Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/svn/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 从adfs服务器获取安全令牌时出错_C#_Wcf_Wif_Adfs_Sts Securitytokenservice - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 从adfs服务器获取安全令牌时出错

C# 从adfs服务器获取安全令牌时出错

c# wcf

C# 从adfs服务器获取安全令牌时出错,c#,wcf,wif,adfs,sts-securitytokenservice,C#,Wcf,Wif,Adfs,Sts Securitytokenservice,为了针对ADFS进行身份验证并检查声明,我希望从ADFS服务器获取安全令牌。但是,我使用的示例代码在请求令牌时总是生成错误。示例代码如下所示: private static SecurityToken RequestSamlToken() { var factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMod

为了针对ADFS进行身份验证并检查声明,我希望从ADFS服务器获取安全令牌。但是,我使用的示例代码在请求令牌时总是生成错误。示例代码如下所示:

 private static SecurityToken RequestSamlToken()
            {
                var factory = new WSTrustChannelFactory(
                    new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                    new EndpointAddress(adfsEndpoint));
                factory.TrustVersion = TrustVersion.WSTrust13;
                factory.Credentials.UserName.UserName = username;
                factory.Credentials.UserName.Password = password;

                var rst = new RequestSecurityToken
                {
                    RequestType = RequestTypes.Issue,
                    KeyType = KeyTypes.Bearer,  
                    AppliesTo = new EndpointReference(realm)
                };

                return factory.CreateChannel().Issue(rst);
            }
我得到以下错误:

System.ServiceModel.dll中发生“System.ServiceModel.FaultException”类型的未处理异常 其他信息:ID3082:请求范围无效或不受支持

ADFS服务器中是否缺少任何不允许提供令牌的配置?另一段使用IDPI启动登录的代码用于生成SAML令牌。 ADFS属性如下所示-

AcceptableIdentifiers                      : {}
AddProxyAuthorizationRules                 : exists([Type ==
                                             "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value
                                             == "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) => issue(Type =
                                             "http://schemas.microsoft.com/authorization/claims/permit", Value =
                                             "true");
                                                         c:[Type ==
                                             "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid",
                                             Issuer =~ "^AD AUTHORITY$" ]
                                                                    => issue(store="_ProxyCredentialStore",types=("http
                                             ://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrust
                                             ManagerSid({0})", param=c.Value );
                                                         c:[Type ==
                                             "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid",
                                             Issuer =~ "^SELF AUTHORITY$" ]
                                                                    => issue(store="_ProxyCredentialStore",types=("http
                                             ://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrust
                                             Provisioned({0})", param=c.Value );
ArtifactDbConnection                       : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial
                                             Catalog=AdfsArtifactStore;Integrated Security=True
AuthenticationContextOrder                 : {urn:oasis:names:tc:SAML:2.0:ac:classes:Password,
                                             urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,
                                             urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient,
                                             urn:oasis:names:tc:SAML:2.0:ac:classes:X509...}
AutoCertificateRollover                    : True
CertificateCriticalThreshold               : 2
CertificateDuration                        : 365
CertificateGenerationThreshold             : 20
CertificatePromotionThreshold              : 5
CertificateRolloverInterval                : 720
CertificateSharingContainer                : CN=6b987b00-35ce-44d9-97c8-561b6f1ac3dd,CN=ADFS,CN=Microsoft,CN=Program
                                             Data,DC=sciemetricdev,DC=com
CertificateThresholdMultiplier             : 1440
ClientCertRevocationCheck                  : None
ContactPerson                              :
DisplayName                                : ADFS
IntranetUseLocalClaimsProvider             : False
ExtendedProtectionTokenCheck               : Allow
FederationPassiveAddress                   : /adfs/ls/
HostName                                   : *************.com
HttpPort                                   : 80
HttpsPort                                  : 443
TlsClientPort                              : 49443
Identifier                                 : http://*******.com/adfs/services/trust
InstalledLanguage                          : en-US
LogLevel                                   : {Errors, Information, Verbose, Warnings}
MonitoringInterval                         : 1440
NetTcpPort                                 : 1501
NtlmOnlySupportedClientAtProxy             : False
OrganizationInfo                           :
PreventTokenReplays                        : False
ProxyTrustTokenLifetime                    : 21600
ReplayCacheExpirationInterval              : 60
SignedSamlRequestsRequired                 : False
SamlMessageDeliveryWindow                  : 5
SignSamlAuthnRequests                      : False
SsoLifetime                                : 480
PersistentSsoLifetimeMins                  : 10080
KmsiLifetimeMins                           : 1440
PersistentSsoEnabled                       : True
PersistentSsoCutoffTime                    : 1/1/0001 12:00:00 AM
KmsiEnabled                                : False
LoopDetectionEnabled                       : True
LoopDetectionTimeIntervalInSeconds         : 20
LoopDetectionMaximumTokensIssuedInInterval : 5
PasswordValidationDelayInMinutes           : 60
SendClientRequestIdAsQueryStringParameter  : False
WIASupportedUserAgents                     : {MSAuthHost/1.0/In-Domain, MSIE 6.0, MSIE 7.0, MSIE 8.0...}
ExtranetLockoutThreshold                   : 2147483647
ExtranetLockoutEnabled                     : False
ExtranetObservationWindow                  : 00:30:00
看起来您没有在ADF中为您在
rts.AppliesTo
属性(代码中的
realm
变量)中传递的URL创建依赖方

您从ADF接收的令牌不是通用的,它们只适用于访问您传入请求属性的特定服务器。即使对于相同的用户身份,如果需要访问另一台服务器,也需要从ADFS获取另一个令牌

此外,您将无法检查请求令牌的应用程序中的声明。您需要将令牌传递给服务器,并让服务器向您显示声明

下面是这样一个服务器应用程序的示例:

看起来您没有在ADF中为您在
rts.AppliesTo
属性(代码中的
变量)中传递的URL创建依赖方

您从ADF接收的令牌不是通用的,它们只适用于访问您传入请求属性的特定服务器。即使对于相同的用户身份,如果需要访问另一台服务器,也需要从ADFS获取另一个令牌

此外,您将无法检查请求令牌的应用程序中的声明。您需要将令牌传递给服务器,并让服务器向您显示声明

下面是这样一个服务器应用程序的示例:

使用powershell,只需再次检查adfs属性“AcceptableIdentifiers”。运行:“在Microsoft.Adfs.PowerShell中添加PSSNapin”以加载管理单元。以及命令get adfspropertiesadfs properties added。不知道它是否有用!使用powershell,只需再次检查adfs属性“AcceptableIdentifiers”。运行:“在Microsoft.Adfs.PowerShell中添加PSSNapin”以加载管理单元。以及命令get adfspropertiesadfs properties added。不知道它是否有用!