我正在使用thinktecture identityserver安全令牌服务尝试设置我有一个客户端使用WCF服务的场景。我陷入了下一个错误的地步:
MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.
我已经在win2008服务器上设置了STS,所有工作都正确,它已经在使用MVC站点。但是使用wcf服务我无法使用它。我使用bearerkey作为SecurityKeyType。我在客户端应用程序函数RequestToken()中获得了一个令牌。这是我的wcf服务配置:
<system.serviceModel>
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
<host>
<baseAddresses>
<add baseAddress="https://anno99-pc/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
<issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
<serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<!-- Config STS -->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://identityserver.v2.wkp.com/trust/wkp">
<keys>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
</keys>
<validIssuers>
<add name="http://identityserver.v2.wkp.com/trust/wkp" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
这是客户端:它只是一个控制台应用程序。
static void Main(string[] args)
{
var token = RequestToken();
CallService(token);
}
static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
static string _realm = "https://anno99-pc/ClaimWcfService/";
private static void CallService(SecurityToken token)
{
var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IService1>(binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var channel = factory.CreateChannelWithIssuedToken(token);
var data = channel.GetData(1);
}
private static SecurityToken RequestToken()
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = "username";
credentials.UserName.Password = "password";
return WSTrustClient.Issue(
new EndpointAddress(_idsrvEndpoint),
new EndpointAddress(_realm),
binding,
credentials);
}
如果有人能帮助我,那就太好了。
答案 0 :(得分:6)
经过一些谷歌搜索和尝试,我得到它的工作。我不得不改变配置的这些部分。
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/" />
</audienceUris>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
name="idsrv" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
我希望这有助于某人