卡在身份驗證重定向循環 - STS/WIF

Question

使用VS2012 .Net Framework 4.5，我創建了一個WCF服務應用程序與本地STS，使用身份和訪問插件。 我的目標是能夠使用瀏覽器進行身份驗證。 我到目前爲止所做的：

• 添加了WSFAM和SAM模塊。
• 使用提琴手，以確保我得到重定向
• 確保FedAuth [] Cookie創建。

恰好在創建cookie後（SAM）我再次被重定向回STS。這是我陷入循環的地方。

WCF和Web服務是相當新的給我，對不起，如果我闡述了太多...

這裏是我的web.config：

<?xml version="1.0"?> 
<configuration> 
    <configSections> 
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
    </configSections> 
    <location path="FederationMetadata"> 
    <system.web> 
     <authorization> 
     <allow users="*" /> 
     </authorization> 
    </system.web> 
    </location> 
    <system.web> 
    <authorization> 
     <deny users="?" /> 
    </authorization> 
    <authentication mode="None" /> 
    <pages validateRequest="false" /> 
    <httpRuntime targetFramework="4.5" /> 
    <compilation debug="true" targetFramework="4.5" /> 
    </system.web> 
    <system.serviceModel> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <!-- To avoid disclosing metadata information, set the value below to false before deployment --> 
      <serviceMetadata httpGetEnabled="true" /> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      <!--Certificate added by Identity and Access Tool for Visual Studio.--> 
      <serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> 
    <protocolMapping> 
     <add scheme="http" binding="ws2007FederationHttpBinding" /> 
    </protocolMapping> 
    <bindings> 
     <basicHttpBinding> 
     <binding name="MyBinding"> 
      <security mode="TransportCredentialOnly"> 
      <transport clientCredentialType="Windows" /> 
      </security> 
     </binding> 
     </basicHttpBinding> 
    </bindings> 
    <services> 
     <service name="WcfFAMTest.Service1"> 
     <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="WcfFAMTest.IService1" /> 
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
     </service> 
    </services> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true"> 
     <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> 
     <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" /> 
    </modules> 
    <directoryBrowse enabled="true" /> 
    </system.webServer> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="http://localhost:53655" /> 
     <add value="http://localhost:53655/Service1.svc" /> 
     </audienceUris> 
     <certificateValidation certificateValidationMode="None" /> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> 
     <trustedIssuers> 
      <add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" /> 
     </trustedIssuers> 
     </issuerNameRegistry> 
    </identityConfiguration> 
    </system.identityModel> 
    <system.identityModel.services> 
    <federationConfiguration> 
     <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:15937/wsFederationSTS/Issue" realm="http://localhost:53655" reply="http://localhost:53655" requireHttps="false" /> 
     <cookieHandler requireSsl="false" /> 
    </federationConfiguration> 
    </system.identityModel.services> 
    <appSettings> 
    <add key="ida:FederationMetadataLocation" value="http://localhost:15937/wsFederationSTS/FederationMetadata/2007-06/FederationMetadata.xml" /> 
    <add key="ida:ProviderSelection" value="localSTS" /> 
    <add key="ida:EnforceIssuerValidation" value="false" /> 
    </appSettings> 
</configuration> 

提琴手

迴應＃10108 - 設置FedAuth cookie並重定向到資源 請求＃10109 - 使用給定的cookie請求重定向的資源。 響應＃10109 - 結果401，重定向到＃10111

Answer 1

再次STS我用的是不支持這些模塊WCF Web服務。切換到ASP.Net Web應用程序，配置相同的方式，完美的作品。