如何使用ADFS发出的安全令牌调用WCF服务

时间:2014-09-15 09:26:29

标签: web-services wcf security wif adfs

我有一个MVC Web应用程序,它已被配置为连接到ADFS以验证用户并获取安全令牌。然后,应用程序需要使用该安全令牌调用WCF服务。

网络应用的配置是

  <system.identityModel>
<identityConfiguration saveBootstrapContext="true">

  <claimsAuthenticationManager type="MvcApplication1.Security.ClaimsTransformer, MvcApplication1" />
  <claimsAuthorizationManager type="MvcApplication1.Security.AuthorisationManager, MvcApplication1" />

  <audienceUris>
    <add value="https://edd05rgard.hd.dev/adfsproto/web/" />
  </audienceUris>

  <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <trustedIssuers>
      <add thumbprint="49F27C0DD1044D73011894450727E3C3E55DA428" name="http://EDV05TESTADFS1.hdtest.hd.dev/adfs/services/trust" />
    </trustedIssuers>
  </issuerNameRegistry>

</identityConfiguration>


<federationConfiguration>
  <cookieHandler requireSsl="true" />

  <wsFederation passiveRedirectEnabled="true"
                issuer="https://edv05testadfs1.hdtest.hd.dev/adfs/ls/"
                realm="https://edd05rgard.hd.dev/adfsproto/web/"
                reply="https://edd05rgard.hd.dev/adfsproto/web/"
                requireHttps="true" />
</federationConfiguration>

这成功从ADFS获取令牌,我可以按预期转换应用内的声明。

然后我尝试使用提供的安全令牌调用WCF服务:

        BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext;

        var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
        binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Message.IssuerAddress = new EndpointAddress("https://edv05testadfs1.hdtest.hd.dev/adfs/ls");

        var endpoint = new EndpointAddress("https://edd05rgard.hd.dev/adfsproto/service/ClaimsService.svc");

        var factory = new ChannelFactory<IClaimsService>(binding, endpoint);
        factory.Credentials.SupportInteractive = false;
        factory.Credentials.UseIdentityConfiguration = true;

        var context = (BootstrapContext)((ClaimsIdentity)Thread.CurrentPrincipal.Identity).BootstrapContext;
        var channel = factory.CreateChannelWithIssuedToken(context.SecurityToken, endpoint);

        var result = channel.GetClaimsWithDelegation();

执行此代码时,最后一行会导致异常:

  

处理邮件中的安全令牌时发生错误。   描述:执行当前Web请求期间发生未处理的异常。请查看堆栈跟踪,以获取有关错误及其在代码中的起源位置的更多信息。

     

异常详细信息:System.ServiceModel.FaultException:处理消息中的安全性令牌时发生错误。

我是否以正确的方式呼叫服务?如何调查安全令牌中的错误?

0 个答案:

没有答案
相关问题
最新问题