ID3242:無法對安全令牌進行身份驗證或授權
[英]ID3242: The security token could not be authenticated or authorized
問題描述
目前我正在開展一個項目,我的應用程序必須通過ADFS驗證才能登錄。
我找到了一些從ADFS獲取令牌的代碼,但是它一直給我上面的錯誤而沒有任何關於錯誤的好描述。
這是我使用的代碼:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.Net;
using System.IdentityModel.Protocols.WSTrust;
using System.IdentityModel.Tokens;
namespace ADFS_token_test_3
{
class Program
{
static void Main(string[] args)
{
go();
}
static public EndpointAddress ep;
static public WSTrustChannelFactory factory;
public static string go()
{
WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
ep = new EndpointAddress("https://companyname.nl/adfs/services/trust/13/usernamemixed");
factory = new WSTrustChannelFactory(binding, ep);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
factory.Credentials.UserName.UserName = "username";
factory.Credentials.UserName.Password = "password";
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference("https://companyname.nl/adfs/services/trust/13/usernamemixedr"),
KeyType = KeyTypes.Bearer,
};
IWSTrustChannelContract channel = factory.CreateChannel();
// Error line
GenericXmlSecurityToken genericToken = channel.Issue(rst)
as GenericXmlSecurityToken;
return genericToken.TokenXml.InnerXml.ToString();
}
}
}
帶有錯誤注釋的行發生錯誤。
有人有線索嗎?
1 個解決方案
解決方案1
0 2017-11-07 20:10:28
檢查是否可以訪問您的CRL分發點。
我在某些ADFS Single SignOn Web應用程序中遇到了這個問題。 ADFS使用PKI證書(例如,用於簽署令牌)。 這些證書通常具有必須可訪問的CRL(證書吊銷列表)。 如果無法檢查吊銷列表,則往往會出現上述錯誤消息。 對我來說,這是我的應用程序和CDP(CRL分發點)服務器之間的防火牆。
PS。 您可以在查看證書本身的詳細信息時驗證CDP。
如何獲取已認證用戶的訪問令牌以進行授權的資源api調用?
[英]How to get access token for authenticated user to make an authorized resource api call?
WCF - “無法滿足安全令牌請求,因為身份驗證失敗”
[英]WCF - “The request for security token could not be satisfied because authentication failed”
錯誤消息:由於身份驗證失敗,無法滿足對安全令牌的請求
[英]Error message: The request for security token could not be satisfied because authentication failed
WCF:無法滿足安全令牌請求,因為身份驗證失敗
[英]WCF: The request for security token could not be satisfied because authentication failed
如何允許經過身份驗證的用戶或授權用戶訪問 controller 方法?
[英]How to allow access to controller method for either authenticated user or authorized user?
由於關閉TLS 1.0時身份驗證失敗,因此無法滿足對安全令牌的請求
[英]The request for security token could not be satisfied because authentication failed when turning off TLS 1.0
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.