Following this post我创建了一个WCF客户端:
这很有效,但我的问题的下一部分是扩展它以使用Azure ACS。
我将RP添加到ACS,并在Visual Studio中使用Add STS Reference将STS引用更改为指向ACS。
我扩展了Token.GetToken方法,将令牌提供给以下方法:
public static SecurityToken GetToken(SecurityToken adfsToken, string appliesTo, string idpEndpointAddress, out RequestSecurityTokenResponse rsts)
{
WS2007HttpBinding binding = new WS2007HttpBinding();
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(idpEndpointAddress));
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
trustChannelFactory.ConfigureChannelFactory();
// Create issuance issuance and get security token
RequestSecurityToken requestToken = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue);
requestToken.AppliesTo = new EndpointAddress(appliesTo);
WSTrustChannel tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannelWithIssuedToken(adfsToken);
SecurityToken token = tokenClient.Issue(requestToken, out rsts);
return token;
}
到以下终点:
https://test.accesscontrol.windows.net/v2/wstrust/13/issuedtoken-symmetric
但我得到以下例外:
安全通道无法打开,因为与安全协商 远程端点失败。这可能是由于缺席或不正确 用于创建的EndpointAddress中指定的EndpointIdentity 渠道。请验证指定或暗示的EndpointIdentity EndpointAddress正确识别远程端点。
内部例外:
ACS10001:处理SOAP标头时发生错误。