试图从mircosoft https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution.components.attachements/01/8598/00/00/03/64/54/88/SampApp%20and%20Rules.zip获取sampleapp(声明感知的Web表单应用程序)以在我们的Web服务器上运行。
我们的adfs服务器是www.fedsvc3copa.beta.pa.gov 该示例应用托管在https://costa.beta.pa.gov/应用上 我们的联合身份验证元数据为https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml
很遗憾,我的Web配置中存在某些错误,并且很难找到它。当我浏览到https://costa.beta.pa.gov/时收到
WIF10201:找不到用于securityToken的有效密钥映射: 'System.IdentityModel.Tokens.X509SecurityToken'和颁发者: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'。描述: 当前执行期间发生未处理的异常 网络请求。请查看堆栈跟踪以获取有关的更多信息 错误及其在代码中的起源。
异常详细信息: System.IdentityModel.Tokens.SecurityTokenValidationException: WIF10201:找不到用于securityToken的有效密钥映射: 'System.IdentityModel.Tokens.X509SecurityToken'和颁发者: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'。
源错误:
在执行过程中生成了未处理的异常 当前的Web请求。有关原产地和位置的信息 可以使用下面的异常堆栈跟踪来识别异常。
堆栈跟踪:
[SecurityTokenValidationException:WIF10201:没有有效的键映射 找到securityToken: 'System.IdentityModel.Tokens.X509SecurityToken'和颁发者: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'。]
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken 令牌)+1461
System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken 令牌,布尔型sureBearerToken,字符串EndpointUri)+135
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase 要求)+666
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(对象 发送者,EventArgs参数)+467
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep步骤)+195 System.Web.HttpApplication.ExecuteStep(IExecutionStep步骤) 步骤,布尔值和已同步完成)+88版本信息:Microsoft .NET Framework版本:4.0.30319; ASP.NET版本:4.7.3163.0
如果有人发现任何不正确的地方,我将在下面添加我的Web配置。
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
<machineKey decryptionKey="5D497CFB20EB5927CB3FC44F65DBD3C6D6C366ACFCF20DC5" validationKey="80546F84BEDD8B38A995CCDD44E01C1794861685E605ECBFB5A231EAA7EAD9A99977312362EBDD2B9727F9357AF9A161F97AD49DD6E34E7CFC22D572BD4B90FD" />
</system.web>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Issuer" value="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" />
<add key="ida:ProviderSelection" value="productionSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://costa.beta.pa.gov/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="?I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust">
<keys>
<add thumbprint="I put my thumbrint here " />
</keys>
<validIssuers>
<add name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" realm="https://costa.beta.pa.gov/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
答案 0 :(得分:0)
从内存来看,这是因为与指纹匹配的证书不在证书存储区-本地计算机中。