【发布时间】:2015-04-29 00:09:53
【问题描述】:
我有一个 Web 应用程序(名为 MyWebClient)通过 http 调用一个服务(名为 MyService)。 MyService 接受来自 ADFS 的已颁发令牌,并且工作正常。我想从 ADFS 切换到 MyCustomSTS(使用 WIF 4.5)。我希望 MyWebClient 代码不会更改,但我收到错误消息。
Ping 到 MyService 的代码如下
var token = GetSecurityToken();
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message, false);
var messageSecurity = serviceBinding.Security.Message;
messageSecurity.IssuedTokenType = TokenTypes.Saml11TokenProfile11;
messageSecurity.IssuerAddress = Constants.StsAddressX509;
messageSecurity.IssuedKeyType = SecurityKeyType.SymmetricKey;
messageSecurity.IssuerBinding = stsBinding;
var factory = new ChannelFactory<IMyService>(binding, new EndpointAddress("https://mylocalhost/MyService.svc"));
factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =
X509CertificateValidationMode.None;
factory.Credentials.ServiceCertificate.Authentication.RevocationMode =
X509RevocationMode.NoCheck;
var service = factory.CreateChannelWithIssuedToken(token);
var result = service.Ping();
我有(看起来像)来自 STS 的有效令牌。
但是在调用Ping to MyService时会抛出异常,如下:
There was an error serializing the security token. Please see the
inner exception for more details. Server stack trace: at
System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter
writer, SecurityToken token) at
System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter
writer, MessageVersion messageVersion) at
System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter
writer, MessageVersion messageVersion) at
System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter
writer) at ...
在网上搜索后,有人建议我稍微更改代码以添加
factory.Credentials.UseIdentityConfiguration = true;
它又可以正常工作了。
我的问题是为什么它在没有“UseIdentityConfiguration”的情况下与 ADFS 一起工作正常?无论如何要在 MyCustomSTS 上修复它但更改客户端代码?
原因是我有很多像 MyWebClient 这样的客户端应用程序,所以更改它们的代码对我来说是个问题。
感谢您的所有帮助和回复。我真的很感激。
【问题讨论】: