C#/WS-Trust/安全令牌服务:未应用/覆盖 RequestSecurityToken 参数

时间:2021-04-24 21:20:02

标签: c# ws-trust

我正在从安全令牌服务请求令牌,但由于某种原因请求 (RequestSecurityToken) 参数未应用/覆盖。

绑定和通道以编程方式配置:

WS2007HttpBinding stsBinding = new WS2007HttpBinding();
//...binding configuration

using (WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(stsBinding, new EndpointAddress("endpointUrl"))) {
    //...channel factory configuration

    var channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

    RequestSecurityToken request = new RequestSecurityToken {
        TokenType = @"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1",
        KeySizeInBits = 256,
        //...
    };

    var res = channel.Issue(request);
}
日志中的

第一次跟踪(来源=ServiceLevelSendRequest)显示所有参数都已正确应用(令牌类型= SAMLV1.1):

<?xml version="1.0" encoding="UTF-8"?>
<MessageLogTraceRecord xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace" Time="2021-04-24T23:23:40.5538864+03:00" Source="ServiceLevelSendRequest" Type="System.ServiceModel.Channels.BodyWriterMessage">
   <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
         <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
         <a:MessageID>urn:uuid:62c3573f-de9d-4e1e-8e6f-4fa30ae14cb1</a:MessageID>
      </s:Header>
      <s:Body>
         <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
            <trust:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:TokenType>
            <trust:KeySize>256</trust:KeySize>
            ...
         </trust:RequestSecurityToken>
      </s:Body>
   </s:Envelope>
</MessageLogTraceRecord>

第二次跟踪 (source=ServiceLevelSendRequest) 具有不同的 MessageID 并更改了请求的正文(令牌类型?)

<?xml version="1.0" encoding="UTF-8"?>
<MessageLogTraceRecord xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace" Time="2021-04-24T23:48:19.0851183+03:00" Source="ServiceLevelSendRequest" Type="System.ServiceModel.Channels.BodyWriterMessage">
   <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
         <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
         <a:MessageID>urn:uuid:4eb70dc5-f344-47c4-8d3a-af7f7f1100c8</a:MessageID>
      </s:Header>
      <s:Body>... stream ...</s:Body>
   </s:Envelope>
</MessageLogTraceRecord>

第三次跟踪(来源=TransportSend)与第二次跟踪具有相同的 MessageID,并确认请求参数已被覆盖(令牌类型 = sct)。

<?xml version="1.0" encoding="UTF-8"?>
<MessageLogTraceRecord xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace" Time="2021-04-24T23:48:19.1361153+03:00" Source="TransportSend" Type="System.ServiceModel.Channels.BodyWriterMessage">
   <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
      <s:Header>
         <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
         <a:MessageID>urn:uuid:4eb70dc5-f344-47c4-8d3a-af7f7f1100c8</a:MessageID>
      </s:Header>
      <s:Body>
         <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512" Context="uuid-ef9a5d3c-88d8-4d73-84fd-5dd001693d38-1">
            <trust:TokenType>http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct</trust:TokenType>
            <trust:KeySize>256</trust:KeySize>
            //...
         </trust:RequestSecurityToken>
      </s:Body>
   </s:Envelope>
</MessageLogTraceRecord>

我不确定为什么第二个日志跟踪显示不同的 MessageID,似乎消息在序列化过程中被修改了。有没有办法禁用这种行为?

0 个答案:

没有答案
相关问题
最新问题