stackoom
  简体   繁体   中英

WCF service and Thinktecture Identity server

 原文  2013-05-21 13:03:39       wcf/ ssl/ sts-securitytokenservice/ thinktecture-ident-server

Question

im using the thinktecture identityserver Security Token Service im trying to set up a scenario where I have a client using a WCF service. I'm stuck at a point where I get next error: 

MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.

I've setup the STS on a win2008 server and all working correct its already working with an MVC site. But with a wcf service I cant get it to work. I'm using bearerkey as SecurityKeyType. I do get a token in the client app function RequestToken(). Here is my wcf service config: 

<system.serviceModel>
    <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
        <host>
          <baseAddresses>
            <add baseAddress="https://anno99-pc/"/>
          </baseAddresses>
        </host>
      </service>
    </services>  
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name="">
          <security mode="TransportWithMessageCredential">
            <message establishSecurityContext="false" issuedKeyType="BearerKey">
               <issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
            </message>
          </security>
        </binding>
      </ws2007FederationHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          <serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

  </system.serviceModel>

  <!-- Config STS -->
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
      </audienceUris>
      <!--Commented by Identity and Access VS Package-->
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://identityserver.v2.wkp.com/trust/wkp">
          <keys>
            <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
          </keys>
          <validIssuers>
            <add name="http://identityserver.v2.wkp.com/trust/wkp" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>

This is the client: It is just a console app. 

static void Main(string[] args)
{
   var token = RequestToken();
   CallService(token);
}

 static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
 static string _realm = "https://anno99-pc/ClaimWcfService/";

 private static void CallService(SecurityToken token)
 {
     var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";

     var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
     binding.Security.Message.EstablishSecurityContext = false;
     binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;

     var factory = new ChannelFactory<IService1>(binding,
            new EndpointAddress(serviceEndpoint));
     factory.Credentials.SupportInteractive = false;
     factory.Credentials.UseIdentityConfiguration = true;

     var channel = factory.CreateChannelWithIssuedToken(token);

        var data = channel.GetData(1);
 }

 private static SecurityToken RequestToken()
 {
     var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

     var credentials = new ClientCredentials();
     credentials.UserName.UserName = "username";
     credentials.UserName.Password = "password";

     return WSTrustClient.Issue(
            new EndpointAddress(_idsrvEndpoint),
            new EndpointAddress(_realm),
            binding,
            credentials);
 }

If anyone could help me, that would be great.

1 answers

solution1
 6 ACCPTED  2013-05-23 08:06:39

After some googling and trying, I got it to work. I had to change these parts of the configuration. 

  <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
      </service>
    </services>


     <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

  <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/" />
      </audienceUris>

      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
               name="idsrv" />
        </trustedIssuers>
      </issuerNameRegistry>

    </identityConfiguration>
  </system.identityModel>

I hope this helps someone

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WIF (using Thinktecture Identity Server) and Duplex WCF Channels Using WCF STS Bootstrap token in SharePoint 2010 (thinktecture identity server as sts and ActAs) SAML2 using Thinktecture and WCF WCF service Client and Server Asp.net identity authentication in wcf service wcf web service identity servicePrincipalName explanation required Identity Check Issues in IIS Hosted WCF Service WCF service and adding custom Identity claims Debugging a WCF service timeout on the server Access WCF service on same server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM