我有一个使用STS登录的网站,然后使用引导令牌获取委托令牌。然后我尝试使用delgated令牌连接到WCF服务。我相信我的WCF配置错了。我已经尝试了很多不同的配置,我已经失去了。
我收到了“描述无法查找通道以接收传入消息的各种错误。无法找到端点或SOAP操作。” SAML令牌中缺少的Audience URI。
我很确定它的联合配置。
任何想法都会有所帮助!!
或者任何人都有一个委托给wcf服务的例子?
谢谢!
这是渠道工厂代码。
private static IService1 GetServiceProxy(SecurityToken token)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService1>(
binding,
new EndpointAddress(serviceAddress));
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(token);
return channel;
}
这是服务配置。我已经尝试了3种不同的子绑定。
<system.serviceModel>
<diagnostics>
<messageLogging logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logKnownPii="true"
logEntireMessage="true"
logMalformedMessages="true" />
</diagnostics>
<bindings>
<ws2007FederationHttpBinding>
<binding name="ServiceHost_Service1">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="SymmetricKey">
<issuerMetadata address="https://localhost/sts2/issue/wstrust/mex"/>
<issuer address="http://localhost/sts2/issue/wstrust/message/username"
binding="ws2007HttpBinding"
bindingConfiguration="https://localhost/sts2/issue/wstrust/message/username">
<identity>
<certificate encodedValue="certblahblah"/>
</identity>
</issuer>
<tokenRequestParameters></tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/certificate"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/message/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<federatedServiceHostConfiguration/>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber">
</serviceCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration"
type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</behaviorExtensions>
</extensions>
<services>
<service name="ServiceHost_Service1">
<endpoint binding="ws2007FederationHttpBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<servicePrincipalName value="localhost"/>
<certificate encodedValue="certblahblah"/>
</identity>
</endpoint>
<endpoint address="MEX" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange"/>
</service>
</services>
<!--<client>
<endpoint binding="customBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<userPrincipalName value="localhost"/>
<certificate encodedValue="certblahblahblah"/>
</identity>
</endpoint>
</client>-->
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
这是身份配置
<microsoft.identityModel>
<certificateValidation revocationMode="NoCheck"
certificateValidationMode="None" />
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="c4e675b5add2a7d6d59bbd5e04ca30b440e23eff"
name="Thinktecture.IdentityServer" />
</trustedIssuers>
</issuerNameRegistry>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="false"
issuer="https://localhost/sts2/issue/wsfed"
realm="https://localhost/ServiceHost/" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<serviceCertificate>
<certificateReference findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber"/>
</serviceCertificate>
答案 0 :(得分:2)
我试图自己弄清楚活动的STS / WCF委派方案并拼凑一个示例项目(请注意,安全检查本身已关闭,此项目旨在帮助我了解流程和依赖项):