我已在IP 192.168.0.200的内部网络中配置并运行ADFS 控制台应用程序应该能够从外部网络对此ADFS实例进行身份验证。 为了实现这一点,我已经配置了NAT规则如下: externaldomain.com:9443 - > 192.168.0.200:443
控制台应用程序以这种方式调用ADFS:
string relyingPartyId = @"https://localhost:8099/";
string adfsEndpoint = @"https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed";
var binding2 = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential)
{
ClientCredentialType = HttpClientCredentialType.None
};
var trustChannelFactory2 = new WSTrustChannelFactory(binding2, new EndpointAddress(adfsEndpoint))
{
TrustVersion = TrustVersion.WSTrust13
};
var channelCredentials2 = trustChannelFactory2.Credentials;
channelCredentials2.UserName.UserName = @"user";
channelCredentials2.UserName.Password = @"password";
channelCredentials2.SupportInteractive = false;
var tokenClient2 = (WSTrustChannel)trustChannelFactory2.CreateChannel();
var rst2 = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer)
{
AppliesTo = new EndpointReference(relyingPartyId),
ReplyTo = relyingPartyId,
TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
};
SecurityToken token = tokenClient2.Issue(rst2);
ADFS崩溃异常: "收到To' https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed'的邮件由于EndpointDispatcher上的AddressFilter不匹配,无法在接收器处理。检查发件人和收件人的EndpointAddresses是否一致。"
如果我关掉" usernamemixed"在ADFS配置中 - 它回复正确 - 找不到端点。我假设问题在于adfs WCF端点配置。有人可以建议如何处理吗?
还有一点需要注意,测试Web应用程序(也在外部Web服务器上运行)可以对此adfs实例进行身份验证(使用adfs登录页面),而不会出现任何问题。