C# 从bootstraptoken获取新的ADFS令牌以登录Office 365
我正在尝试实现此场景(我正在服务器端C#中开发SharePoint Web部件): i、 e.我的目标是使用尚未确定的API(EWS或其他),将初始用户(连接到SharePoint)的凭据委托给由Exchange Online(Office 365)邮箱组成的后端系统 SharePoint(在prem上)和Exchange Online都连接到相同的ADF。C# 从bootstraptoken获取新的ADFS令牌以登录Office 365,c#,office365,wif,adfs,identity-delegation,C#,Office365,Wif,Adfs,Identity Delegation,我正在尝试实现此场景(我正在服务器端C#中开发SharePoint Web部件): i、 e.我的目标是使用尚未确定的API(EWS或其他),将初始用户(连接到SharePoint)的凭据委托给由Exchange Online(Office 365)邮箱组成的后端系统 SharePoint(在prem上)和Exchange Online都连接到相同的ADF。 第一步是从ADFS获取一个新令牌(然后我将从Office 365获取ADFS提供的另一个令牌,然后我将使用O365令牌调用Exchang
第一步是从ADFS获取一个新令牌(然后我将从Office 365获取ADFS提供的另一个令牌,然后我将使用O365令牌调用Exchange Online API…除非我在这里出错?) 总之,我想根据当前连接使用的“bootstraptoken”为当前用户获取一个新令牌。 以下是我的初始代码:
public static System.IdentityModel.Tokens.SecurityToken GetDelegationToken()
{
IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;
SecurityToken bootstrapToken = claimsPrincipal.Identities[0].BootstrapToken;
WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, new EndpointAddress(c_adfsBaseUrl + "adfs/services/trust/13/usernamemixed"));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
RequestSecurityToken rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(c_realm),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
TokenType = "urn:oasis:names:tc:SAML:2.0:assertion",
};
factory.ConfigureChannelFactory();
IWSTrustChannelContract channel = factory.CreateChannelWithIssuedToken(bootstrapToken);
RequestSecurityTokenResponse rstr;
SecurityToken token = channel.Issue(rst, out rstr);
return token;
}
此操作在频道上失败。问题为:
签名令牌System.IdentityModel.Tokens.SamlSecurity令牌没有密钥。安全令牌用于要求其执行加密操作的上下文中,但该令牌不包含加密密钥。令牌类型不支持加密操作,或者特定令牌实例不包含加密密钥。检查您的配置,以确保在需要加密操作(例如,背书支持令牌)的上下文中未指定加密禁用的令牌类型(例如,UserNameSecurityToken)。
然后我采纳了特拉维斯·斯宾塞的建议。我最终得到了那个密码:
public static System.IdentityModel.Tokens.SecurityToken GetDelegationToken()
{
IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;
SecurityToken bootstrapToken = claimsPrincipal.Identities[0].BootstrapToken;
WS2007FederationHttpBinding binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.NegotiateServiceCredential = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
/*
WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.ClientCredentialType = MessageCredentialType.IssuedToken;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
*/
WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, new EndpointAddress(c_adfsBaseUrl + "adfs/services/trust/13/usernamemixed"));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.SupportInteractive = false;
RequestSecurityToken rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(c_realm),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
TokenType = "urn:oasis:names:tc:SAML:2.0:assertion",
};
factory.ConfigureChannelFactory();
IWSTrustChannelContract channel = factory.CreateChannelWithIssuedToken(bootstrapToken);
RequestSecurityTokenResponse rstr;
SecurityToken token = channel.Issue(rst, out rstr);
return token;
}
但现在它失败了:
从另一方收到未担保或未正确担保的故障。有关故障代码和详细信息,请参阅内部故障异常。
和内部消息:
处理邮件中的安全令牌时出错。
下一步我可以试试什么?
当用户已通过我的ADFS登录时,如何获取访问Office 365的新令牌