.net wsFederationHttpBinding,将自定义用户标识传递给STS
我正在尝试实现以下场景:.net wsFederationHttpBinding,将自定义用户标识传递给STS,.net,wcf,wcf-security,.net,Wcf,Wcf Security,我正在尝试实现以下场景: 客户将其证明文件交给医生 STS应用自定义授权策略来确定特定用户可用的声明集,并发布安全令牌 客户端将令牌传递给业务服务,业务服务根据用户从令牌获得的声明集确定用户的权限 看来第一步是主要问题。正如所建议的,wsFederationHttpBinding的消息元素没有clientCredentialsType。因此,每当我的AuthorizationPolicy检查evaluationContext.Properties[“Identity”]时,它都会在其中看到Win
有没有办法通过wsFederationHttpBinding来实现这一点?好吧,下面是答案 STS配置:
<behaviors>
<serviceBehaviors>
<behavior name="STSBehaviour">
<!--Custom credentials processing-->
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="SecurityTokenService.UserNameValidator, SecurityTokenService"/>
</serviceCredentials>
<!--------------------------------->
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpUsername">
...
<security mode="Message">
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
establishSecurityContext="false" />
</security>
...
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration ="STSBehaviour"
name="Microsoft.ServiceModel.Samples.SecurityTokenService" >
....
</service>
</services>
public class UserNameValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (!VerifyCredentials(userName, password))
throw new SecurityException("Invalid credentials");
}
}