HTTPS上的安全令牌服务(STS)

时间:2012-08-15 01:21:51

标签: asp.net wcf token

我在visual studio中创建了一个新的WCF安全令牌服务,它在http上运行良好。 我正在尝试将其配置为在https上运行。我已经在IIS中更改了目录secruity以要求SSL。

正如预期的那样,当我通过http浏览服务时,我现在收到消息“必须通过安全通道查看该页面”。但是,当我通过https浏览到该服务时,我收到一条错误消息“无法找到与绑定WS2007HttpBinding的端点的方案http匹配的基址。注册的基址方案为[https]。”

我假设web.config文件中必须有一个我忽略的配置,但我不太确定它是什么。在这件事上的任何帮助都会很棒。

我的web.config文件如下所示。

<?xml version="1.0" encoding="UTF-8"?>
<configuration>

  <appSettings>
    <add key="IssuerName" value="ActiveSTS"/>
    <add key="SigningCertificateName" value="CN=STSTestCert"/>
    <add key="EncryptingCertificateName" value="CN=DefaultApplicationCertificate"/>
  </appSettings>

  <connectionStrings />

  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

  <system.web>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
    <authentication mode="None"/>
    <pages>
      <controls>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </controls>
    </pages>
  </system.web>

  <system.web.extensions>
    <scripting>
      <webServices>
          <authenticationService enabled="true" requireSSL = "true"/>
      </webServices>
    </scripting>
  </system.web.extensions>

  <system.serviceModel>
    <services>
      <service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
        <endpoint address="IWSTrust13" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract"  bindingConfiguration="ws2007HttpBindingConfiguration"/>
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost/DemoSTS/Service.svc" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <bindings>
      <ws2007HttpBinding>
        <binding name="ws2007HttpBindingConfiguration">
          <security mode="Message">
            <message establishSecurityContext="false" />
          </security>
        </binding>
      </ws2007HttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

1 个答案:

答案 0 :(得分:0)

添加其他https基地址。

如果您是IIS的主机,则必须配置SSL并为https频道分配适当的证书。