我有一个MVC应用与ACS交谈以获取身份验证令牌。它是一个基于声明的应用程序。这完全没问题。
我试图从MVC调用WCF服务一旦经过相同的认证,以便我可以使用相同的声明进行授权。
MVC代码如下
var context = (BootstrapContext)identity.BootstrapContext;
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message);
binding.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuerBinding = new WS2007FederationHttpBinding();
EndpointAddress acsEndPoint =
new EndpointAddress("https://ACS namespace/v2/wsfederation");
binding.Security.Message.IssuerAddress = acsEndPoint;
binding.Security.Message.IssuedTokenType = "urn:ietf:params:oauth:token-type:jwt";
ChannelFactory<IService1> factory =
new ChannelFactory<IService1>(binding, new EndpointAddress("https://localhost/TestWCF/Service1.svc"));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var proxy = factory.CreateChannelWithIssuedToken(context.SecurityToken);
proxy.GetData(1);
WCF网络配置如下
<system.serviceModel>
<services>
<service name="TestWCF.Service1">
<endpoint address="" behaviorConfiguration="webHttpAutoFormat" binding="ws2007FederationHttpBinding" bindingConfiguration="secureHttpBinding" contract="TestWCF.IService1"/>
<endpoint address="soap" binding="basicHttpBinding" contract="TestWCF.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007FederationHttpBinding>
<binding name="secureHttpBinding">
<security mode="None">
<message establishSecurityContext="false" issuedKeyType="SymmetricKey" issuedTokenType="urn:ietf:params:oauth:token- type:jwt">
<issuerMetadata address="https://ACS namespace/v2/wstrust/mex"></issuerMetadata>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials useIdentityConfiguration="true"></serviceCredentials>
<serviceAuthorization principalPermissionMode="Always" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webHttpAutoFormat">
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
<serviceActivations>
<add relativeAddress="Service1.svc" service="TestWCF.Service1" />
</serviceActivations>
</serviceHostingEnvironment>
</system.serviceModel>
请注意我的WCF服务不是HTTPS,我也在使用来自ACS的JWT令牌。没有证书。
我得到以下错误
提供的URI方案&#39; https&#39;是无效的;期待&#39; http&#39;。 参数名称:via
有人可以帮忙吗?
答案 0 :(得分:0)
您目前正在使用
初始化绑定var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message)
尝试更改为
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential)
从(MSDN - WS Transport With Message Credential):
默认情况下,wsHttpBinding绑定提供HTTP通信。 配置为传输安全性时,绑定支持HTTPS 通讯。 HTTPS提供机密性和完整性保护 对于通过线路传输的消息。然而这套 可用于验证的身份验证机制 服务的客户端仅限于HTTPS传输支持的内容。 Windows Communication Foundation(WCF)提供了一个 TransportWithMessageCredential安全模式旨在 克服这个限制。配置此安全模式时, 运输安全用于提供机密性和完整性 用于传输的消息和执行服务 认证。但是,客户端身份验证由执行 将客户端凭证直接放在消息中。这可以让你 使用消息安全性支持的任何凭据类型 用于客户端身份验证的模式,同时保持性能 运输安全模式的好处。
您的网络配置应该包含<ws2007FederationHttpBinding>:
<ws2007FederationHttpBinding>
<binding name="secureHttpBinding">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="SymmetricKey" issuedTokenType="urn:ietf:params:oauth:token- type:jwt">
<issuerMetadata address="https://ACS namespace/v2/wstrust/mex"></issuerMetadata>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
另请参阅以下答案以获取其他一些信息:StackOverflow - The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via