为什么在传入联合安全令牌时此WCF调用失败
我正在尝试将安全令牌从客户端应用程序传递到WCF服务以进行身份验证 对于这个示例,我只是使用标准文件newwcf应用程序项目,并尝试调用GetData方法 我在客户端上得到以下异常 {“无法处理邮件。这很可能是因为 操作“”不正确或是因为 消息包含无效或过期的安全上下文令牌或 因为绑定之间不匹配。安全上下文 如果服务由于以下原因中止了通道,则令牌将无效 不活动。防止服务中止空闲会话 过早增加服务端点上的接收超时 绑定。“} 如果我在WCF服务上启用跟踪,我可以看到以下错误 没有通道可以接受带有操作的消息 '' 我的服务的Web.Config如下所示为什么在传入联合安全令牌时此WCF调用失败,wcf,wcf-security,wif,federated-identity,Wcf,Wcf Security,Wif,Federated Identity,我正在尝试将安全令牌从客户端应用程序传递到WCF服务以进行身份验证 对于这个示例,我只是使用标准文件newwcf应用程序项目,并尝试调用GetData方法 我在客户端上得到以下异常 {“无法处理邮件。这很可能是因为 操作“”不正确或是因为 消息包含无效或过期的安全上下文令牌或 因为绑定之间不匹配。安全上下文 如果服务由于以下原因中止了通道,则令牌将无效 不活动。防止服务中止空闲会话 过早增加服务端点上的接收超时 绑定。“} 如果我在WCF服务上启用跟踪,我可以看到以下错误 没有通道可以接受带有操
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<!--Configure STS-->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://stsserver.security.int/myApp" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
<trustedIssuers>
<add thumbprint="3c8fc34bd483b07ba0d1509827fc4788c36247e4" name="StartSSL Login" />
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name ="IdentityServer">
<security mode="TransportWithMessageCredential">
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="Services.Service1" behaviorConfiguration="CertificateBehavior">
<endpoint name="ws" binding="ws2007FederationHttpBinding" bindingConfiguration="IdentityServer" contract="Services.IService1" address=""/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CertificateBehavior">
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
static void CallSecuredService(SecurityToken samlToken)
{
var binding = new WS2007FederationHttpBinding((WSFederationHttpSecurityMode.TransportWithMessageCredential));
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService1>(binding, new EndpointAddress("https://localhost/myservice/Service1.svc"));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var proxy = factory.CreateChannelWithIssuedToken(samlToken);
Console.WriteLine(proxy.GetData(1));
}
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<!--Configure STS-->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://stsserver.security.int/myApp" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
<trustedIssuers>
<add thumbprint="3c8fc34bd483b07ba0d1509827fc4788c36247e4" name="StartSSL Login" />
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name ="IdentityServer">
<security mode="TransportWithMessageCredential">
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="Services.Service1" behaviorConfiguration="CertificateBehavior">
<endpoint name="ws" binding="ws2007FederationHttpBinding" bindingConfiguration="IdentityServer" contract="Services.IService1" address=""/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CertificateBehavior">
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
static void CallSecuredService(SecurityToken samlToken)
{
var binding = new WS2007FederationHttpBinding((WSFederationHttpSecurityMode.TransportWithMessageCredential));
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService1>(binding, new EndpointAddress("https://localhost/myservice/Service1.svc"));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var proxy = factory.CreateChannelWithIssuedToken(samlToken);
Console.WriteLine(proxy.GetData(1));
}
static void CallSecuredService(SecurityToken-samlToken)
{
var binding=新的WS2007FederationHttpBinding((WSFederationHttpSecurityMode.TransportWithMessageCredential));
binding.Security.Message.IssuedKeyType=SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext=false;
var factory=newchannelfactory(绑定,新端点地址(“https://localhost/myservice/Service1.svc"));
factory.Credentials.SupportInteractive=false;
factory.Credentials.UseIdentityConfiguration=true;
var proxy=factory.CreateChannelWithIssuedToken(samlToken);
Console.WriteLine(proxy.GetData(1));
}
任何关于我应该检查的东西的指针都会很好,因为我现在有点不知所措。我不确定如何进一步调试它?我终于克服了这个错误。问题是服务和客户端绑定之间有一点不匹配 将web.config中的绑定更改为该值修复了此问题
<bindings>
<ws2007FederationHttpBinding>
<binding name ="IdentityServer">
<security mode="TransportWithMessageCredential">
<message issuedKeyType="BearerKey" establishSecurityContext="false"/>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>