我正在尝试实施How To: Enable WIF for a WCF Web Service Application。我一路走到第3步 - 测试您的解决方案,我得到以下异常:
未发现计算机上安装了任何版本的CardSpace服务。请安装CardSpace并重试该操作。
例外发生在Client项目的Program.cs第23行:
Console.WriteLine(client.ComputeResponse("Hello World"));
堆栈跟踪:
服务器堆栈跟踪:
在System.IdentityModel.Selectors.CardSpaceShim.GetCardSpaceImplementationDll()
在System.IdentityModel.Selectors.CardSpaceShim.InitializeIfNecessary()
在System.IdentityModel.Selectors.CardSpaceSelector.GetToken(CardSpacePolicyElement [] policyChain,SecurityTokenSerializer tokenSerializer)
在System.ServiceModel.Description.ClientCredentials.GetInfoCardSecurityToken(Boolean requiresInfoCard,CardSpacePolicyElement [] chain,SecurityTokenSerializer tokenSerializer)
在System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md,Object [] args,Object server,Object []& outArgs)
在System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg,IMessageSink replySink)在[0]处重新抛出异常:
在System.Runtime.AsyncResult.End [TAsyncResult](IAsyncResult结果)
在System.ServiceModel.Dispatcher.ImmutableClientRuntime.DisplayInitializationUIAsyncResult.End(IAsyncResult result)
在System.ServiceModel.Dispatcher.ImmutableClientRuntime.EndDisplayInitializationUI(IAsyncResult result)
在System.ServiceModel.Dispatcher.ImmutableClientRuntime.DisplayInitializationUI(ServiceChannel频道)
在System.ServiceModel.Channels.ServiceChannel.DisplayInitializationUI()
在System.ServiceModel.Channels.ServiceChannel.CallDisplayUIOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel频道,TimeSpan超时)
在System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan超时,CallOnceManager级联)
在System.ServiceModel.Channels.ServiceChannel.EnsureDisplayUI()
在System.ServiceModel.Channels.ServiceChannel.Call(String action,Boolean oneway,ProxyOperationRuntime operation,Object [] ins,Object [] outs,TimeSpan timeout)
在System.ServiceModel.Channels.ServiceChannel.Call(String action,Boolean oneway,ProxyOperationRuntime operation,Object [] ins,Object [] outs)
在System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,ProxyOperationRuntime操作)
在System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)在1重新招募异常:
在System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg,IMessage retMsg)
在System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData,Int32 type)
at Client.ServiceReference1.IService1.ComputeResponse(String input)
在Client.ServiceReference1.Service1Client.ComputeResponse(字符串输入)c:\ Users \ currentuser \ Documents \ Visual Studio 2012 \ Projects \ TestService \ Client \ Service References \ ServiceReference1 \ Reference.cs:第53行
at Client.Program.Main(String [] args)在c:\ Users \ currentuser \ Documents \ Visual Studio 2012 \ Projects \ TestService \ Client \ Program.cs:第23行
答案 0 :(得分:2)
我在本教程中花了很长时间试图重现你的问题(这很简单)并在你评论我之前的答案后修复它(这很难)。
问题是,Identity and Access扩展程序有一个错误,并在服务的web.config中放置错误的颁发者地址。如果您从2013年8月13日homepage of Identity and Access tool查看ChrisPD的评论,您会看到:
ChrisPD: 在继续调查这一点时,我注意到身份和访问工具将发布者元数据地址放入配置文件“
https://localhost/adfs/services/trust/mex”而不是正确的值“http://localhost:15196/wsTrustSTS/mex”,其中15196是分配的端口号在工具中。当我将其替换为服务配置并运行添加服务引用时,它生成了http://localhost:15196/wsTrustSTS/的颁发者地址。 因此,身份和访问工具中似乎存在一个错误,即当选择LocalSTS时,它不会插入正确的issuerMetadata地址。
我确实完成了ChrisPD建议的内容,并且我遇到了证书链构建的小问题,因为身份和访问工具在示例中使用的证书是自签名的,并且只放在LocalMachine \ My store中。因此它不受信任。我也把它复制到LocalMachine \ Root商店(我使用的是mmc控制台)并且它有效。
编辑: 我的web.config看起来像
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="ida:FederationMetadataLocation" value="http://localhost:14060/wsFederationSTS/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:ProviderSelection" value="localSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials useIdentityConfiguration="true">
<!--Certificate added by Identity and Access Tool for Visual Studio.-->
<serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="Message">
<message>
<issuerMetadata address="http://localhost:14060/wsTrustSTS/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:49768/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="LocalSTS"><keys><add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" /></keys><validIssuers><add name="LocalSTS" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
</configuration>
和app.config如:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IService1">
<security>
<message>
<issuer address="http://localhost:14060/wsTrustSTS/" binding="ws2007HttpBinding"
bindingConfiguration="http://localhost:14060/wsTrustSTS/">
<identity>
<userPrincipalName value="ellework\ppolacko" />
</identity>
</issuer>
<issuerMetadata address="http://localhost:14060/wsTrustSTS/mex" />
<tokenRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="http://localhost:14060/wsTrustSTS/">
<security>
<message establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:49768/Service1.svc" binding="ws2007FederationHttpBinding"
bindingConfiguration="WS2007FederationHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WS2007FederationHttpBinding_IService1">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAydG2/dJ6+Purio4Xzd3ztFWxsDUgAAAAAQAAANUBAAAwggHRMIIBOqADAgECAhB4dGIh+3ScrU79RRAyML8sMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMzAyMjExNTU5MDBaFw0xODAyMjEwMDAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2d2XGXk/bvHmqv0Fl3conPWldZ3U5AblUnGH8+ew7u4GnWgQ2kL1aQXDf4eGGCBd0rtkUn0cggwE1Fh9TtLQ21RuWjLpAu86xQZCgxycAfu07Axyt8CCOshbkyfW5u+PRS5vUH9nDm4eG4X5y+8NKcyTcCwCrJUBVRXNgpu1VzcCAwEAAaMkMCIwCwYDVR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAHfckVaKBDdQML7KcQkR6gHVj4icw/uoTBdrQH7OrKEUTa9CzL6yDyTRXw2IhMU60eHD3JzVWX3HYQX2z76vZ2F0C2BAKN1xtai0uASFJE7Hfjuj9wZy7Sp8ZuJ3Xchu+OCXHW65l3iPFndRaZMGTHZOhEE2BeI1a0VEu+VSSKyx" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>