Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/310.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# &引用;验证消息“0”的安全性时出错;对ADFS进行身份验证时出现异常_C#_Wif_Saml 2.0_Adfs2.0 - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# &引用;验证消息“0”的安全性时出错;对ADFS进行身份验证时出现异常

C# &引用;验证消息“0”的安全性时出错;对ADFS进行身份验证时出现异常

c#

C# &引用;验证消息“0”的安全性时出错;对ADFS进行身份验证时出现异常,c#,wif,saml-2.0,adfs2.0,C#,Wif,Saml 2.0,Adfs2.0,正如我在中所述,我构建了一个web服务,该服务将使用用户名/密码,并基于这些凭据对ADFS2中的用户(移动应用程序)进行身份验证。我的web服务在ADFS上配置为RP。ADFS发行SAML2.0代币 以下是web方法的代码: public class MobileAuthService : IMobileAuthService { private const string adfsBaseAddress = @"https://<my_adfs_hostname>/adfs/

正如我在中所述,我构建了一个web服务,该服务将使用用户名/密码,并基于这些凭据对ADFS2中的用户(移动应用程序)进行身份验证。我的web服务在ADFS上配置为RP。ADFS发行SAML2.0代币

以下是web方法的代码:

public class MobileAuthService : IMobileAuthService
{
    private const string adfsBaseAddress = @"https://<my_adfs_hostname>/adfs/services/";
    private const string endpointSuffix = @"trust/13/issuedtokenmixedsymmetricbasic256";

    public string AuthenticateUser(string username, string password)
    {
        var binding = new WS2007HttpBinding(SecurityMode.Message);
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
        binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
        binding.Security.Mode = SecurityMode.TransportWithMessageCredential;

        var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(adfsBaseAddress + endpointSuffix))
                                        {
                                            TrustVersion = TrustVersion.WSTrust13
                                        };
        trustChannelFactory.Credentials.UserName.UserName = username;
        trustChannelFactory.Credentials.UserName.Password = password;

        var tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel();

        var rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Symmetric);
        var token = tokenClient.Issue(rst);

        // do some token-related stuff

        return token.Id;
    }
}
除了内部例外:

System.ServiceModel.Security.MessageSecurityException - "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail."

System.ServiceModel.FaultException - "An error occurred when verifying security for the message."
我想这与响应签名或证书有关,但我不知道如何克服这一点,因为我是WIF的新手。

我已经设法(部分)解决了这个问题。我对代码做了一些更改,但问题似乎与以下方面有关:

  • STS端点-对于这种类型的身份验证,应该是
    /trust/13/usernamemix
  • RST密钥类型-当我将其设置为
    Bearer
    时,它开始返回SAML令牌
以下是我的最新版本:

public class MobileAuthService : IMobileAuthService
{
    private const string stsEndpointAddress = @"https://<my_adfs_hostname>/adfs/services/trust/13/usernamemixed";

    private const string relyingPartyAddress =
        "https://<my_service_addr>/Auth.svc";

    public string AuthenticateUser(string username, string password)
    {
        var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential)
            {
                ClientCredentialType = HttpClientCredentialType.None
            };

        var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(stsEndpointAddress))
                                        {
                                            TrustVersion = TrustVersion.WSTrust13
                                        };

        var channelCredentials = trustChannelFactory.Credentials;
        channelCredentials.UserName.UserName = username;
        channelCredentials.UserName.Password = password;
        channelCredentials.SupportInteractive = false;

        var tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel();

        var rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer)
            {
                AppliesTo = new EndpointReference(relyingPartyAddress),
                ReplyTo = relyingPartyAddress,
                TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
            };

        // to some token-related stuff (like transformations etc...)
    }
}

公共类MobileAuthService:IMobileAuthService
{
私有常量字符串stsEndpointAddress=@”https:///adfs/services/trust/13/usernamemixed";
私有常量字符串relyingPartyAddress=
"https:///Auth.svc";
公共字符串验证器(字符串用户名、字符串密码)
{
var binding=new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential)
{
ClientCredentialType=HttpClientCredentialType.None
};
var trustChannelFactory=new WSTrustChannelFactory(绑定,新端点地址(stsEndpointAddress))
{
TrustVersion=TrustVersion.WSTrust13
};
var channelCredentials=trustChannelFactory.Credentials;
channelCredentials.UserName.UserName=用户名;
channelCredentials.UserName.Password=密码;
channelCredentials.SupportInteractive=false;
var tokenClient=(WSTrustChannel)trustChannelFactory.CreateChannel();
var rst=新的RequestSecurityToken(RequestTypes.Issue,KeyTypes.Bearer)
{
AppliesTo=新端点引用(relyingPartyAddress),
ReplyTo=相关方地址,
标记类型=”http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
};
//到一些令牌相关的东西(如转换等…)
}
}
我希望这能帮助那些最终遇到类似问题的人