2
我有一個網站使用STS登錄,然後使用引導令牌獲取委託令牌。然後,我嘗試使用指定的令牌連接到WCF服務。我相信它的我的WCF配置這是錯誤的。我嘗試了很多不同的配置,我迷路了。ws2007FederationHttpBinding和WIF代表團
我從「說明無法查找接收傳入消息的通道中收到各種錯誤,無法找到端點或SOAP操作」。收件人URI在SAML令牌中丟失。
我很確定它的聯邦配置。
任何想法都會有所幫助!
或者任何人都有一個委派給wcf服務的例子嗎?
謝謝!
這是渠道工廠代碼。
private static IService1 GetServiceProxy(SecurityToken token)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService1>(
binding,
new EndpointAddress(serviceAddress));
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(token);
return channel;
}
這是服務配置。我有3種不同的子綁定,我也試過。
<system.serviceModel>
<diagnostics>
<messageLogging logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logKnownPii="true"
logEntireMessage="true"
logMalformedMessages="true" />
</diagnostics>
<bindings>
<ws2007FederationHttpBinding>
<binding name="ServiceHost_Service1">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="SymmetricKey">
<issuerMetadata address="https://localhost/sts2/issue/wstrust/mex"/>
<issuer address="http://localhost/sts2/issue/wstrust/message/username"
binding="ws2007HttpBinding"
bindingConfiguration="https://localhost/sts2/issue/wstrust/message/username">
<identity>
<certificate encodedValue="certblahblah"/>
</identity>
</issuer>
<tokenRequestParameters></tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/certificate"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/message/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<federatedServiceHostConfiguration/>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber">
</serviceCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration"
type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</behaviorExtensions>
</extensions>
<services>
<service name="ServiceHost_Service1">
<endpoint binding="ws2007FederationHttpBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<servicePrincipalName value="localhost"/>
<certificate encodedValue="certblahblah"/>
</identity>
</endpoint>
<endpoint address="MEX" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange"/>
</service>
</services>
<!--<client>
<endpoint binding="customBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<userPrincipalName value="localhost"/>
<certificate encodedValue="certblahblahblah"/>
</identity>
</endpoint>
</client>-->
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
這是身份配置
<microsoft.identityModel>
<certificateValidation revocationMode="NoCheck"
certificateValidationMode="None" />
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="c4e675b5add2a7d6d59bbd5e04ca30b440e23eff"
name="Thinktecture.IdentityServer" />
</trustedIssuers>
</issuerNameRegistry>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="false"
issuer="https://localhost/sts2/issue/wsfed"
realm="https://localhost/ServiceHost/" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<serviceCertificate>
<certificateReference findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber"/>
</serviceCertificate>
你有沒有找到解決方案,威廉? – 2012-04-21 17:22:22
不,我基本上取消了代碼,以極簡配置重新開始,並使其工作。這是在WCF綁定配置中的東西,但我從來沒有回去,並確切地檢查它是什麼線路。 – William 2012-04-24 21:41:04