8

我们有一个最初使用 .NET 4.0 和 WIF 3.5(1.0?)构建的应用程序。我正在将其转换为使用 WIF 4.5,因为我们已将应用程序升级到 .NET 4.5。我已经完成了所有代码更改,并且一直在与配置设置作斗争。我目前的困境在于 <claimTypeRequired> 元素。根据这个文档,它应该是 <identityConfiguration> 的孩子,但是当我修改我的配置看起来像这样

<system.identityModel>
  <identityConfiguration>
    <claimTypeRequired>
      ...
    </claimTypeRequired>

我在运行时收到以下错误

Parser Error Message: Unrecognized element 'claimTypeRequired'.

如果我只是注释掉 <claimTypeRequired> 块,我会克服该错误,但随后会遇到另一个问题。我们通过以下配置修改了现有应用程序中的 maximumClockSkew

<securityTokenHandlerConfiguration>
  <maximumClockSkew value="1" />
</securityTokenHandlerConfiguration>

前面引用的配置文档甚至没有提到 maximumClockSkew。我想我会试着把它留在里面看看会发生什么。发生的事情是

Parser Error Message: Property 'maximumClockSkew' is not a ConfigurationElement.

但是当我使用 JustDecompile 查看 SecurityTokenHandlerConfigurationElement 类时,我可以看到以下属性:

[ConfigurationProperty("maximumClockSkew", IsRequired=false, DefaultValue="00:05:00")]
[IdentityModelTimeSpanValidator(MinValueString="00:00:00")]
[TypeConverter(typeof(TimeSpanOrInfiniteConverter))]
public TimeSpan MaximumClockSkew...

所以它似乎期待它在那里。

这几乎就像微软实际上并不希望我们使用这些东西。

4

3 回答 3

6

这是来自 resharper 的 IdentityConfigurationElement 的反编译。您会注意到 claimtyperequired 不再是该元素的成员。尽管它在 Microsoft 的文档中,但它似乎不是架构的一部分。

// Type: System.IdentityModel.Configuration.IdentityConfigurationElement
// Assembly: System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// Assembly location: C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll

using System;
using System.ComponentModel;
using System.Configuration;
using System.Runtime;

