【发布时间】:2013-08-05 16:04:54
【问题描述】:
尝试创建自定义 ServiceHostFactory 并在事件查看器中看到以下错误记录。
WebHost 未能处理请求。 发件人信息:System.ServiceModel.ServiceHostingEnvironment+HostingManager/38902774 异常:System.ServiceModel.ServiceActivationException:由于编译期间出现异常,无法激活服务“/services/clientservices.svc”。异常消息是:安全令牌管理器无法为要求“System.ServiceModel.Security.Tokens.RecipientServiceModelSecurityTokenRequirement:创建令牌身份验证器: 物业名称:http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeyType 属性值:对称键
属性名称:http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeyUsage 属性值:签名
属性名称:http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeySize 属性值:0
属性名称:http://schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/IsOptionalTokenProperty 属性值:假 物业名称:http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SupportSecurityContextCancellation 属性值:假
属性名称:http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/IsInitiator 属性值:假
属性名称:http://schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement 属性值:System.ServiceModel.Channels.SymmetricSecurityBindingElement: 默认算法套件:Basic256 包括时间戳:真 KeyEntropyMode:组合熵 MessageSecurityVersion:WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11 SecurityHeaderLayout:严格 保护令牌:假 EndpointSupportingToken参数: 背书[0] System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters: 包含模式:AlwaysToRecipient 参考风格:内部 RequireDerivedKeys:真 令牌类型:samlTokenType 密钥类型:对称密钥 密钥大小:0 发行人地址:https://sirona-locl-use.accesscontrol.windows.net/v2/wstrust/13/certificate 发行者元数据地址:空 DefaultMessgeSecurityVersion:空 使用StrTransform:假 发行人绑定:空 ClaimTypeRequirements:无 没有签名的令牌。 没有签名的加密令牌。 没有签名的背书令牌。 可选端点支持令牌参数: 没有背书代币。 没有签名的令牌。 没有签名的加密令牌。 没有签名的背书令牌。 OperationSupportingTokenParameters:无 可选操作支持令牌参数:无 MessageProtectionOrder:SignBeforeEncryptAndEncryptSignature 要求签名确认:真 ProtectionTokenParameters:System.ServiceModel.Security.Tokens.X509SecurityTokenParameters: 包含模式:从不 参考风格:内部 RequireDerivedKeys:真 X509ReferenceStyle:指纹
....
这是我正在使用创建 servicehostfactory 的代码
public class WSTrustServiceHostFactory : ServiceHostFactory
{
public static Binding CreateIssuedTokenForCertificateBinding(string acsCertificateEndpoint)
{
//http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
BindingElementCollection bec = new BindingElementCollection();
bec.Add(SecurityBindingElement.
CreateIssuedTokenForCertificateBindingElement(
new IssuedSecurityTokenParameters("samlTokenType", new EndpointAddress(acsCertificateEndpoint))));
bec.Add(new TextMessageEncodingBindingElement());
bec.Add(new HttpTransportBindingElement());
return new CustomBinding(bec);
}
protected override System.ServiceModel.ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
if (serviceType == null)
throw new ArgumentNullException("serviceType cannot be null");
if (baseAddresses.Count() == 0)
throw new ArgumentException("baseAddresses must have at least 1 member.");
string acsCertificateEndpoint = "https://acs url ...."
WSFederationHttpSecurityMode securityMode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
if ( debugging )
{
securityMode = WSFederationHttpSecurityMode.Message;
}
ServiceHost serviceHost = new ServiceHost(serviceType, baseAddresses);
//IssuedTokenWSTrustBinding issuedTokenWSTrustBinding = new IssuedTokenWSTrustBinding(
// new CertificateWSTrustBinding(securityMode),
// new EndpointAddress(acsCertificateEndpoint));
System.IdentityModel.Configuration.IdentityConfiguration serviceConfiguration =
new System.IdentityModel.Configuration.IdentityConfiguration();
serviceHost.Credentials.ServiceCertificate.Certificate = // fetch acs decryption certificate;
acsSigningCertificate = //fetch acs signing certificate.
ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry();
issuerNameRegistry.AddTrustedIssuer(acsSigningCertificate.Thumbprint, acsSigningCertificate.SubjectName.Name);
serviceConfiguration.IssuerNameRegistry = issuerNameRegistry;
serviceConfiguration.AudienceRestriction.AudienceMode = System.IdentityModel.Selectors.AudienceUriMode.Always;
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());
// wif 3.5 //serviceHost.AddServiceEndpoint(serviceType.GetInterfaces()[0], issuedTokenWSTrustBinding, String.Empty);
serviceHost.AddServiceEndpoint(serviceType.GetInterfaces()[0], CreateIssuedTokenForCertificateBinding(acsCertificateEndpoint), String.Empty);
//var creds = serviceHost.Description.Behaviors.Find<ServiceCredentials>();
// creds.UseIdentityConfiguration = true;
//creds.IdentityConfiguration = serviceConfiguration;
serviceHost.Credentials.UseIdentityConfiguration = true;
serviceHost.Credentials.IdentityConfiguration = serviceConfiguration;
// <--wif 3.5 FederatedServiceCredentials.ConfigureServiceHost(serviceHost, serviceConfiguration); -->
if (RegionConfiguration.GetSetting<bool>(Settings.CLIENTSERVICES_INCLUDE_EXCEPTION_DETAILS))
{
if (serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>() == null)
{
serviceHost.Description.Behaviors.Add(new ServiceDebugBehavior());
}
serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>().IncludeExceptionDetailInFaults = true;
}
return serviceHost;
}
}
有什么想法吗?
【问题讨论】: