请帮助我理解以下情况:
Web应用程序正在从STS请求令牌。 STS是Thinktecture Identity server v2。 STS配置如下:
Webapplication和STS都通过安装所需的证书建立了信任关系。
Web应用程序使用WS-Trust协议使用以下代码请求令牌:
WSTrustChannelFactory factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
string.Format(WS_TRUST_END_POINT, identityServer));
string relyingParty = "urn:test:symmetric";
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = password;
RequestSecurityToken rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
TokenType = TokenTypes.JsonWebToken,
AppliesTo = new EndpointReference(relyingParty),
};
GenericXmlSecurityToken xmlToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;
handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;
SecurityTokenHandlerCollection jwtToken = handlers.ReadToken(new XmlTextReader(new StringReader(xmlToken.TokenXml.OuterXml))) as JwtSecurityToken;
var Identity = handlers.ValidateToken(jwtToken);
应用程序web.config如下所示:
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<audienceUris>
<add value="urn:test:symmetric"/>
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Tokens.JwtSecurityTokenHandler, System.IdentityModel.Tokens.Jwt, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089">
<sessionTokenRequirement lifetime="00:30:00"/>
</add>
<securityTokenHandlerConfiguration>
<issuerTokenResolver type="System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver, System.IdentityModel.Tokens.JWT">
<securityKey symmetricKey="JDQLsrFL1VGBj5GZcAo0Xick4stoHyV5ah0B8RDBUoM=" name="TH_STS"/>
</issuerTokenResolver>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<!-- STS Authority Nodes
-->
<authority name="TH_STS">
<keys>
<add symmetricKey="JDQLsrFL1VGBj5GZcAo0Xick4stoHyV5ah0B8RDBUoM="/>
</keys>
<validIssuers>
<add name="TH_STS"/>
</validIssuers>
</authority>
</issuerNameRegistry>
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
我阅读了WIF概念,但我仍然在努力理解这一流程。我理解以下是正确的:
上述理解是否正确?我在这里遗漏了什么或者有什么不妥吗?
另外问题是如何生成对称密钥?