Abort();
}
factory.Abort();
}
}
Service Configuration for STS service hosted on Azure: Azure上托管的STS服务的服务配置:
<system.serviceModel>
<services>
<service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" bindingConfiguration="ws2007HttpBindingConfiguration"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="ws2007HttpBindingConfiguration">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate x509FindType="FindByThumbprint" findValue="[thumbprint]" storeLocation="LocalMachine" storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<microsoft.identityModel>
<service>
<!-- User name and password are not authenticated by windows authentication but a custom verification is done -->
<securityTokenHandlers>
<remove type="Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add type="ActiveIdPSite.CustomUserNameSecurityTokenHandler, ActiveIdPSite" />
</securityTokenHandlers>
<serviceCertificate>
<certificateReference x509FindType="FindByThumbprint" findValue="[thumbprint]" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
<certificateValidation certificateValidationMode="None" />
</service>
</microsoft.identityModel>
1 个解决方案
解决方案1
0 已采纳 2012-12-14 05:12:15
The issue is solved. 问题已解决。 Root cause was related to certificates. 根本原因与证书有关。
1.Enable WCF Diagnostics while deploying. 1.在部署时启用WCF诊断。 2.Get the svclog file and open with Microsoft Service Trace viewer. 2.获取svclog文件并使用Microsoft Service Trace查看器打开。
Here's the extract from svclog. 这是svclog的摘录。
Replying to an operation threw a exception: System.NotSupportedException - The private key is not present in the X.509 certificate 答复操作引发异常:System.NotSupportedException-X.509证书中不存在私钥
Since the certificate didn't have private key in exportable format, it failed to read the private key. 由于证书没有可导出格式的私钥,因此无法读取私钥。
Used the fix mentioned here: http://social.msdn.microsoft.com/Forums/en/Geneva/thread/2b2681af-838e-4f22-84fa-b5494b9dcc02 使用这里提到的修复程序: http : //social.msdn.microsoft.com/Forums/en/Geneva/thread/2b2681af-838e-4f22-84fa-b5494b9dcc02
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.