Fatal编程技术网
  • asp.net/
  • Asp.net 将SAML令牌与Web服务(wsdl)一起使用

Asp.net 将SAML令牌与Web服务(wsdl)一起使用

asp.net web-services wcf

Asp.net 将SAML令牌与Web服务(wsdl)一起使用,asp.net,web-services,wcf,wsdl,saml,Asp.net,Web Services,Wcf,Wsdl,Saml,提供者给了我一个.wsdl文件和.pfx 我打电话给IdP并获得SAML令牌。现在我需要将该令牌传递给Web服务 如何使用SAML令牌与Web服务一起工作 我使用的是.NET4.5,这是WS的提供者应该指定的。OASIS的WS-security标准 使用此标准,SAML断言被放置在SOAP安全头中,我能够通过以下两篇文章添加令牌并获得响应: 这是我的密码: private static string serviceEndpoint = "https service endpoint";

提供者给了我一个.wsdl文件和.pfx

我打电话给IdP并获得SAML令牌。现在我需要将该令牌传递给Web服务

如何使用SAML令牌与Web服务一起工作

我使用的是.NET4.5,这是WS的提供者应该指定的。OASIS的WS-security标准

使用此标准,SAML断言被放置在SOAP安全头中,我能够通过以下两篇文章添加令牌并获得响应:

这是我的密码:

  private static string serviceEndpoint = "https service endpoint";
    public static void CallProviderService(SecurityToken token)
    {
        var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;

        var channelFactory = new ChannelFactory<ISomeProviderService>(binding, new EndpointAddress(new Uri(serviceEndpoint)));
        string thumb = "mycertthumbprint";
        channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, thumb);
        channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
        channelFactory.ConfigureChannelFactory();
        channelFactory.Credentials.SupportInteractive = false;

var elements = service.Endpoint.Binding.CreateBindingElements();
elements.Find<SecurityBindingElement>().EnableUnsecuredResponse = true;
service.Endpoint.Binding = new CustomBinding(elements);

        var channel = channelFactory.CreateChannelWithIssuedToken<ISomeProviderService>(token);

        try
        {
            var response = channel.MyServiceMethod(somedataobject);
        }

        catch (Exception ex)
        {
           //log message
        }
    }

private静态字符串serviceEndpoint=“https服务端点”;
公共静态无效CallProviderService(SecurityToken令牌)
{
var binding=新的WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext=false;
binding.Security.Message.IssuedKeyType=SecurityKeyType.BearerKey;
var channelFactory=newchannelfactory(绑定,新端点地址(新Uri(serviceEndpoint)));
string thumb=“mycertthumbprint”;
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser,StoreName.My,X509FindType.FindByThumbprint,thumb);
channelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode=System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
channelFactory.ConfigureChannelFactory();
channelFactory.Credentials.SupportInteractive=false;
var elements=service.Endpoint.Binding.CreateBindingElements();
elements.Find().EnableUnsecuredResponse=true;
service.Endpoint.Binding=新的CustomBinding(元素);
var channel=channelFactory.CreateChannelWithIssuedToken(令牌);
尝试
{
var response=channel.MyServiceMethod(somedataobject);
}
捕获(例外情况除外)
{
//日志消息
}
}
秘方是调用
CreateChannelWithIssuedToken
()。@Mitch我已经尝试过了,但问题是我的机器上有一个.wsdl,而不是提供程序服务的url。wsdl通常包含
/service/port/address/@location
中的端点地址。您可以使用
svcutil.exe
工具将WSDL转换为客户机代理。请看。@Mitch,我能够使用wsdl生成代理类。我正在尝试类似于这里的东西:。希望这会奏效。