WCF自定義綁定，將支持HTTPS，一個簽名證書和一個已簽名的用戶名令牌

Question

我試過問關於WCF的this question，但我沒有答案，所以我再次嘗試一個更集中的問題。

誰能告訴我如何創建自定義的WCF客戶端將綁定：

• 包括簽署的用戶名令牌
• 包括簽名的消息
• 通過HTTPS

發送

更新

不知道它是否有所作爲，但我使用.NET 4

另一個更新

如果任何人有任何具體的例子，這將是真棒

Answer 1

我想我可以給一些指點。你將不得不使用WIF來獲得這個工作。您想要傳遞的用戶名令牌將是已簽名的SAML令牌。要生成SAML令牌，有一個WCF示例附帶的STS示例項目，您可以使用該示例項目。你的代碼應該是這個樣子：

  //This class will use the STS WCF sample to generate the signed SAML token 
      var tm = new TokenManager(); 
      var samlToken = tm.GetSamlToken(Username); 
      var cf2 = new ChannelFactory<IPingService>("WcfSamlOverMutualSsl"); 
      cf2.Credentials.ClientCertificate.Certificate = clientCert; 

      cf2.ConfigureChannelFactory(); 

      cf2.Open(); 
      // this code will attach the SAML token to WCF service. 
      var proxy2 = cf2.CreateChannelWithIssuedToken(samlToken); 
      response = proxy2.Ping(); 

配置應該是這個樣子：

<customBinding> 
     <binding name="SamlOverMutualSsl"> 
      <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport" 
       requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="false" 
       keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"> 
      <issuedTokenParameters keyType="BearerKey" tokenType=""> 
       <additionalRequestParameters> 
       <trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
        <trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> 
       </trust:SecondaryParameters> 
       </additionalRequestParameters> 
      </issuedTokenParameters> 
      <localClientSettings cacheCookies="true" detectReplays="false" 
       replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" 
       replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" 
       sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" 
       timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" /> 
      <localServiceSettings detectReplays="false" issuedCookieLifetime="10:00:00" 
       maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" 
       negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" 
       sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" 
       reconnectTransportOnFailure="true" maxPendingSessions="128" 
       maxCachedCookies="1000" timestampValidityDuration="00:05:00" /> 
      <secureConversationBootstrap /> 
      </security> 
      <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" 
       messageVersion="Soap11" writeEncoding="utf-8"> 
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
       maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
      </textMessageEncoding> 
      <httpsTransport manualAddressing="false" maxBufferPoolSize="524288" 
       maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous" 
       bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard" 
       keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" 
       realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" 
       useDefaultWebProxy="true" requireClientCertificate="true" /> 
     </binding> 
     </customBinding> 

端點：

<endpoint address="https://localhost/Ping/saml" 
      binding="customBinding" bindingConfiguration="SamlOverMutualSsl" 
      contract="SharedContracts.IPingService" name="WcfSamlOverMutualSsl" /> 

請參考添加到從WIF的Microsoft.IdentityModel。

希望這會有所幫助。

rauts