Question

当我尝试使用STS引用访问WCF端点时，我继续收到以下错误...

传入政策验证失败。在策略XML中找不到有效的声明元素。

以下是STS和WCF Web服务的Web配置....

STS Web Config ...

<?xml version="1.0" encoding="UTF-8"?>

<configuration>
<appSettings>
<add key="IssuerName" value="ActiveSTS"/>
<add key="SigningCertificateName" value="CN=STSTestCert"/>
<add key="EncryptingCertificateName" value="CN=DefaultApplicationCertificate"/>
</appSettings>

<connectionStrings />

<location path="FederationMetadata">
<system.web>
  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>
</location>

<system.web>
<compilation debug="true" targetFramework="4.0">
  <assemblies>
    <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  </assemblies>
</compilation>
<authentication mode="None"> </authentication>

<pages>
  <controls>
    <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions,     Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  </controls>
</pages>
</system.web>

<system.web.extensions>
<scripting>
  <webServices />
</scripting>
</system.web.extensions>

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<diagnostics>
  <messageLogging
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logEntireMessage="true"
logMessagesAtTransportLevel="true"/>
</diagnostics>

<services >
  <service behaviorConfiguration="ServiceBehavior"
    name="Samples.Security.STS.SecurityTokenService">
    <!-- Mutual X509 Endpoint -->

    <endpoint
 binding="customBinding"
 address=""
 bindingConfiguration="MutualCertificateBinding"
 contract="Samples.Security.STS.ISecurityTokenService">
    </endpoint>

    <host>
      <baseAddresses>
        <add baseAddress="net.tcp://localhost:8100/sts/"  />
      </baseAddresses>
    </host>
  </service>
</services>

<bindings>
  <customBinding>
    <binding name="MutualCertificateBinding">
      <security allowInsecureTransport="true" securityHeaderLayout="Lax" enableUnsecuredResponse="true" >
      </security>
      <binaryMessageEncoding/>
      <tcpTransport />
    </binding>
  </customBinding>
</bindings>


<behaviors >
  <serviceBehaviors>

    <behavior name="ServiceBehavior">

      <serviceMetadata httpGetEnabled="True" httpGetUrl="http://localhost:8831/sts/" />


      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>
</behaviors>

</system.serviceModel> 

</configuration>

WCF Web配置...

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="microsoft.identityModel"     type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection,     Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"     />
  </configSections>
      <location path="FederationMetadata">
        <system.web>
          <authorization>
            <allow users="*" />
          </authorization>
        </system.web>
      </location>
      <system.web>
        <compilation debug="true" targetFramework="4.0">
          <assemblies>
            <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral,     PublicKeyToken=31BF3856AD364E35" />
          </assemblies>
        </compilation>
      </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <federatedServiceHostConfiguration />
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />          
          <serviceCredentials>
            <serviceCertificate findValue="A3A4D95F1E40D274541EF53D5C9B672F00F41B36" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true" />
    <extensions>
      <behaviorExtensions>
        <add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </behaviorExtensions>
    </extensions>
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
    </protocolMapping>
    <bindings>
      <customBinding>
        <binding>
          <security allowInsecureTransport="true" securityHeaderLayout="Lax" enableUnsecuredResponse="true">
          </security>
          <binaryMessageEncoding />
          <tcpTransport />
        </binding>
      </customBinding>
      <ws2007FederationHttpBinding>
        <binding>
          <security mode="Message">
            <message>
              <issuerMetadata address="http://localhost:11558/JonsFoodInformationService_STS/Service.svc/mex" />
              <claimTypeRequirements>
                <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
                <add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />

              </claimTypeRequirements>
            </message>
          </security>
       </binding>
      </ws2007FederationHttpBinding>
    </bindings>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
  </system.webServer>
  <microsoft.identityModel>
    <service>
      <audienceUris>
        <add value="http://localhost:15796/FoodOfTheMonthService.svc" />
      </audienceUris>
      <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
        <trustedIssuers>
          <add thumbprint="2ABE4F1A98C12363F3A654E76F211F62895DBE65" name="net.tcp://localhost:8000/sts/Service.svc" />
        </trustedIssuers>
      </issuerNameRegistry>
    </service>
  </microsoft.identityModel>
  <appSettings>
    <add key="FederationMetadataLocation" value="C:\JonsAttempt - Try 5 WOrked - Copy\JonsFoodInformationService_STS\FederationMetadata\2007-06\FederationMetadata.xml" />
  </appSettings>
</configuration>

非常感谢任何帮助！

Answer 1

这通常意味着STS不提供访问目标服务所需的声明。

使用net.tcp进行STS的问题

1 个答案: