我正在尝试让第三方Java客户端与我编写的WCF服务进行通信。
收到消息时收到以下异常:
无法找到令牌身份验证器 'System.IdentityModel.Tokens.UserNameSecurityToken'令牌类型。令牌 根据当前的安全性,不能接受该类型的 设置。
这是我的配置:
结合
<customBinding>
<binding name="TestSecureBinding">
<security authenticationMode="MutualCertificate" />
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<httpsTransport requireClientCertificate="true" maxReceivedMessageSize="5242880" />
</binding>
</customBinding>
行为:
<serviceBehaviors>
<behavior name="TestCertificateBehavior">
<serviceCredentials>
<clientCertificate>
<certificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
端点:
<service name="TestService"
behaviorConfiguration="TestCertificateBehavior">
<endpoint
name="TestEndpoint"
address="https://localhost:443"
contract="TestServiceContract"
binding="customBinding"
bindingConfiguration="TestSecureBinding">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="https://localhost:443" />
</baseAddresses>
</host>
</service>
有谁知道造成这种情况的原因是什么?
答案 0 :(得分:5)
因为错误的引用证书的方式已被用于某处,如果我没记错的话,你要么直接引用证书,要么使用密钥标识符 - 无论如何,要超越它,你应该能够添加allowSerializedSigningTokenOnReply标签到您的客户端绑定配置上的安全标记并将其设置为true。
应为你超越它 - 记住,把这个客户端放在对不起,我找不到参考文献 - 我记得在某个地方读过它而现在找不到它! :( ****编辑这里是**** - http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html
<customBinding>
<binding name="TestSecureBinding">
<security allowSerializedSigningTokenOnReply="true" />
etc
</binding>
<customBinding>
答案 1 :(得分:1)
我已经接受了我不能在配置文件中执行此操作并且已经使用代码创建服务主机。
以下是创建绑定,绑定元素和创建服务主机的完整示例。
请注意,您可能没有使用WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W
- 您可能使用的是比我必须使用的版本更新的版本 - 但只需将其替换为您服务的正确版本。
var securityBindingElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBindingElement.IncludeTimestamp = true;
securityBindingElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
var customBinding = new CustomBinding();
customBinding.Elements.Add(securityBindingElement);
customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8));
customBinding.Elements.Add(new HttpsTransportBindingElement() { MaxReceivedMessageSize = 5242880 });
ServiceHost customServiceHost = new ServiceHost(type);
customServiceHost.AddServiceEndpoint(typeof(ITestServiceContract), customBinding, "https://localhost:443");
customServiceHost.Open();