1

我正在尝试使用以下场景编写控制台应用程序:客户端首先从身份提供者请求令牌,然后使用此令牌从资源 STS 请求新令牌使用以下链接: http: //leastprivilege.com/2010 /10/28/wif-adfs-2-and-wcfpart-6-chaining-multiple-token-services/

我设法从 Idp 获取令牌,但没有设法从 Resource STS 获取令牌。

这是我的代码:

    string RPRealm = "https://service.contoso.com/";
    string RSTSRealm = "http://fsweb.contoso.com/adfs/services/trust";
    string IdPstsEndpoint = "https://IdpAdfs.domain.com/adfs/services/trust/13/kerberosmixed";
    string RSTSEndpoint = "https://fsweb.contoso.com/adfs/services/trust/13/IssuedTokenMixedSymmetricBasic256";

    private static SecurityToken GetIdPToken(string rstsRealm, string IdPstsEndpoint)
    {
        using (var factory = new WSTrustChannelFactory(
                new KerberosWSTrustBinding(SecurityMode.TransportWithMessageCredential),
                new EndpointAddress(new Uri(IdPstsEndpoint))))
        {
            WSTrustChannel channel = null;
            factory.TrustVersion = TrustVersion.WSTrust13;
            try
            {
                var rst = new RequestSecurityToken
                {
                    RequestType = WSTrust13Constants.RequestTypes.Issue,
                    AppliesTo = new EndpointAddress(rstsRealm),
                    KeyType = WSTrust13Constants.KeyTypes.Bearer,
                };

                channel = (WSTrustChannel)factory.CreateChannel();
                RequestSecurityTokenResponse rstr;
                SecurityToken token = channel.Issue(rst, out rstr);
                return token;
            }
            finally
            {
                if (channel != null)
                {
                    channel.Abort();
                }

                factory.Abort();
            }
        }
    }


private static SecurityToken GetRSTSToken(SecurityToken IdPToken, string RSTSEndpoint, string RPRealm)
{
   var binding = new WS2007FederationHttpBinding();
   binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
   binding.Security.Message.EstablishSecurityContext = false;
   binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential;

    using (var factory = new WSTrustChannelFactory(
           binding,
            new EndpointAddress(new Uri(RSTSEndpoint))))
    {
        var rst = new RequestSecurityToken
        {
            RequestType = WSTrust13Constants.RequestTypes.Issue,
            AppliesTo = new EndpointAddress(RPRealm),
            KeyType = WSTrust13Constants.KeyTypes.Bearer,
        };
        factory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        factory.TrustVersion = TrustVersion.WSTrust13;
        factory.Credentials.SupportInteractive = false;
        factory.ConfigureChannelFactory();


        var channel = factory.CreateChannelWithIssuedToken(IdPToken);
        RequestSecurityTokenResponse rstr;
        SecurityToken token = channel.Issue(rst, out rstr);
        return token;
    }
}

我收到此错误:响应消息的内容类型 text/html 与绑定的内容类型不匹配 (application/soap+xml; charset=utf-8) 我的代码有什么问题?提前致谢

4

1 回答 1

2

ADFS 在其联合 endoint 上不支持不记名令牌。换句话说,在您的第一个跃点上,您需要在 RST 上指定 KeyTypes.Symmetric。

于 2013-05-06T06:33:53.257 回答