無法找到「System.IdentityModel.Tokens.UserNameSecurityToken」令牌類型的令牌認證程序。

Question

我正在嘗試讓第三方Java客戶端與我寫的WCF服務進行通信。

無法找到的 「System.IdentityModel.Tokens.UserNameSecurityToken」令牌類型的令牌認證：

我收到郵件時出現以下情況例外。根據當前安全 設置，該類型的令牌 不能被接受。

這裏是我的配置：

綁定

<customBinding> 
    <binding name="TestSecureBinding"> 
     <security authenticationMode="MutualCertificate" /> 
     <textMessageEncoding messageVersion="Soap11WSAddressing10" /> 
     <httpsTransport requireClientCertificate="true" maxReceivedMessageSize="5242880" /> 
    </binding> 
</customBinding> 

行爲：

<serviceBehaviors> 
    <behavior name="TestCertificateBehavior"> 
     <serviceCredentials> 
     <clientCertificate> 
      <certificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/> 
      <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck"/> 
     </clientCertificate> 
     <serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/> 
     </serviceCredentials> 
    </behavior> 
    </serviceBehaviors> 

端點：

<service name="TestService" 
      behaviorConfiguration="TestCertificateBehavior"> 
    <endpoint 
     name="TestEndpoint" 
     address="https://localhost:443" 
     contract="TestServiceContract" 
     binding="customBinding" 
     bindingConfiguration="TestSecureBinding"> 
    </endpoint> 
    <host> 
     <baseAddresses> 
     <add baseAddress="https://localhost:443" /> 
     </baseAddresses> 
    </host> 

    </service> 

有誰知道這是什麼原因造成的？

Answer 1

我接受，我不能在配置文件中做到這一點，紛紛使出在代碼中創建的服務主機

下面是創建綁定，綁定元素和創建服務主機的完整例子

請注意，您可能沒有使用WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W - 你可能正在使用比我不得不使用較新的版本 - 但只需將其替換爲正確的版本即可。

var securityBindingElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); 
securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters()); 
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; 
securityBindingElement.IncludeTimestamp = true; 
securityBindingElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign; 

var customBinding = new CustomBinding(); 
customBinding.Elements.Add(securityBindingElement); 
customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8)); 
customBinding.Elements.Add(new HttpsTransportBindingElement() { MaxReceivedMessageSize = 5242880 }); 

ServiceHost customServiceHost = new ServiceHost(type); 
customServiceHost.AddServiceEndpoint(typeof(ITestServiceContract), customBinding, "https://localhost:443"); 
customServiceHost.Open(); 

Answer 2

這是因爲引用證書的錯誤方式已經在某處使用過，如果我沒有記錯的話，您要麼直接引用證書，要麼使用密鑰標識符 - 無論如何，要超越它，您應該能夠添加allowSerializedSigningTokenOnReply標記到您的客戶端綁定配置上的安全標記並將其設置爲true。

是應該超越它適合你 - 請記住，把這個客戶端

對不起，我不能找到引用 - 我記得讀它的地方，和現在不能找到它！ :(****編輯在這裏它是**** - http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html

<customBinding> 
<binding name="TestSecureBinding"> 
     <security allowSerializedSigningTokenOnReply="true" /> 
     etc 
    </binding> 
<customBinding>