C# 活动客户端-使用idp令牌从资源伙伴ADF获取令牌_C#_Wcf_Saml_Claims Based Identity_Adfs2.0

C# 活动客户端-使用idp令牌从资源伙伴ADF获取令牌

c# wcf

C# 活动客户端-使用idp令牌从资源伙伴ADF获取令牌,c#,wcf,saml,claims-based-identity,adfs2.0,C#,Wcf,Saml,Claims Based Identity,Adfs2.0,我正在尝试使用以下场景编写控制台应用程序：客户端首先从身份提供者请求令牌，然后使用该令牌从资源提供者请求新令牌使用以下链接：我设法从Idp获取令牌，但没有设法从资源STS获取令牌这是我的代码： string RPRealm = "https://service.contoso.com/"; string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust"; string IdPstsEndpoint

我正在尝试使用以下场景编写控制台应用程序：客户端首先从身份提供者请求令牌，然后使用该令牌从资源提供者请求新令牌使用以下链接：

我设法从Idp获取令牌，但没有设法从资源STS获取令牌

这是我的代码：

    string RPRealm = "https://service.contoso.com/";
    string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust";
    string IdPstsEndpoint = "https://IdpAdfs.domain.com/adfs/services/trust/13/kerberosmixed";
    string RSTSEndpoint = "https://fsweb.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256";

    private static SecurityToken GetIdPToken(string rstsRealm, string IdPstsEndpoint)
    {
        using (var factory = new WSTrustChannelFactory(
                new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                new EndpointAddress(new Uri(IdPstsEndpoint))))
        {
            WSTrustChannel channel = null;
            factory.TrustVersion = TrustVersion.WSTrust13;
            try
            {
                var rst = new RequestSecurityToken
                {
                    RequestType = WSTrust13Constants.RequestTypes.Issue,
                    AppliesTo = new EndpointAddress(rstsRealm),
                    KeyType = WSTrust13Constants.KeyTypes.Bearer,
                };

                channel = (WSTrustChannel)factory.CreateChannel();
                RequestSecurityTokenResponse rstr;
                SecurityToken token = channel.Issue(rst, out rstr);
                return token;
            }
            finally
            {
                if (channel != null)
                {
                    channel.Abort();
                }

                factory.Abort();
            }
        }
    }


private static SecurityToken GetRSTSToken(SecurityToken IdPToken, string RSTSEndpoint, string RPRealm)
{
   var binding = new WS2007FederationHttpBinding();
   binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
   binding.Security.Message.EstablishSecurityContext = false;
   binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;

    using (var factory = new WSTrustChannelFactory(
           binding,
            new EndpointAddress(new Uri(RSTSEndpoint))))
    {
        var rst = new RequestSecurityToken
        {
            RequestType = WSTrust13Constants.RequestTypes.Issue,
            AppliesTo = new EndpointAddress(RPRealm),
            KeyType = WSTrust13Constants.KeyTypes.Bearer,
        };
        factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        factory.TrustVersion = TrustVersion.WSTrust13;
        factory.Credentials.SupportInteractive = false;
        factory.ConfigureChannelFactory();


        var channel = factory.CreateChannelWithIssuedToken(IdPToken);
        RequestSecurityTokenResponse rstr;
        SecurityToken token = channel.Issue(rst, out rstr);
        return token;
    }
}

我得到这个错误：响应消息的内容类型text/html与绑定的内容类型不匹配（application/soap+xml；charset=utf-8）我的代码出了什么问题？

提前感谢

ADFS不支持其联盟内点上的承载令牌。换句话说，在第一个跃点上，您需要在RST上指定一个KeyTypes.Symmetric。

尝试使用Thinktecture.IdentityModel中的WSTrust绑定-例如，对于第二个跃点，使用IssuedTokenStrustBinding。如果我使用IssuedTokenStrustBinding，我得到错误：签名令牌通用XML令牌：validFrom:05/05/2013 14:51:22 validTo:05/05/2013 15:51:22 InternalTokenReference:SamlasertionKeyIdentifierClause（AssertionId='_299797979797-107a-4c16-b59b-4a9462edfea3'）外部令牌引用：SamlasertionKeyIdentifierClause（AssertionId='_2997979797979797-107a-4c16-b59b-4a9462edfea3'）令牌元素：（EncryptedData，）没有密钥。安全令牌用于要求其执行加密操作的上下文中，但该令牌不包含加密。。。