我已经花了相当一段时间来处理这个教程,试图重现你的问题(这很容易),并在你对我之前的回答发表评论之后修复它(这很难)。
事情是,身份和访问扩展有一个错误,并在服务的web.config中放置错误的发行人地址。如果从2013年8月13日看ChrisPD的评论在homepage of Identity and Access tool,你会看到:
ChrisPD: 虽然继续调查此我注意到,身份和访问工具使发行人的元数据的地址进入配置文件“https://localhost/adfs/services/trust/mex
”而不是正确的值“http://localhost:15196/wsTrustSTS/mex
”,其中15196是在工具中分配的端口号。当我将其替换为服务配置并运行“添加服务参考”时,它会生成一个发行人地址http://localhost:15196/wsTrustSTS/
。 因此,身份和访问工具中似乎存在一个错误,即在选择LocalSTS时,它不会插入正确的issuerMetadata地址。
我做了什么ChrisPD建议,我遇到了证书链建设的小问题,因为Identity和Access工具在示例中使用的证书是自签名的,并且只能放在LocalMachine \ My商店中。因此它不被信任。我将它复制到LocalMachine \ Root存储(我用mmc控制台)并且它工作。
编辑: 我的web.config看起来像
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="ida:FederationMetadataLocation" value="http://localhost:14060/wsFederationSTS/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:ProviderSelection" value="localSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials useIdentityConfiguration="true">
<!--Certificate added by Identity and Access Tool for Visual Studio.-->
<serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="Message">
<message>
<issuerMetadata address="http://localhost:14060/wsTrustSTS/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:49768/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="LocalSTS"><keys><add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" /></keys><validIssuers><add name="LocalSTS" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
</configuration>
和app.config中,如:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IService1">
<security>
<message>
<issuer address="http://localhost:14060/wsTrustSTS/" binding="ws2007HttpBinding"
bindingConfiguration="http://localhost:14060/wsTrustSTS/">
<identity>
<userPrincipalName value="ellework\ppolacko" />
</identity>
</issuer>
<issuerMetadata address="http://localhost:14060/wsTrustSTS/mex" />
<tokenRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="http://localhost:14060/wsTrustSTS/">
<security>
<message establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:49768/Service1.svc" binding="ws2007FederationHttpBinding"
bindingConfiguration="WS2007FederationHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WS2007FederationHttpBinding_IService1">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAydG2/dJ6+Purio4Xzd3ztFWxsDUgAAAAAQAAANUBAAAwggHRMIIBOqADAgECAhB4dGIh+3ScrU79RRAyML8sMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMzAyMjExNTU5MDBaFw0xODAyMjEwMDAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2d2XGXk/bvHmqv0Fl3conPWldZ3U5AblUnGH8+ew7u4GnWgQ2kL1aQXDf4eGGCBd0rtkUn0cggwE1Fh9TtLQ21RuWjLpAu86xQZCgxycAfu07Axyt8CCOshbkyfW5u+PRS5vUH9nDm4eG4X5y+8NKcyTcCwCrJUBVRXNgpu1VzcCAwEAAaMkMCIwCwYDVR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAHfckVaKBDdQML7KcQkR6gHVj4icw/uoTBdrQH7OrKEUTa9CzL6yDyTRXw2IhMU60eHD3JzVWX3HYQX2z76vZ2F0C2BAKN1xtai0uASFJE7Hfjuj9wZy7Sp8ZuJ3Xchu+OCXHW65l3iPFndRaZMGTHZOhEE2BeI1a0VEu+VSSKyx" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
这似乎并不为compatable与教程。我会在哪里获得'findValue'的值,以及为什么当该工具假设为您处理WIF仿真时需要设置'supportInteractive' =“false”? – Trisped
我已更新(重写)我的答案。 – pepo
我在App.config和Web.config中更改了' '以将端口包含在地址中。我仍然得到相同的异常消息,所以我尝试将本地主机证书从“Personal”移动到“受信任的根证书颁发机构”,但它仍然会出现相同的错误。 –
Trisped