爲什麼傳入聯合安全令牌時此WCF調用失敗

Question

我試圖將安全令牌從客戶端應用程序傳遞到WCF服務進行身份驗證。

對於這個例子，我只是使用標準的文件，新的WCF應用程序項目，並試圖調用GetData方法。

我在客戶端上以下異常

{「的消息無法處理。這是最有可能的，因爲 行動‘http://tempuri.org/IService1/GetData’不正確，或因爲 消息包含無效或過期安全上下文令牌或 ，因爲綁定之間不匹配如果服務由於 處於非活動狀態而導致服務中止通道，則安全上下文 將無效爲防止服務中止空閒會話 過早地增加服務端點上的接收超時 結合。「}

如果我啓用的WCF服務，我可以看到下面的錯誤

有沒有通道，可以用行動 ‘http://tempuri.org/IService1/GetData’接受郵件跟蹤。

爲我服務的Web.config看起來像這樣

<?xml version="1.0"?> 
<configuration> 
    <configSections> 
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />   
    </configSections> 

    <system.web> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5"/> 
    </system.web> 

    <!--Configure STS--> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="https://stsserver.security.int/myApp" /> 
     </audienceUris> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"> 
     <trustedIssuers> 
      <add thumbprint="‎3c8fc34bd483b07ba0d1509827fc4788c36247e4" name="StartSSL Login" /> 
     </trustedIssuers> 
     </issuerNameRegistry> 
     <certificateValidation certificateValidationMode="None"/> 
    </identityConfiguration> 
    </system.identityModel> 

    <system.serviceModel> 
    <bindings> 
     <ws2007FederationHttpBinding> 
     <binding name ="IdentityServer"> 
      <security mode="TransportWithMessageCredential"> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
    <services> 
     <service name="Services.Service1" behaviorConfiguration="CertificateBehavior"> 
     <endpoint name="ws" binding="ws2007FederationHttpBinding" bindingConfiguration="IdentityServer" contract="Services.IService1" address=""/> 
     </service> 
    </services> 

    <behaviors> 
     <serviceBehaviors> 
     <behavior name="CertificateBehavior"> 
      <serviceCredentials> 
      <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 

    </system.serviceModel>  
</configuration> 

在我的客戶端應用程序的方法調用該WCF服務看起來像這樣

static void CallSecuredService(SecurityToken samlToken) 
{ 
    var binding = new WS2007FederationHttpBinding((WSFederationHttpSecurityMode.TransportWithMessageCredential)); 
    binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; 
    binding.Security.Message.EstablishSecurityContext = false; 

    var factory = new ChannelFactory<IService1>(binding, new EndpointAddress("https://localhost/myservice/Service1.svc")); 
    factory.Credentials.SupportInteractive = false; 
    factory.Credentials.UseIdentityConfiguration = true; 
    var proxy = factory.CreateChannelWithIssuedToken(samlToken); 

    Console.WriteLine(proxy.GetData(1)); 
} 

任何指針，以我的事應該檢查會很好，因爲我現在在這一點上有點不知所措。我不知道我怎麼能進一步調試呢？

Answer 1

我終於設法通過這個錯誤。問題是服務和客戶端綁定之間的小錯失匹配。

改變我綁定在web.config中這個固定的問題

<bindings> 
    <ws2007FederationHttpBinding> 
    <binding name ="IdentityServer"> 
     <security mode="TransportWithMessageCredential"> 
     <message issuedKeyType="BearerKey" establishSecurityContext="false"/> 
     </security> 
    </binding> 
    </ws2007FederationHttpBinding> 
</bindings>