[英]WCF service and Thinktecture Identity server
即時通訊使用thinktecture Identityserver安全令牌服務即時通訊試圖建立一個我使用WCF服務的客戶端的方案。 我陷入了下一個錯誤:
MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.
我已經在win2008服務器上設置了STS,並且所有工作均正確無誤,並且已經在MVC站點上運行。 但是,使用wcf服務我無法使其正常工作。 我正在使用bearerkey作為SecurityKeyType。 我確實在客戶端應用程序功能RequestToken()中獲得了令牌。 這是我的wcf服務配置:
<system.serviceModel>
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
<host>
<baseAddresses>
<add baseAddress="https://anno99-pc/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
<issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
<serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<!-- Config STS -->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://identityserver.v2.wkp.com/trust/wkp">
<keys>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
</keys>
<validIssuers>
<add name="http://identityserver.v2.wkp.com/trust/wkp" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
這是客戶端:這只是一個控制台應用程序。
static void Main(string[] args)
{
var token = RequestToken();
CallService(token);
}
static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
static string _realm = "https://anno99-pc/ClaimWcfService/";
private static void CallService(SecurityToken token)
{
var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IService1>(binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var channel = factory.CreateChannelWithIssuedToken(token);
var data = channel.GetData(1);
}
private static SecurityToken RequestToken()
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = "username";
credentials.UserName.Password = "password";
return WSTrustClient.Issue(
new EndpointAddress(_idsrvEndpoint),
new EndpointAddress(_realm),
binding,
credentials);
}
如果有人可以幫助我,那就太好了。
經過谷歌搜索和嘗試后,我開始使用它。 我必須更改配置的這些部分。
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/" />
</audienceUris>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
name="idsrv" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
我希望這可以幫助別人
WIF(使用Thinktecture Identity Server)和雙工WCF通道
[英]WIF (using Thinktecture Identity Server) and Duplex WCF Channels
在SharePoint 2010中使用WCF STS引導令牌(思想身份服務器為sts和ActAs)
[英]Using WCF STS Bootstrap token in SharePoint 2010 (thinktecture identity server as sts and ActAs)
wcf Web服務標識servicePrincipalName需要說明
[英]wcf web service identity servicePrincipalName explanation required
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.