2

我是 WCF Web 服务的新手。目前我正在使用联合绑定(SAML)开发联合 Web 服务。我在“SAML 令牌提供者”上使用了 MSDN 示例。但问题是我无法使用该服务,当我使用它时,它抛出“从另一方收到不安全或不正确安全的故障” ,内部异常为 “处理消息中的安全令牌时发生错误”。

这是我在服务器端的网络配置文件

 <?xml version="1.0"?>
  <configuration>
   <system.web>
     <compilation debug="true" targetFramework="4.0"/>
   </system.web>
   <system.serviceModel>
     <bindings>
       <wsFederationHttpBinding>
          <binding name="Binding1">
            <security mode="Message" >
              <message negotiateServiceCredential ="false" issuedKeyType ="AsymmetricKey" 
                             issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
              </message>
            </security>
          </binding>
          <!-- Binding that expect SAML tokens with Asymmetric proof keys -->
          <binding name="Binding2">
             <security mode="Message">
                <message negotiateServiceCredential ="false"
                             issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
                </message>
             </security>
          </binding>
       </wsFederationHttpBinding>
    </bindings>
    <services>
    <!--<service name="MobileInterfaceWCFService.MobileService" behaviorConfiguration="MobileInterfacebehavior">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basic_http" contract="MobileInterfaceWCFService.IMobileInterface" />
        </service>
        <service name ="MobileInterfaceWCFService.MobileService" behaviorConfiguration="MobileInterfaceWCFService.Service1Behavior">
            <endpoint address="" binding="wsHttpBinding" contract="MobileInterfaceWCFService.IMobileInterface" bindingName="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService" bindingConfiguration="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
        </service> -->
        <service name ="MobileInterfaceWCFService.MobileService" behaviorConfiguration="MobileInterfaceWCFService.SamlTokenBehavior">
            <endpoint address="" binding="wsFederationHttpBinding" contract="MobileInterfaceWCFService.IMobileInterface" bindingName="Binding1" bindingConfiguration="Binding1">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
        </service>
    </services>
    <client>
        <endpoint address="http://host-root/MobileSharedWebService/MobileSharedWebService.svc" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService" contract="ServiceReference1.ITMMobileSharedWebService" name="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService">
            <identity>
                <dns value="localhost"/>
            </identity>
        </endpoint>
    </client>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MobileInterfacebehavior">
                <!--<serviceMetadata httpGetEnabled="true" />-->
            </behavior>
            <behavior name="MobileInterfaceWCFService.Service1Behavior">
                <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
            <!--    <serviceMetadata httpGetEnabled="true"/> -->
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>

            <behavior name="MobileInterfaceWCFService.SamlTokenBehavior">
                <serviceMetadata httpGetEnabled="true"  /> 
                <!-- 
                    The serviceCredentials behavior allows one to define a service certificate.
                    A service certificate is used by a client to authenticate the service and provide message protection.
                    This configuration references the "localhost" certificate installed during the setup instructions.
                    -->
                <serviceCredentials>
                    <!-- Set allowUntrustedRsaIssuers to true to allow self-signed, asymmetric key based SAML tokens -->
                    <issuedTokenAuthentication allowUntrustedRsaIssuers ="false" >
                        <!-- Add Alice to the list of certs trusted to issue SAML tokens -->
                        <knownCertificates>
                            <add storeLocation="LocalMachine" 
                                 storeName="TrustedPeople"
                                 x509FindType="FindBySubjectName"
                                 findValue="Alice"/>
                            </knownCertificates>
                    </issuedTokenAuthentication>
                    <serviceCertificate storeLocation="LocalMachine"
                                        storeName="My"
                                        x509FindType="FindBySubjectName"
                                        findValue="localhost"  />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <handlers accessPolicy="Read, Script" />
    <security>
        <authentication>
            <anonymousAuthentication enabled="true" />
            <windowsAuthentication enabled="true" />
        </authentication>
    </security>
    <asp enableParentPaths="true" />
</system.webServer>

<system.diagnostics>
        <sources>
            <source name="System.ServiceModel"
                    switchValue="Information, ActivityTracing"
                    propagateActivity="true">
                <listeners>
                    <add name="traceListener"
                        type="System.Diagnostics.XmlWriterTraceListener"
                        initializeData= "c:\log\Traces.svclog" />
                </listeners>
            </source>
        </sources>
    </system.diagnostics>

     </configuration>

这是我在消费者端的配置文件

<?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.serviceModel>
    <bindings>
        <wsFederationHttpBinding>
         <binding name="Binding1_IMobileInterface"  >
            <security mode="Message">
                <message issuedKeyType="AsymmetricKey"      issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
                    negotiateServiceCredential="false"  >   
                </message>
                </security>
            </binding>
        </wsFederationHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost/WCF_MobileInterface/MobileService.svc"
            binding="wsFederationHttpBinding" bindingConfiguration="Binding1_IMobileInterface"
            contract="ServiceReference1.IMobileInterface" name="Binding1_IMobileInterface">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>
  </configuration>

注意:我已经尝试了所有与 stackoverflow 和 google 上相同类型的错误/问题相关的解决方案,但无法解决问题

任何快速帮助将不胜感激

提前致谢

4

1 回答 1

1

我已经解决了上面提到的错误。我必须在我的下面添加以下标签wsfederationbinding

<allowedAudienceUris>
    <add allowedAudienceUri="http://localhost/WCF_MobileInterface/MobileService.svc"/>
</allowedAudienceUris>

allowedAudienceuri属性中提到的 uri是主机 WCF 服务。

实际上,当我将以下标记添加到托管 WCF 服务的 Web 配置文件()时,我知道这是错误,

<serviceSecurityAudit  auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true" />

在映射到我的wsfederationbinding的行为标记下,此标记在系统事件查看器的应用程序日志类别中记录确切的错误消息。

注意:我在服务器和消费者级别启用了跟踪,它没有给出正确的错误消息。但是我通过检查事件查看器中的错误日志发现了问题

希望这可以帮助那些正在努力解决类似错误的人。

于 2013-02-05T13:14:15.790 回答