1. 首页
  2. 问答
  3. 如何在.NET 4.5中使用ADFS来保护WCF Web服务?

如何在.NET 4.5中使用ADFS来保护WCF Web服务?

2014-10-01 188 views
0

使用Identity and Access工具(VS 2012的一部分),我可以配置WCF以使用我们的公司ADFS服务器。如何在.NET 4.5中使用ADFS来保护WCF Web服务?

相关的web.config

<system.serviceModel> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <!-- To avoid disclosing metadata information, set the values below to false before deployment --> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      <!--Certificate added by Identity and Access Tool for Visual Studio.--> 
      <!-- <serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />--> 
      <serviceCertificate findValue="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" /> 
      </serviceCredentials> 
      <serviceAuthorization principalPermissionMode="Always"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <protocolMapping> 
     <add scheme="http" binding="ws2007FederationHttpBinding" /> 
     <add binding="basicHttpsBinding" scheme="https" /> 
    </protocolMapping> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
    <bindings> 
     <ws2007FederationHttpBinding> 
     <binding name=""> 
      <security mode="TransportWithMessageCredential"> 
      <message establishSecurityContext="false"> 
       <issuerMetadata address="https://auth1.domain.com/adfs/services/trust/mex" /> 
      </message> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true" /> 
    <!-- 
     To browse web app root directory during debugging, set the value below to true. 
     Set to false before deployment to avoid disclosing web app folder information. 
     --> 
    <directoryBrowse enabled="true" /> 
    </system.webServer> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="https://wcfurl.domain.com/" /> 
     </audienceUris> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> 
     <authority name="http://auth1.domain.com/adfs/services/trust"> 
      <keys> 
      <add thumbprint="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" /> 
      </keys> 
      <validIssuers> 
      <add name="http://auth1.domain.com/adfs/services/trust" /> 
      </validIssuers> 
     </authority> 
     </issuerNameRegistry> 
     <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.--> 
     <certificateValidation certificateValidationMode="None" /> 
    </identityConfiguration> 
    </system.identityModel>

然而,当我从一个控制台应用程序中引用这个WCF服务(添加服务引用)将呼叫直接向WCF服务,它不重定向到ADFS进行身份验证就像使用标准的ASP.NET应用程序一样。

我真的必须通过代码实现对adfs的调用吗?如果有的话,有关如何做到这一点的线索?

来源

2014-10-01 Éric Talbot

+0

凡你的服务会被托管吗? – 2014-10-01 19:37:07

+0

在企业IIS服务器上@ https://wcfurl.domain.com/ – 2014-10-01 19:46:46

回答

1

Eric在基于SAML的身份验证Web服务和基于浏览器的应用程序(即Web应用程序)中使用不同的身份验证机制。尝试使用WS-信托看到被动VS主动认证,在你的情况下,客户应该推动认证(活动客户端),因为在Web服务call.Check没有重定向出这个http://msdn.microsoft.com/en-us/magazine/ee335705.aspx

-Peace

来源

2014-10-02 14:50:11 Fasika

相关问题

 相关问题