namespace System.IdentityModel.Configuration
{
  /// <summary>
  /// Represents an &lt;identityConfiguration&gt; element in a configuration file. This class cannot be inherited.
  /// </summary>
  public sealed class IdentityConfigurationElement : ConfigurationElement
  {
    /// <summary>
    /// Initializes a new instance of the <see cref="T:System.IdentityModel.Configuration.IdentityConfigurationElement"/> class.
    /// </summary>
    [TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]
    public IdentityConfigurationElement();
    /// <summary>
    /// Gets or sets the name of the identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The name of the identity configuration.
    /// </returns>
    [ConfigurationProperty("name", Options = ConfigurationPropertyOptions.IsKey)]
    [StringValidator(MinLength = 0)]
    public string Name { get; set; }
    /// <summary>
    /// Gets the <see cref="T:System.IdentityModel.Configuration.AudienceUriElementCollection"/> that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The collection of audience URIs that are configured for this identity configuration element.
    /// </returns>
    [ConfigurationProperty("audienceUris", IsRequired = false)]
    public AudienceUriElementCollection AudienceUris { get; }
    /// <summary>
    /// Gets or sets the <see cref="T:System.IdentityModel.Configuration.IdentityModelCachesElement"/> that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The element that configures the token replay cache and the session security token cache for this identity configuration element.
    /// </returns>
    [ConfigurationProperty("caches", IsRequired = false)]
    public IdentityModelCachesElement Caches { get; set; }
    /// <summary>
    /// Gets or sets the <see cref="T:System.IdentityModel.Configuration.X509CertificateValidationElement"/> that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The element that configures the certificate validator and its properties for this identity configuration element.
    /// </returns>
    [ConfigurationProperty("certificateValidation", IsRequired = false)]
    public X509CertificateValidationElement CertificateValidation { get; set; }
    /// <summary>
    /// Gets or sets the claims authentication manager that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// A custom type element that specifies the <see cref="T:System.Type"/> of the claims authentication manager. The type must derive from <see cref="T:System.Security.Claims.ClaimsAuthenticationManager"/>.
    /// </returns>
    [ConfigurationProperty("claimsAuthenticationManager", IsRequired = false)]
    public CustomTypeElement ClaimsAuthenticationManager { get; set; }
    /// <summary>
    /// Gets or sets the claims authorization manager that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// A custom type element that specifies the <see cref="T:System.Type"/> of the claims authorization manager. The type must derive from <see cref="T:System.Security.Claims.ClaimsAuthorizationManager"/>.
    /// </returns>
    [ConfigurationProperty("claimsAuthorizationManager", IsRequired = false)]
    public CustomTypeElement ClaimsAuthorizationManager { get; set; }
    /// <summary>
    /// Gets or sets the <see cref="T:System.IdentityModel.Configuration.IssuerNameRegistryElement"/> that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The element that configures the issuer name registry for this identity configuration element.
    /// </returns>
    [ConfigurationProperty("issuerNameRegistry", IsRequired = false)]
    public IssuerNameRegistryElement IssuerNameRegistry { get; set; }
    /// <summary>
    /// Gets or sets the issuer token resolver that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// A custom type element that specifies the <see cref="T:System.Type"/> of the issuer token resolver. The type must derive from <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>.
    /// </returns>
    [ConfigurationProperty("issuerTokenResolver", IsRequired = false)]
    public CustomTypeElement IssuerTokenResolver { get; set; }
    /// <summary>
    /// Gets or sets the maximum clock skew that is configured for this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The maximum clock skew.
    /// </returns>
    [TypeConverter(typeof (TimeSpanOrInfiniteConverter))]
    [ConfigurationProperty("maximumClockSkew", DefaultValue = "00:05:00", IsRequired = false)]
    [IdentityModelTimeSpanValidator(MinValueString = "00:00:00")]
    public TimeSpan MaximumClockSkew { get; set; }
    /// <summary>
    /// Gets or sets a value that indicates whether to save the bootstrap context in claims identities and session security tokens created by the handlers configured in this identity collection.
    /// </summary>
    /// 
    /// <returns>
    /// true to save the <see cref="T:System.IdentityModel.Tokens.BootstrapContext"/>; otherwise, false.
    /// </returns>
    [ConfigurationProperty("saveBootstrapContext", DefaultValue = false, IsRequired = false)]
    public bool SaveBootstrapContext { get; set; }
    /// <summary>
    /// Gets or sets the service token resolver that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// A custom type element that specifies the <see cref="T:System.Type"/> of the service token resolver. The type must derive from <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/>.
    /// </returns>
    [ConfigurationProperty("serviceTokenResolver", IsRequired = false)]
    public CustomTypeElement ServiceTokenResolver { get; set; }
    /// <summary>
    /// Gets or sets the <see cref="T:System.IdentityModel.Configuration.TokenReplayDetectionElement"/> that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The element that specifies whether token replay detection is enabled and specifies the maximum expiration period for tokens in the token replay cache.
    /// </returns>
    [ConfigurationProperty("tokenReplayDetection", IsRequired = false)]
    public TokenReplayDetectionElement TokenReplayDetection { get; set; }
    /// <summary>
    /// Gets or sets the <see cref="T:System.IdentityModel.Configuration.SecurityTokenHandlerSetElementCollection"/> that is associated with this identity configuration element.
    /// </summary>
    /// 
    /// <returns>
    /// The security token handler collections configured for this identity configuration element..
    /// </returns>
    [ConfigurationProperty("", Options = ConfigurationPropertyOptions.IsDefaultCollection)]
    public SecurityTokenHandlerSetElementCollection SecurityTokenHandlerSets { get; }
  }
}
于 2013-08-19T13:04:29.157 回答
2

顺便说一句,如果您还没有发现 XML 中的 claimTypeRequired 属性,您可以使用它作为解决方法:

在配置文件的顶部,输入:

<section name="system.identityModel.services.serialization" type="System.IdentityModel.Services.Serialization , System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

然后围绕claimTypeRequired,这是一个示例:

<system.identityModel.services.serialization>
        <claimTypeRequired>
          <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true"/>
          <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true"/>
        </claimTypeRequired>
  </system.identityModel.services.serialization>

亲切的问候,

于 2014-07-02T14:11:32.263 回答
1

你几乎接近了这是在配置中设置它的答案

 <securityTokenHandlerConfiguration saveBootstrapContext="true" maximumClockSkew="00:35:00" >

它可以在这里将其设置为 35 分钟的值。hh:MM:ss

于 2014-05-31T18:09:39.080 回答