Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/wcf/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
.net wsFederationHttpBinding,将自定义用户标识传递给STS_.net_Wcf_Wcf Security - Fatal编程技术网
Fatal编程技术网
  • .net/
  • .net wsFederationHttpBinding,将自定义用户标识传递给STS

.net wsFederationHttpBinding,将自定义用户标识传递给STS

.net wcf

.net wsFederationHttpBinding,将自定义用户标识传递给STS,.net,wcf,wcf-security,.net,Wcf,Wcf Security,我正在尝试实现以下场景: 客户将其证明文件交给医生 STS应用自定义授权策略来确定特定用户可用的声明集,并发布安全令牌 客户端将令牌传递给业务服务,业务服务根据用户从令牌获得的声明集确定用户的权限 看来第一步是主要问题。正如所建议的,wsFederationHttpBinding的消息元素没有clientCredentialsType。因此,每当我的AuthorizationPolicy检查evaluationContext.Properties[“Identity”]时,它都会在其中看到Win

我正在尝试实现以下场景:

  • 客户将其证明文件交给医生
  • STS应用自定义授权策略来确定特定用户可用的声明集,并发布安全令牌
  • 客户端将令牌传递给业务服务,业务服务根据用户从令牌获得的声明集确定用户的权限
    • 看来第一步是主要问题。正如所建议的,wsFederationHttpBinding的消息元素没有clientCredentialsType。因此,每当我的AuthorizationPolicy检查evaluationContext.Properties[“Identity”]时,它都会在其中看到WindowsIdentity。我想根据自定义存储(DB)对用户进行身份验证

    有没有办法通过wsFederationHttpBinding来实现这一点?

    好吧,下面是答案

    STS配置:

    <behaviors>
     <serviceBehaviors>
         <behavior name="STSBehaviour">
             <!--Custom credentials processing-->
             <serviceCredentials>
                 <userNameAuthentication userNamePasswordValidationMode="Custom" 
                                         customUserNamePasswordValidatorType="SecurityTokenService.UserNameValidator, SecurityTokenService"/>
             </serviceCredentials>
             <!--------------------------------->
         </behavior>
    </serviceBehaviors>
</behaviors>
<bindings>
    <wsHttpBinding>
        <binding name="wsHttpUsername">
            ...
            <security mode="Message">
                <message clientCredentialType="UserName"
                         negotiateServiceCredential="false"
                         establishSecurityContext="false" />
            </security>
            ...
        </binding>
    </wsHttpBinding>
</bindings>
<services>
    <service behaviorConfiguration ="STSBehaviour"
               name="Microsoft.ServiceModel.Samples.SecurityTokenService" >
           ....
    </service>
</services>

    public class UserNameValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        if (!VerifyCredentials(userName, password))
            throw new SecurityException("Invalid credentials");
    }
}