我原本以为基本上可以从这里切换客户端凭据:
var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = "MyUserName"
clientCredentials.UserName.Password = "MyPassword"
为:
var clientCredentials = new ClientCredentials();
clientCredentials.ClientCertificate.Certificate = myX509Certificate;
然后创建一个wsTrustChannel来获取安全令牌。
wsTrustChannelFactory.SetCredentials(clientCredentials);
var channel = _wsTrustChannelFactory.CreateChannel(new EndpointAddress(endpointAddress));
var token = channel.Issue(new RequestSecurityToken
{
TokenType = tokenType,
AppliesTo = new EndpointReference(realm),
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer
}, out requestSecurityTokenResponse);
用户名和密码工作正常,只是使用证书抱怨没有指定UserName。我的印象是令牌发行者会从证书中查找关联的用户。我在哪里错了?
答案 0 :(得分:1)
编辑 - 我认为我已经解决了这个问题,但是它仍然在这个端点上要求用户名。有什么想法吗?
糟糕!在我发布上述问题后大约5分钟就解决了这个问题。证书身份验证有不同的端点地址:
https://servername/identityserver/issue/wstrust/mixed/certificate
而不是
https://servername/identityserver/issue/wstrust/mixed/username