1. 首页
  2. 问答
  3. WCF服务和Thinktecture身份服务器

WCF服务和Thinktecture身份服务器

2013-05-21 87 views
2

即时通讯使用thinktecture identityserver安全令牌服务即时尝试设置一个场景,我有一个客户端使用WCF服务。我被困在一个地步,我得到一个错误:WCF服务和Thinktecture身份服务器

MessageSecurityException 
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. 
InnerException 
At least one security token in the message could not be validated.

我设置一个WIN2008服务器上的STS和所有工作正确其已与MVC现场工作。但有了wcf服务,我无法让它工作。我使用bearerkey作为SecurityKeyType。我确实在客户端应用程序函数RequestToken()中获得了一个令牌。这是我的wcf服务配置:

<system.serviceModel> 
    <services> 
     <service name="ClaimWcfService.Service1"> 
     <endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="https://anno99-pc/"/> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    <bindings> 
     <ws2007FederationHttpBinding> 
     <binding name=""> 
      <security mode="TransportWithMessageCredential"> 
      <message establishSecurityContext="false" issuedKeyType="BearerKey"> 
       <issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" /> 
      </message> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceAuthorization principalPermissionMode="Always" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      <serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <protocolMapping> 
     <add scheme="http" binding="ws2007FederationHttpBinding" /> 
    </protocolMapping> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 

    </system.serviceModel> 

    <!-- Config STS --> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="https://anno99-pc/ClaimWcfService/Service1.svc" /> 
     </audienceUris> 
     <!--Commented by Identity and Access VS Package--> 
     <certificateValidation certificateValidationMode="None" /> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> 
     <authority name="http://identityserver.v2.wkp.com/trust/wkp"> 
      <keys> 
      <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" /> 
      </keys> 
      <validIssuers> 
      <add name="http://identityserver.v2.wkp.com/trust/wkp" /> 
      </validIssuers> 
     </authority> 
     </issuerNameRegistry> 
    </identityConfiguration> 
    </system.identityModel>

这是客户端:它只是一个控制台应用程序。

static void Main(string[] args) 
{ 
    var token = RequestToken(); 
    CallService(token); 
} 

static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username"; 
static string _realm = "https://anno99-pc/ClaimWcfService/"; 

private static void CallService(SecurityToken token) 
{ 
    var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc"; 

    var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); 
    binding.Security.Message.EstablishSecurityContext = false; 
    binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; 

    var factory = new ChannelFactory<IService1>(binding, 
      new EndpointAddress(serviceEndpoint)); 
    factory.Credentials.SupportInteractive = false; 
    factory.Credentials.UseIdentityConfiguration = true; 

    var channel = factory.CreateChannelWithIssuedToken(token); 

     var data = channel.GetData(1); 
} 

private static SecurityToken RequestToken() 
{ 
    var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); 

    var credentials = new ClientCredentials(); 
    credentials.UserName.UserName = "username"; 
    credentials.UserName.Password = "password"; 

    return WSTrustClient.Issue(
      new EndpointAddress(_idsrvEndpoint), 
      new EndpointAddress(_realm), 
      binding, 
      credentials); 
}

如果有人能帮助我,那会很棒。

来源

2013-05-21 StefanHa

回答

6

经过一些谷歌搜索和尝试后,我得到它的工作。我不得不改变配置的这些部分。

<services> 
     <service name="ClaimWcfService.Service1"> 
     <endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" /> 
     </service> 
    </services> 


    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceAuthorization principalPermissionMode="Always" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 

    <system.identityModel> 
    <identityConfiguration saveBootstrapContext="true"> 
     <audienceUris> 
     <add value="https://anno99-pc/ClaimWcfService/" /> 
     </audienceUris> 

     <certificateValidation certificateValidationMode="None" /> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> 
     <trustedIssuers> 
      <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" 
       name="idsrv" /> 
     </trustedIssuers> 
     </issuerNameRegistry> 

    </identityConfiguration> 
    </system.identityModel>

我希望这可以帮助别人

来源

2013-05-23 08:06:39 StefanHa

+0

**不要设置certificateValidationMode为无**在生产! – Matt

相关问题

 相关问题