从ADFS STS切换到自定义STS时序列化安全令牌时出错

时间:2014-09-30 09:33:57

标签: c# security identity wif

我有一个Web应用程序(名为MyWebClient)通过http调用服务(名为MyService)。 MyService接受来自ADFS的已发布令牌,并且工作正常。我想从ADFS切换到MyCustomSTS(使用WIF 4.5)。我希望MyWebClient代码不会被更改但我收到错误。

Ping到MyService的代码如下

var token = GetSecurityToken();

var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.Message, false);

var messageSecurity = serviceBinding.Security.Message;

messageSecurity.IssuedTokenType = TokenTypes.Saml11TokenProfile11;

messageSecurity.IssuerAddress = Constants.StsAddressX509;

messageSecurity.IssuedKeyType = SecurityKeyType.SymmetricKey;

messageSecurity.IssuerBinding = stsBinding; 

var factory = new ChannelFactory<IMyService>(binding, new EndpointAddress("https://mylocalhost/MyService.svc")); 

factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =
                 X509CertificateValidationMode.None; 

factory.Credentials.ServiceCertificate.Authentication.RevocationMode =
 X509RevocationMode.NoCheck;


 var service = factory.CreateChannelWithIssuedToken(token);

 var result = service.Ping();

我有(看起来像什么)来自STS的有效令牌。

但是,它在Ping到MyService的调用中抛出异常,如下所示:

There was an error serializing the security token. Please see the
 inner exception for more details. Server stack trace: at
 System.ServiceModel.Security.WSSecurityTokenSerializer.WriteTokenCore(XmlWriter
 writer, SecurityToken token) at
 System.ServiceModel.Security.SendSecurityHeader.OnWriteHeaderContents(XmlDictionaryWriter
 writer, MessageVersion messageVersion) at
 System.ServiceModel.Channels.MessageHeader.WriteHeader(XmlDictionaryWriter
 writer, MessageVersion messageVersion) at
 System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter
 writer) at ...

在互联网上搜索后,我建议稍微更改代码以添加

factory.Credentials.UseIdentityConfiguration = true;

再次正常工作。

我的问题是,为什么它在没有&#34; UseIdentityConfiguration&#34;的情况下与ADFS一起正常工作?无论如何要在MyCustomSTS上修复它但更改客户端代码?

原因是我有很多客户端应用程序,比如MyWebClient,所以改变他们的代码对我来说是个问题。

感谢您的所有帮助和回复。我真的很感激。

1 个答案:

答案 0 :(得分:0)

从我发布它的那天起,AFAI可以看到,问题是因为ADFS正在使用WIF 3.5而我的STS正在使用4.5。将UseIdentityConfiguration设置为true是解决它的唯一解决方案。

我读过的一篇很棒的参考资料来自最少的博客http://leastprivilege.com/2012/07/15/wcf-and-identity-in-net-4-5-overview/

相关问题
最新问题