【问题标题】:ws2007FederationHttpBinding and WIF delegationws2007FederationHttpBinding 和 WIF 委托
【发布时间】:2012-07-02 11:43:50
【问题描述】:

我有一个使用 STS 登录的网站,然后使用引导令牌获取委托令牌。然后我尝试使用委托令牌连接到 WCF 服务。我相信我的 WCF 配置是错误的。我尝试了很多不同的配置,我迷路了。

我收到了来自“描述未能查找通道以接收传入消息。找不到端点或 SOAP 操作”的各种错误。致 SAML 令牌中缺少受众 URI。

我很确定它是联合配置。

任何想法都会有所帮助!

或者有人有委托给 wcf 服务的例子吗?

谢谢!

这是通道工厂代码。

  private static IService1 GetServiceProxy(SecurityToken token)
    {
        var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
        binding.Security.Message.EstablishSecurityContext = false;

        var factory = new ChannelFactory<IService1>(
            binding,
            new EndpointAddress(serviceAddress));
        factory.Credentials.SupportInteractive = false;
        factory.ConfigureChannelFactory();

        var channel = factory.CreateChannelWithIssuedToken(token);
        return channel;

    }

这是服务配置。我也尝试过 3 种不同的子绑定。

  <system.serviceModel>

  <diagnostics>
    <messageLogging logMessagesAtServiceLevel="true" 
                    logMessagesAtTransportLevel="true" 
                    logKnownPii="true"
                    logEntireMessage="true" 
                    logMalformedMessages="true" />
  </diagnostics>

  <bindings>

    <ws2007FederationHttpBinding>
      <binding name="ServiceHost_Service1">
        <security mode="TransportWithMessageCredential">
          <message establishSecurityContext="false" issuedKeyType="SymmetricKey">
            <issuerMetadata address="https://localhost/sts2/issue/wstrust/mex"/>
            <issuer address="http://localhost/sts2/issue/wstrust/message/username" 
                    binding="ws2007HttpBinding" 
                    bindingConfiguration="https://localhost/sts2/issue/wstrust/message/username">
              <identity>
                <certificate encodedValue="certblahblah"/>
              </identity>  
            </issuer>
            <tokenRequestParameters></tokenRequestParameters>
          </message>
        </security>
      </binding>
    </ws2007FederationHttpBinding>

    <ws2007HttpBinding>

      <binding name="https://localhost/sts2/issue/wstrust/mixed/username"
            closeTimeout="00:01:00"
            openTimeout="00:01:00"
            receiveTimeout="00:10:00"
            sendTimeout="00:01:00"
            bypassProxyOnLocal="false"
            transactionFlow="false"
            hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288"
            maxReceivedMessageSize="65536"
            messageEncoding="Text"
            textEncoding="utf-8"
            useDefaultWebProxy="true"
            allowCookies="false">
        <readerQuotas maxDepth="32"
                      maxStringContentLength="8192"
                      maxArrayLength="16384"
                      maxBytesPerRead="4096"
                      maxNameTableCharCount="16384" />
        <reliableSession ordered="true"
                         inactivityTimeout="00:10:00"
                         enabled="false" />
        <security mode="TransportWithMessageCredential">
          <transport clientCredentialType="None"
                     proxyCredentialType="None"
                     realm="" />
          <message clientCredentialType="UserName"
                   negotiateServiceCredential="true"
                   algorithmSuite="Default"
                   establishSecurityContext="false" />
        </security>
      </binding>

      <binding name="https://localhost/sts2/issue/wstrust/mixed/certificate"
             closeTimeout="00:01:00"
             openTimeout="00:01:00"
             receiveTimeout="00:10:00"
             sendTimeout="00:01:00"
             bypassProxyOnLocal="false"
             transactionFlow="false"
             hostNameComparisonMode="StrongWildcard"
             maxBufferPoolSize="524288"
             maxReceivedMessageSize="65536"
             messageEncoding="Text"
             textEncoding="utf-8"
             useDefaultWebProxy="true"
             allowCookies="false">
        <readerQuotas maxDepth="32"
                      maxStringContentLength="8192"
                      maxArrayLength="16384"
                      maxBytesPerRead="4096"
                      maxNameTableCharCount="16384" />
        <reliableSession ordered="true"
                         inactivityTimeout="00:10:00"
                         enabled="false" />
        <security mode="TransportWithMessageCredential">
          <transport clientCredentialType="None"
                     proxyCredentialType="None"
                     realm="" />
          <message clientCredentialType="Certificate"
                   negotiateServiceCredential="true"
                   algorithmSuite="Default"
                   establishSecurityContext="false" />
        </security>
      </binding>

