【发布时间】:2012-07-02 11:43:50
【问题描述】:
我有一个使用 STS 登录的网站,然后使用引导令牌获取委托令牌。然后我尝试使用委托令牌连接到 WCF 服务。我相信我的 WCF 配置是错误的。我尝试了很多不同的配置,我迷路了。
我收到了来自“描述未能查找通道以接收传入消息。找不到端点或 SOAP 操作”的各种错误。致 SAML 令牌中缺少受众 URI。
我很确定它是联合配置。
任何想法都会有所帮助!
或者有人有委托给 wcf 服务的例子吗?
谢谢!
这是通道工厂代码。
private static IService1 GetServiceProxy(SecurityToken token)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService1>(
binding,
new EndpointAddress(serviceAddress));
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(token);
return channel;
}
这是服务配置。我也尝试过 3 种不同的子绑定。
<system.serviceModel>
<diagnostics>
<messageLogging logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logKnownPii="true"
logEntireMessage="true"
logMalformedMessages="true" />
</diagnostics>
<bindings>
<ws2007FederationHttpBinding>
<binding name="ServiceHost_Service1">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="SymmetricKey">
<issuerMetadata address="https://localhost/sts2/issue/wstrust/mex"/>
<issuer address="http://localhost/sts2/issue/wstrust/message/username"
binding="ws2007HttpBinding"
bindingConfiguration="https://localhost/sts2/issue/wstrust/message/username">
<identity>
<certificate encodedValue="certblahblah"/>
</identity>
</issuer>
<tokenRequestParameters></tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/certificate"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/message/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<federatedServiceHostConfiguration/>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber">
</serviceCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration"
type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</behaviorExtensions>
</extensions>
<services>
<service name="ServiceHost_Service1">
<endpoint binding="ws2007FederationHttpBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<servicePrincipalName value="localhost"/>
<certificate encodedValue="certblahblah"/>
</identity>
</endpoint>
<endpoint address="MEX" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange"/>
</service>
</services>
<!--<client>
<endpoint binding="customBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<userPrincipalName value="localhost"/>
<certificate encodedValue="certblahblahblah"/>
</identity>
</endpoint>
</client>-->
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
这是身份配置
<microsoft.identityModel>
<certificateValidation revocationMode="NoCheck"
certificateValidationMode="None" />
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="c4e675b5add2a7d6d59bbd5e04ca30b440e23eff"
name="Thinktecture.IdentityServer" />
</trustedIssuers>
</issuerNameRegistry>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="false"
issuer="https://localhost/sts2/issue/wsfed"
realm="https://localhost/ServiceHost/" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<serviceCertificate>
<certificateReference findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber"/>
</serviceCertificate>
【问题讨论】:
-
你找到解决方案了吗,威廉?
-
不,我基本上废弃了代码,从极简配置重新开始,然后让它工作。这是 WCF 绑定配置中的内容,但我从来没有回头检查它到底是哪一行。
标签: wcf wcf-binding wif