2

我正在使用thinktecture identityserver安全令牌服务我试图设置一个场景,我有一个使用 WCF 服务的客户端。我被困在我得到下一个错误的地方:

MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.

我已经在 win2008 服务器上设置了 STS,并且所有工作正常,它已经与 MVC 站点一起工作。但是使用 wcf 服务我无法让它工作。我使用 Bearerkey 作为 SecurityKeyType。我确实在客户端应用程序函数 RequestToken() 中获得了一个令牌。这是我的 wcf 服务配置:

<system.serviceModel>
    <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
        <host>
          <baseAddresses>
            <add baseAddress="https://anno99-pc/"/>
          </baseAddresses>
        </host>
      </service>
    </services>  
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name="">
          <security mode="TransportWithMessageCredential">
            <message establishSecurityContext="false" issuedKeyType="BearerKey">
               <issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
            </message>
          </security>
        </binding>
      </ws2007FederationHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          <serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

  </system.serviceModel>

  <!-- Config STS -->
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
      </audienceUris>
      <!--Commented by Identity and Access VS Package-->
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://identityserver.v2.wkp.com/trust/wkp">
          <keys>
            <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
          </keys>
          <validIssuers>
            <add name="http://identityserver.v2.wkp.com/trust/wkp" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>

这是客户端:它只是一个控制台应用程序。

static void Main(string[] args)
{
   var token = RequestToken();
   CallService(token);
}

 static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
 static string _realm = "https://anno99-pc/ClaimWcfService/";

 private static void CallService(SecurityToken token)
 {
     var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";

     var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
     binding.Security.Message.EstablishSecurityContext = false;
     binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;

     var factory = new ChannelFactory<IService1>(binding,
            new EndpointAddress(serviceEndpoint));
     factory.Credentials.SupportInteractive = false;
     factory.Credentials.UseIdentityConfiguration = true;

     var channel = factory.CreateChannelWithIssuedToken(token);

        var data = channel.GetData(1);
 }

 private static SecurityToken RequestToken()
 {
     var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

     var credentials = new ClientCredentials();
     credentials.UserName.UserName = "username";
     credentials.UserName.Password = "password";

     return WSTrustClient.Issue(
            new EndpointAddress(_idsrvEndpoint),
            new EndpointAddress(_realm),
            binding,
            credentials);
 }

如果有人可以帮助我,那就太好了。

4

1 回答 1

6

经过一番谷歌搜索和尝试,我得到了它的工作。我不得不更改配置的这些部分。

  <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
      </service>
    </services>


     <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

  <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/" />
      </audienceUris>

      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
               name="idsrv" />
        </trustedIssuers>
      </issuerNameRegistry>

    </identityConfiguration>
  </system.identityModel>

我希望这可以帮助别人

于 2013-05-23T08:06:39.060 回答