1

我需要使用 .NET 查询 WS Trust 1.4 服务以启用 SAML 2.0 身份验证方案。

编辑:更准确地说,我需要在 WS Trust 1.4 中定义的客户端支持用户交互挑战。

我查看了 WIF,它通过 WSTrustChannelFactory 提供对 WS Trust 的直接访问(请参阅代码片段中的 trustChannelFactory.TrustVersion ...),但似乎只支持 WS-Trust 1.3 和 Feb2005?

            WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(getBinding(), "http:/localhost...");

            trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
            WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

            RequestSecurityToken rst = new RequestSecurityToken();

            RequestSecurityTokenResponse rstr = null;
            SecurityToken token = channel.Issue(rst, out rstr);

有人知道如何使用 .NET 实现这样一个直接的 WS-Trust 查询吗?

我不能使用 WSHttpFederation 绑定,因为我们需要使用 SAML 2.0,并且必须先从应用程序服务器检索 SAMl 2.0 身份验证请求,然后再将它们传递给 IdP。

我当然可以推出自己的客户端 WS-Trust 1.4。实施,但也许有更简单的方法......

4

1 回答 1

2

我使用 .NET 扩展方法扩展了 WIF WS Trust 实现。在这里,您可以看到第一部分(使用 RST 和 SAML Authn 请求发出请求)作为示例,说明如何重用 WIF 中已定义的内容。我使用 IL Disassembler 来查看 WIF 内部是如何完成的,这在途中非常有帮助......

internal static RequestSecurityTokenResponseWithSAML2Assertion Issue(this WSTrustChannel pThis,
        string pSAML2AuthnRequest,
        Func<ProfileSelectionChallengeType, wsTrust14.ChoiceSelectedType> pProfileSelectionCallback)
    {
        if (pThis != null)
        {
            if (pThis.ChannelFactory != null &&
                pThis.ChannelFactory.Endpoint != null &&
                pThis.ChannelFactory.Endpoint.Binding != null)
            {
                // Create RST Request
                RequestSecurityToken rst = new RequestSecurityToken("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue");
                rst.TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";

                // we use WS Trust 1.4 but .NET WIF only provides support for WS Trust 1.3
                // so we add the needed Challenge support and reuse most of the WIF stuff
                if (pThis.TrustVersion != System.ServiceModel.Security.TrustVersion.WSTrust13)
                {
                    throw new Exception("Given WS Trust Version not supported!");
                }

                // create a WS Trust 1.3 SOAP Message
                Message issueRequest = Message.CreateMessage(pThis.ChannelFactory.Endpoint.Binding.MessageVersion,
                    "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue",
                    new WSTrustRequestBodyWriter(rst,
                        pThis.WSTrustRequestSerializer,
                        pThis.WSTrustSerializationContext));

                // add SAML Authn Request to the WS Trust request
                XmlDocument messageAsXml = issueRequest.serializeToXml();
                messageAsXml = SAMLSupport.addSAMLAuthenticationRequest(messageAsXml, pSAML2AuthnRequest);
                issueRequest = issueRequest.generateFromXml(messageAsXml);

                // invoke the WS Trust service on the STS
                Message responseMessage = pThis.Issue(issueRequest);

                // check what we received as answer...
                var response = pThis.parseAndHandleResponse(responseMessage, pProfileSelectionCallback);
                return response;
            }
        }
于 2012-05-29T11:33:18.953 回答