WCF服务客户端配置生成错误

Question

我想对使用ADFS 2.0的用户进行身份验证以使用自行编写的WCF服务。 该服务已准备就绪且功能齐全。 此外，ADFS 2.0的设置正确。

当我在代码中设置客户端绑定并在其中进行操作时，一切都会按预期进行。 但是，当我喜欢使用“更新服务参考”生成的配置时，绑定是错误的，不能按预期方式工作。

我在哪里想念什么？ 任何提示欢迎。

给出错误

未处理的异常：System.ServiceModel.FaultException：由于接收到以下消息，因此无法在接收方处理带有操作'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue'的消息EndpointDispatcher上的ContractFilter不匹配。 这可能是由于合同不匹配（发送方和接收方之间的操作不匹配）或发送方和接收方之间的绑定/安全不匹配造成的。 检查发送方和接收方是否具有相同的合同和相同的绑定（包括安全要求，例如，消息，传输，无）。

服务器配置：

<bindings>
  <ws2007FederationHttpBinding>
    <binding>
      <security mode="TransportWithMessageCredential">
        <message establishSecurityContext="false">
          <issuerMetadata address="https://sts.local.domain/adfs/services/trust/mex" />
          <issuer address="https://sts.local.domain/adfs/services/trust/2005/windowstransport" binding="ws2007HttpBinding" />
          <claimTypeRequirements>
            <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
            <add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />
          </claimTypeRequirements>
        </message>
      </security>
    </binding>
  </ws2007FederationHttpBinding>
  <ws2007HttpBinding>
    <binding>
      <security mode="Transport">
        <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
        <message clientCredentialType="None" establishSecurityContext="false" negotiateServiceCredential="true" />
      </security>
    </binding>
  </ws2007HttpBinding>
</bindings>

客户端配置（不起作用）：

<bindings>
  <ws2007FederationHttpBinding>
    <binding name="WS2007FederationHttpBinding_IMyService" closeTimeout="00:01:00"
      openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
      bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
      maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
      textEncoding="utf-8" useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00"
        enabled="false" />
      <security mode="TransportWithMessageCredential">
        <message algorithmSuite="Default" establishSecurityContext="false"
          issuedKeyType="SymmetricKey" negotiateServiceCredential="true">
          <issuer address="https://sts.local.domain/adfs/services/trust/2005/windowstransport" binding="ws2007HttpBinding" />
          <issuerMetadata address="https://sts.local.domain/adfs/services/trust/mex" />
          <tokenRequestParameters>
            <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
              <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
                <Address>https://service.machine.local/STSWcfService/MyService.svc</Address>
              </EndpointReference>
            </AppliesTo>
            <trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
              <trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
              <trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
              <trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"
                xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
                <wsid:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
                  Optional="true" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" />
                <wsid:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
                  Optional="true" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" />
              </trust:Claims>
              <trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
              <trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
              <trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
              <trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
              <trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
            </trust:SecondaryParameters>
          </tokenRequestParameters>
        </message>
      </security>
    </binding>
  </ws2007FederationHttpBinding>
  <ws2007HttpBinding>
    <binding>
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
        <message clientCredentialType="Windows" establishSecurityContext="false" />
      </security>
    </binding>
  </ws2007HttpBinding>
</bindings>
<client>
  <endpoint address="https://service.machine.local/STSWcfService/MyService.svc"
    binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IMyService"
    contract="ServiceReference.IMyService" name="WS2007FederationHttpBinding_IMyService" />
</client>

客户端代码绑定（有效）：

private static SecurityToken GetToken()
{
    var factory = new WSTrustChannelFactory(new WindowsWSTrustBinding(SecurityMode.Transport), adfsEndPoint)
    {
        TrustVersion = TrustVersion.WSTrustFeb2005
    };

    var requestSecurityToken = new RequestSecurityToken
    {
        RequestType = WSTrustFeb2005Constants.RequestTypes.Issue,
        AppliesTo = new EndpointAddress(serviceEndPoint),
        KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric
    };

    var channel = factory.CreateChannel();
    return channel.Issue(requestSecurityToken);
}

private static void CallService(SecurityToken token)
{
    // create binding and turn off sessions
    var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
    binding.Security.Message.EstablishSecurityContext = false;

    // create factory and enable WIF plumbing
    var factory = new ChannelFactory<IMyService>(binding, new EndpointAddress(serviceEndPoint));
    factory.ConfigureChannelFactory();

    // turn off CardSpace - we already have the token
    factory.Credentials.SupportInteractive = false;

    var channel = factory.CreateChannelWithIssuedToken(token);
    foreach (var claim in channel.GetClaims())
    {
        Console.WriteLine("{0}\n {1}\n  {2} ({3})\n", claim.ClaimType, claim.Value, claim.Issuer, claim.OriginalIssuer);
    }
}

Answer 1

我认为您的安全模式和客户端凭据可能不匹配。

将其放在您的app.config（客户端和服务器）中，并确保进程对目录具有写访问权。

 <system.diagnostics>
    <sources>
      <source name="Microsoft.IdentityModel" switchValue="Verbose">
        <listeners>
          <add name="xml" type="System.Diagnostics.XmlWriterTraceListener"
               initializeData="c:\temp\WIF.svclog" />
        </listeners>
      </source>
      <source name="System.ServiceModel.MessageLogging" switchValue="Verbose">
        <listeners>
          <add name="xml" type="System.Diagnostics.XmlWriterTraceListener"
               initializeData="c:\temp\WCF.svclog" />
        </listeners>
      </source>
    </sources>
    <trace autoflush="true" />
  </system.diagnostics>

当试图找出问题所在时，这对我很有帮助。 我还建议（仅用于测试）在您的错误中包括服务异常。

<behaviors>  
    <serviceBehaviors> 
      <behavior>
       <serviceDebug includeExceptionDetailInFaults="true" />  
      </behavior>  
    </serviceBehaviors> 
</behaviors>   

请执行此操作，并使用日志中的错误更新您的问题。

Answer 2

您可以创建另一个绑定部分，并为其指定一个不同于Visual Studio生成的名称的名称。 在下一次更新中，绑定将被合并。

Answer 3

由于某种原因，我无法添加注释-但是，当我更改了SVC文件内容时，我看到WCF“忽略”我的wshttpbinding并采取basichttpbinding代替-它最终依赖于该方案来确定绑定，因此，将忽略除basicHttpBinding以外的任何http地址。

看看那里，看看是否有帮助。