2

使用 VS2012 .Net Framework 4.5,我使用身份和访问插件创建了一个带有本地 STS 的 WCF 服务应用程序。我的目标是能够使用浏览器进行身份验证。到目前为止我做了什么:

  • 添加了 WSFAM 和 SAM 模块。
  • 使用 Fiddler 确保我得到正确的重定向
  • 确保已创建 FedAuth[] cookie。

在创建 cookie (SAM) 之后,我再次被重定向回 STS。这就是我陷入循环的地方。

WCF 和 Web 服务对我来说很新,如果我详细说明了太多,请见谅......

这是我的 web.config:

    <?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>
  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <authorization>
      <deny users="?" />
    </authorization>
    <authentication mode="None" />
    <pages validateRequest="false" />
    <httpRuntime targetFramework="4.5" />
    <compilation debug="true" targetFramework="4.5" />
  </system.web>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials useIdentityConfiguration="true">
            <!--Certificate added by Identity and Access Tool for Visual Studio.-->
            <serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
    </protocolMapping>
    <bindings>
      <basicHttpBinding>
        <binding name="MyBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="WcfFAMTest.Service1">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" contract="WcfFAMTest.IService1" />
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
      </service>
    </services>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
      <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    </modules>
    <directoryBrowse enabled="true" />
  </system.webServer>
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="http://localhost:53655" />
        <add value="http://localhost:53655/Service1.svc" />
      </audienceUris>
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" />
        </trustedIssuers>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <wsFederation passiveRedirectEnabled="true" issuer="http://localhost:15937/wsFederationSTS/Issue" realm="http://localhost:53655" reply="http://localhost:53655" requireHttps="false" />
      <cookieHandler requireSsl="false" />
    </federationConfiguration>
  </system.identityModel.services>
  <appSettings>
    <add key="ida:FederationMetadataLocation" value="http://localhost:15937/wsFederationSTS/FederationMetadata/2007-06/FederationMetadata.xml" />
    <add key="ida:ProviderSelection" value="localSTS" />
    <add key="ida:EnforceIssuerValidation" value="false" />
  </appSettings>
</configuration>

提琴手 提琴手

响应 #10108 - 设置 FedAuth cookie 并重定向到资源 响应 #10108 - 设置 FedAuth cookie 并重定向到资源 Request #10109 - 使用给定的 cookie 请求重定向的资源。 请求 #10109 - 使用给定的 cookie 请求重定向的资源 响应 #10109 - 结果 401,在 #10111 再次重定向到 STS 响应 #10109 - 结果 401,在 #10111 再次重定向到 STS

4

1 回答 1

0

我使用的是不支持这些模块的 WCF Web 服务。切换到 ASP.Net Web 应用程序,配置方式相同,运行良好。

于 2013-10-10T15:33:36.407 回答