WCF服务客户端配置生成错误

Question

我想验证用户使用ADFS 2.0使用自写的WCF服务。该服务已准备好并且功能齐全。 ADFS 2.0也正确设置。

当我在代码中设置客户端绑定并执行其中的任务时，所有操作都按预期工作。但是，当我喜欢使用由“更新服务引用”生成的配置时，绑定是错误的，并且不能按预期工作。

我在哪里错过了什么？任何提示欢迎。

给出错误

未处理的异常：System.ServiceModel.FaultException：消息 与行动 “http://docs.oasis-open.org/ws-sx/ws-由于 EndpointDispatcher中的ContractFilter不匹配，信任/ 200512/RST/Issue'不能为 在接收方处理。这可能是因为发件人和收件人之间的合同不匹配 （发件人和收件人之间的不匹配操作）或绑定/安全 不匹配。检查发件人和 接收者是否具有相同的合同和相同的绑定（包括 安全要求，例如消息，传输，无）。

服务器配置：

<bindings> 
    <ws2007FederationHttpBinding> 
    <binding> 
     <security mode="TransportWithMessageCredential"> 
     <message establishSecurityContext="false"> 
      <issuerMetadata address="https://sts.local.domain/adfs/services/trust/mex" /> 
      <issuer address="https://sts.local.domain/adfs/services/trust/2005/windowstransport" binding="ws2007HttpBinding" /> 
      <claimTypeRequirements> 
      <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" /> 
      <add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" /> 
      </claimTypeRequirements> 
     </message> 
     </security> 
    </binding> 
    </ws2007FederationHttpBinding> 
    <ws2007HttpBinding> 
    <binding> 
     <security mode="Transport"> 
     <transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/> 
     <message clientCredentialType="None" establishSecurityContext="false" negotiateServiceCredential="true" /> 
     </security> 
    </binding> 
    </ws2007HttpBinding> 
</bindings> 

客户端配置（不工作）：在代码

<bindings> 
    <ws2007FederationHttpBinding> 
    <binding name="WS2007FederationHttpBinding_IMyService" closeTimeout="00:01:00" 
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
     bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" 
     maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" 
     textEncoding="utf-8" useDefaultWebProxy="true"> 
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
     maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
     <reliableSession ordered="true" inactivityTimeout="00:10:00" 
     enabled="false" /> 
     <security mode="TransportWithMessageCredential"> 
     <message algorithmSuite="Default" establishSecurityContext="false" 
      issuedKeyType="SymmetricKey" negotiateServiceCredential="true"> 
      <issuer address="https://sts.local.domain/adfs/services/trust/2005/windowstransport" binding="ws2007HttpBinding" /> 
      <issuerMetadata address="https://sts.local.domain/adfs/services/trust/mex" /> 
      <tokenRequestParameters> 
      <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"> 
       <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> 
       <Address>https://service.machine.local/STSWcfService/MyService.svc</Address> 
       </EndpointReference> 
      </AppliesTo> 
      <trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
       <trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType> 
       <trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize> 
       <trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" 
       xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> 
       <wsid:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" 
        Optional="true" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" /> 
       <wsid:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" 
        Optional="true" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" /> 
       </trust:Claims> 
       <trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm> 
       <trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith> 
       <trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith> 
       <trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm> 
       <trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm> 
      </trust:SecondaryParameters> 
      </tokenRequestParameters> 
     </message> 
     </security> 
    </binding> 
    </ws2007FederationHttpBinding> 
    <ws2007HttpBinding> 
    <binding> 
     <security mode="Transport"> 
     <transport clientCredentialType="Windows" /> 
     <message clientCredentialType="Windows" establishSecurityContext="false" /> 
     </security> 
    </binding> 
    </ws2007HttpBinding> 
</bindings> 
<client> 
    <endpoint address="https://service.machine.local/STSWcfService/MyService.svc" 
    binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IMyService" 
    contract="ServiceReference.IMyService" name="WS2007FederationHttpBinding_IMyService" /> 
</client> 

客户端绑定（工作）：

private static SecurityToken GetToken() 
{ 
    var factory = new WSTrustChannelFactory(new WindowsWSTrustBinding(SecurityMode.Transport), adfsEndPoint) 
    { 
     TrustVersion = TrustVersion.WSTrustFeb2005 
    }; 

    var requestSecurityToken = new RequestSecurityToken 
    { 
     RequestType = WSTrustFeb2005Constants.RequestTypes.Issue, 
     AppliesTo = new EndpointAddress(serviceEndPoint), 
     KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric 
    }; 

    var channel = factory.CreateChannel(); 
    return channel.Issue(requestSecurityToken); 
} 

private static void CallService(SecurityToken token) 
{ 
    // create binding and turn off sessions 
    var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); 
    binding.Security.Message.EstablishSecurityContext = false; 

    // create factory and enable WIF plumbing 
    var factory = new ChannelFactory<IMyService>(binding, new EndpointAddress(serviceEndPoint)); 
    factory.ConfigureChannelFactory(); 

    // turn off CardSpace - we already have the token 
    factory.Credentials.SupportInteractive = false; 

    var channel = factory.CreateChannelWithIssuedToken(token); 
    foreach (var claim in channel.GetClaims()) 
    { 
     Console.WriteLine("{0}\n {1}\n {2} ({3})\n", claim.ClaimType, claim.Value, claim.Issuer, claim.OriginalIssuer); 
    } 
} 

Answer 1

我认为你的安全模式和客户端凭证可能不匹配。

把它放在你的app.config（客户端和服务器）中，并确保这些进程具有写入目录的权限。

<system.diagnostics> 
    <sources> 
     <source name="Microsoft.IdentityModel" switchValue="Verbose"> 
     <listeners> 
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" 
       initializeData="c:\temp\WIF.svclog" /> 
     </listeners> 
     </source> 
     <source name="System.ServiceModel.MessageLogging" switchValue="Verbose"> 
     <listeners> 
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" 
       initializeData="c:\temp\WCF.svclog" /> 
     </listeners> 
     </source> 
    </sources> 
    <trace autoflush="true" /> 
    </system.diagnostics> 

在试图弄清楚什么是错误时，这帮了我很大的忙。我还建议（仅用于测试）在故障中包含服务例外。

<behaviors> 
    <serviceBehaviors> 
     <behavior> 
     <serviceDebug includeExceptionDetailInFaults="true" /> 
     </behavior> 
    </serviceBehaviors> 
</behaviors> 

请执行此操作，并用日志中的错误更新您的问题。

Answer 2

您可以创建另一个绑定节并为其命名与Visual Studio生成的不同的名称。在下一次更新中，绑定将被合并。

Answer 3

由于某些原因，我无法添加注释 - 但是我已经看到WCF'忽略'我的wshttpbinding，并且在我更改了SVC文件内容时采用了basichttpbinding - 它最终依赖于该方案来确定绑定并因此忽略除了basicHttpBinding之外的任何http地址。

看看那里，看看是否有帮助。