      <binding name="https://localhost/sts2/issue/wstrust/message/username"
            closeTimeout="00:01:00"
            openTimeout="00:01:00"
            receiveTimeout="00:10:00"
            sendTimeout="00:01:00"
            bypassProxyOnLocal="false"
            transactionFlow="false"
            hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288"
            maxReceivedMessageSize="65536"
            messageEncoding="Text"
            textEncoding="utf-8"
            useDefaultWebProxy="true"
            allowCookies="false">
        <readerQuotas maxDepth="32"
                      maxStringContentLength="8192"
                      maxArrayLength="16384"
                      maxBytesPerRead="4096"
                      maxNameTableCharCount="16384" />
        <reliableSession ordered="true"
                         inactivityTimeout="00:10:00"
                         enabled="false" />
        <security mode="Message">
          <transport clientCredentialType="Windows"
                     proxyCredentialType="None"
                     realm="" />
          <message clientCredentialType="UserName"
                   negotiateServiceCredential="false"
                   algorithmSuite="Default"
                   establishSecurityContext="false" />
        </security>
      </binding>

    </ws2007HttpBinding>
  </bindings>

<behaviors>
  <serviceBehaviors>
    <behavior>
      <federatedServiceHostConfiguration/>
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="true"/>

      <serviceCredentials>
        <serviceCertificate  findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
                  storeLocation="LocalMachine"
                  storeName="My"
                  x509FindType="FindBySerialNumber">
        </serviceCertificate>
      </serviceCredentials>

    </behavior>

  </serviceBehaviors>
</behaviors>

<extensions>
      <behaviorExtensions>
        <add name="federatedServiceHostConfiguration"
             type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      </behaviorExtensions>
</extensions>

<services>
  <service name="ServiceHost_Service1">
    <endpoint binding="ws2007FederationHttpBinding"
              bindingConfiguration="ServiceHost_Service1"
              contract="ServiceHost.IService1">
      <identity>
        <servicePrincipalName value="localhost"/>
        <certificate encodedValue="certblahblah"/>
      </identity>
    </endpoint>
    <endpoint address="MEX" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange"/>
  </service>
</services>

<!--<client>
  <endpoint binding="customBinding" 
            bindingConfiguration="ServiceHost_Service1"
            contract="ServiceHost.IService1">
    <identity>
      <userPrincipalName value="localhost"/>
      <certificate encodedValue="certblahblahblah"/>
    </identity>        
  </endpoint>

</client>-->

<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

这是身份配置

 <microsoft.identityModel>

<certificateValidation revocationMode="NoCheck"
                       certificateValidationMode="None" />
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
  <trustedIssuers>
    <add thumbprint="c4e675b5add2a7d6d59bbd5e04ca30b440e23eff"
            name="Thinktecture.IdentityServer" />
  </trustedIssuers>
</issuerNameRegistry>

<federatedAuthentication>
  <wsFederation passiveRedirectEnabled="false"
                issuer="https://localhost/sts2/issue/wsfed"
                realm="https://localhost/ServiceHost/" />
  <cookieHandler requireSsl="true" />
</federatedAuthentication>

<serviceCertificate>
  <certificateReference findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
                  storeLocation="LocalMachine"
                  storeName="My"
                  x509FindType="FindBySerialNumber"/>
</serviceCertificate>

【问题讨论】:

  • 你找到解决方案了吗,威廉?
  • 不,我基本上废弃了代码,从极简配置重新开始,然后让它工作。这是 WCF 绑定配置中的内容,但我从来没有回头检查它到底是哪一行。

标签: wcf wcf-binding wif


【解决方案1】:

我自己试图弄清楚活动的 STS / WCF 委托场景并拼凑了一个示例项目(请注意,安全检查本身已关闭,该项目是为了帮助我了解流程和依赖关系):

https://github.com/colinbowern/TwoTierSts

【讨论】:

    猜你喜欢
    • 2016-05-01
    • 1970-01-01
    • 1970-01-01
    • 2011-01-12
    • 2018-11-20
    • 2010-09-30
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多