1. 首页
  2. 问答
  3. 在IIS托管的WCF服务中使用IdentityServer令牌

在IIS托管的WCF服务中使用IdentityServer令牌

2016-05-12 113 views
0

我想在IIS托管的WCF服务中使用(消费)IdentityServer令牌。我已经看到Dominick提供的自定义WCF服务样本。但是因为我的WCF服务托管在IIS中,所以我需要在web.config文件中配置绑定和标识服务器配置选项。 任何人都可以与IdentityServer配置共享web.config文件吗? 请找我目前的配置如下:在IIS托管的WCF服务中使用IdentityServer令牌

<?xml version="1.0"?> 
<configuration> 
<appSettings> 
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" /> 
</appSettings> 
<system.web> 
<compilation debug="true" targetFramework="4.5.2" /> 
<httpRuntime targetFramework="4.5.2"/> 
</system.web> 
<system.serviceModel> 
<bindings> 
    <ws2007FederationHttpBinding> 
    <binding name="WS2007FederationHttpBinding_IService1"> 
     <security mode="TransportWithMessageCredential"> 
     <message establishSecurityContext="false" issuedKeyType="BearerKey"> 
      <issuer address="https://localhost/dentityServer" /> 
     </message> 
     </security> 
    </binding> 
    </ws2007FederationHttpBinding> 
</bindings> 
<client> 
    <endpoint address="https://localhost/IDPWcfService1/Service1.svc" 
      binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IService1" 
      contract="WcfService1.IService1" name="WS2007FederationHttpBinding_IService1" ></endpoint> 
</client> 
<behaviors> 
    <serviceBehaviors> 
    <behavior> 
     <!-- To avoid disclosing metadata information, set the values below to false before deployment --> 
     <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> 
     <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
     <serviceDebug includeExceptionDetailInFaults="false"/> 
    </behavior> 
    </serviceBehaviors> 
</behaviors> 
<protocolMapping> 
    <add binding="basicHttpsBinding" scheme="https" /> 
</protocolMapping>  
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
</system.serviceModel> 
<system.webServer> 
<modules runAllManagedModulesForAllRequests="true"/> 
<!-- 
    To browse web app root directory during debugging, set the value below to true. 
    Set to false before deployment to avoid disclosing web app folder information. 
    --> 
<directoryBrowse enabled="true"/> 
</system.webServer> 

</configuration>

来源

2016-05-12 Venkat Naidu

回答

0

我在这里做同样的事情的中间,你需要添加自定义XML包装类来封装智威汤逊(这简直是将传递安全令牌从客户每次调用服务,以便您可以验证客户端)

你可以找到这篇文章在这里对更多的细节:https://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/

一旦这一步完成后,你需要添加这个自定义XML包装到网站.config像这样:

<system.identityModel> 
    <identityConfiguration saveBootstrapContext="true"> 
     <securityTokenHandlers> 
     <remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=abcdefg123456789"/>   
     <add type="Web.stuff.ServerSideAuthentication.IdentityServerWrappedJwtHandler, Web.stuff" /> 
     </securityTokenHandlers> 
    </identityConfiguration> 
    </system.identityModel>

另外不要忘记在configsections节点下为这个新节添加一个decalration。

来源

2017-04-19 11:23:43 Zeyad

相关问题

 相关问题