我正在尝试在IIS托管的WCF服务中使用(使用)IdentityServer令牌。我见过Dominick的样本,用于自托管WCF服务。但由于我的WCF服务托管在IIS中,我需要在web.config文件中配置绑定和identityserver配置选项。 任何人都可以与IdentityServer配置共享web.config文件吗? 请在下面找到我当前的配置:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2"/>
</system.web>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IService1">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
<issuer address="https://localhost/dentityServer" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/IDPWcfService1/Service1.svc"
binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IService1"
contract="WcfService1.IService1" name="WS2007FederationHttpBinding_IService1" ></endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
答案 0 :(得分:1)
我正在这里做同样的事情,你需要添加你的自定义XML包装类来封装JWT(这只是安全令牌,它将通过客户端的每次调用传递给服务,因此你可以验证客户)
您可以在此处找到有关此内容的更多详细信息:https://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/
完成此步骤后,您需要将此自定义xml包装器添加到web.config中,如下所示:
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=abcdefg123456789"/>
<add type="Web.stuff.ServerSideAuthentication.IdentityServerWrappedJwtHandler, Web.stuff" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
另外,请不要忘记在configsections节点下为这个新部分添加decalration。