3

我正在尝试让第三方 Java 客户端与我编写的 WCF 服务进行通信。

收到消息时出现以下异常:

找不到“System.IdentityModel.Tokens.UserNameSecurityToken”令牌类型的令牌身份验证器。根据当前的安全设置,不能接受该类型的令牌。

这是我的配置:

捆绑

<customBinding>
    <binding name="TestSecureBinding">
        <security authenticationMode="MutualCertificate" />
        <textMessageEncoding messageVersion="Soap11WSAddressing10" />
        <httpsTransport requireClientCertificate="true" maxReceivedMessageSize="5242880" />
    </binding>
</customBinding>

行为:

  <serviceBehaviors>
    <behavior name="TestCertificateBehavior">
      <serviceCredentials>
        <clientCertificate>
          <certificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
          <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck"/>
        </clientCertificate>
        <serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>

端点:

  <service name="TestService"
           behaviorConfiguration="TestCertificateBehavior">
    <endpoint
      name="TestEndpoint"
      address="https://localhost:443"
      contract="TestServiceContract"
      binding="customBinding"
      bindingConfiguration="TestSecureBinding">
    </endpoint>
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:443" />
      </baseAddresses>
    </host>

  </service>

有谁知道是什么原因造成的?

4

3 回答 3

6

这是因为在某处使用了错误的引用证书的方式,如果我没记错的话,您可以直接引用证书或使用密钥标识符 - 无论如何,要超越它,您应该能够将 allowSerializedSigningTokenOnReply 标签添加到您的安全性在您的客户端绑定配置上标记并将其设置为 true。

这对你来说应该超越它 - 记住,把这个客户端

抱歉,我找不到参考资料——我记得在某处读过它,现在找不到了!:( ****编辑这里是**** - http://webservices20.blogspot.co.uk/2010/10/wcf-cannot-find-token-authenticator.html

<customBinding>  
<binding name="TestSecureBinding"> 
        <security allowSerializedSigningTokenOnReply="true" /> 
        etc
    </binding> 
<customBinding> 
于 2012-09-28T12:47:01.190 回答
2

我已经接受我不能在配置文件中执行此操作,并已诉诸在代码中创建服务主机。

这是创建绑定、绑定元素和创建服务主机的完整示例。

请注意,您可能没有使用WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W- 您使用的版本可能比我必须使用的更新 - 但只需将其替换为您服务的正确版本。

var securityBindingElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBindingElement.IncludeTimestamp = true;
securityBindingElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;

var customBinding = new CustomBinding();
customBinding.Elements.Add(securityBindingElement);
customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8));
customBinding.Elements.Add(new HttpsTransportBindingElement() { MaxReceivedMessageSize = 5242880 });

ServiceHost customServiceHost = new ServiceHost(type);
customServiceHost.AddServiceEndpoint(typeof(ITestServiceContract), customBinding, "https://localhost:443");
customServiceHost.Open();
于 2012-09-28T14:26:26.553 回答
0

确保检查您的客户端正在调用的端点地址。我们为此挣扎了太久,直到我们意识到自定义绑定地址附录中有错字。

于 2021-12-22T23:35:36.317 回答