尝试创建自定义 ServiceHostFactory 并查看事件查看器中记录的以下错误。
WebHost 未能处理请求。发件人信息:System.ServiceModel.ServiceHostingEnvironment+HostingManager/38902774 异常:System.ServiceModel.ServiceActivationException:服务“/services/clientservices.svc”由于编译过程中的异常而无法激活。异常消息是:安全令牌管理器无法为要求'System.ServiceModel.Security.Tokens.RecipientServiceModelSecurityTokenRequirement:PropertyName: http: //schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeyType创建令牌身份验证器 属性值:对称键
属性名称:http: //schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeyUsage 属性值:签名
属性名:http: //schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/RequireCryptographicToken 属性值:真
属性名称:http: //schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/KeySize 属性值:0
PropertyName: http: //schemas.microsoft.com/ws/2006/05/identitymodel/securitytokenrequirement/IsOptionalTokenProperty PropertyValue:False PropertyName:http: //schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SupportSecurityContextCancellation PropertyValue : 错误的
属性名称:http: //schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/IsInitiator 属性值:False
属性名:http: //schemas.microsoft.com/ws/2006/05/servicemodel/securitytokenrequirement/SecurityBindingElement 属性值:System.ServiceModel.Channels.SymmetricSecurityBindingElement:DefaultAlgorithmSuite:Basic256 IncludeTimestamp:True KeyEntropyMode:CombinedEntropy MessageSecurityVersion:WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicyToken:t SecurityHeaderLayout:错误 EndpointSupportingTokenParameters:Endorsing[0] System.ServiceModel.Security.Tokens.IssuedSecurityTokenParameters:InclusionMode:AlwaysToRecipient ReferenceStyle:内部 RequireDerivedKeys:True TokenType:samlTokenType KeyType:SymmetricKey KeySize:0 IssuerAddress:https://sirona-locl-use.accesscontrol.windows.net/v2/wstrust/13/certificate IssuerMetadataAddress: null DefaultMessgeSecurityVersion: null UseStrTransform: False IssuerBinding: null ClaimTypeRequirements: none 没有签名的令牌。没有签名的加密令牌。没有签名的背书令牌。OptionalEndpointSupportingTokenParameters:没有背书令牌。没有签名的令牌。没有签名的加密令牌。没有签名的背书令牌。OperationSupportingTokenParameters:无 OptionalOperationSupportingTokenParameters:无 MessageProtectionOrder:SignBeforeEncryptAndEncryptSignature RequireSignatureConfirmation:True ProtectionTokenParameters:System.ServiceModel.Security.Tokens.X509SecurityTokenParameters:InclusionMode:从不 ReferenceStyle:内部 RequireDerivedKeys:True X509ReferenceStyle:Thumbprint
……
这是我正在使用的代码 create servicehostfactory
public class WSTrustServiceHostFactory : ServiceHostFactory
{
public static Binding CreateIssuedTokenForCertificateBinding(string acsCertificateEndpoint)
{
//http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
BindingElementCollection bec = new BindingElementCollection();
bec.Add(SecurityBindingElement.
CreateIssuedTokenForCertificateBindingElement(
new IssuedSecurityTokenParameters("samlTokenType", new EndpointAddress(acsCertificateEndpoint))));
bec.Add(new TextMessageEncodingBindingElement());
bec.Add(new HttpTransportBindingElement());
return new CustomBinding(bec);
}
protected override System.ServiceModel.ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
if (serviceType == null)
throw new ArgumentNullException("serviceType cannot be null");
if (baseAddresses.Count() == 0)
throw new ArgumentException("baseAddresses must have at least 1 member.");
string acsCertificateEndpoint = "https://acs url ...."
WSFederationHttpSecurityMode securityMode = WSFederationHttpSecurityMode.TransportWithMessageCredential;
if ( debugging )
{
securityMode = WSFederationHttpSecurityMode.Message;
}
ServiceHost serviceHost = new ServiceHost(serviceType, baseAddresses);
//IssuedTokenWSTrustBinding issuedTokenWSTrustBinding = new IssuedTokenWSTrustBinding(
// new CertificateWSTrustBinding(securityMode),
// new EndpointAddress(acsCertificateEndpoint));
System.IdentityModel.Configuration.IdentityConfiguration serviceConfiguration =
new System.IdentityModel.Configuration.IdentityConfiguration();
serviceHost.Credentials.ServiceCertificate.Certificate = // fetch acs decryption certificate;
acsSigningCertificate = //fetch acs signing certificate.
ConfigurationBasedIssuerNameRegistry issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry();
issuerNameRegistry.AddTrustedIssuer(acsSigningCertificate.Thumbprint, acsSigningCertificate.SubjectName.Name);
serviceConfiguration.IssuerNameRegistry = issuerNameRegistry;
serviceConfiguration.AudienceRestriction.AudienceMode = System.IdentityModel.Selectors.AudienceUriMode.Always;
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
serviceConfiguration.SecurityTokenHandlers.AddOrReplace(new Saml2SecurityTokenHandler());
// wif 3.5 //serviceHost.AddServiceEndpoint(serviceType.GetInterfaces()[0], issuedTokenWSTrustBinding, String.Empty);
serviceHost.AddServiceEndpoint(serviceType.GetInterfaces()[0], CreateIssuedTokenForCertificateBinding(acsCertificateEndpoint), String.Empty);
//var creds = serviceHost.Description.Behaviors.Find<ServiceCredentials>();
// creds.UseIdentityConfiguration = true;
//creds.IdentityConfiguration = serviceConfiguration;
serviceHost.Credentials.UseIdentityConfiguration = true;
serviceHost.Credentials.IdentityConfiguration = serviceConfiguration;
// <--wif 3.5 FederatedServiceCredentials.ConfigureServiceHost(serviceHost, serviceConfiguration); -->
if (RegionConfiguration.GetSetting<bool>(Settings.CLIENTSERVICES_INCLUDE_EXCEPTION_DETAILS))
{
if (serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>() == null)
{
serviceHost.Description.Behaviors.Add(new ServiceDebugBehavior());
}
serviceHost.Description.Behaviors.Find<ServiceDebugBehavior>().IncludeExceptionDetailInFaults = true;
}
return serviceHost;
}
}
有什么想法吗?