1

在修改我的服务以使用联合(参见下面的 web.config)后,我的客户端无法连接它。在我读过的所有内容中,我似乎应该能够创建

var client = new MyService()

然后在该凭据上设置用户名和密码,然后 WCF 负责处理 STS 令牌的内容,但我没有接受 0 个参数的构造函数,我只有一个接受绑定和端点地址的构造函数。我没有看到手动创建绑定的方法,只是想以默认方式使用它,在我只是使用带有 Https 的 basicHTTPBinding 之前,我能够使用默认构造函数创建客户端我不明白为什么会这样不遵循相同的逻辑。

该服务具有 web.config 如下:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>
      <listeners>
        <add type="Microsoft.WindowsAzure.Diagnostics.DiagnosticMonitorTraceListener, Microsoft.WindowsAzure.Diagnostics, Version=2.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" name="AzureDiagnostics">
          <filter type="" />
        </add>
      </listeners>
    </trace>
  </system.diagnostics>
  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <machineKey decryption="AES" decryptionKey="[DecrpytKey]" validation="SHA1" validationKey="[ValidationKey]" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="MyService">
        <endpoint address="" binding="wsFederationHttpBinding" bindingConfiguration="wsFedBinding" contract="MyService.IMyService" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="https://myservice.cloudapp.net/MyService.svc" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <bindings>
      <wsFederationHttpBinding>
        <binding name="wsFedBinding">
          <security mode="TransportWithMessageCredential">
            <message>
              <issuer address="http://mysts.com"/>
              <issuerMetadata address="https://mysts.com/adfs/services/trust/mex" />
              <claimTypeRequirements>
                <add claimType="http://mysts.com/user/UserDomain" isOptional="true"/>
                <add claimType="http://mysts.com/user/Alias" isOptional="true"/>
              </claimTypeRequirements>
            </message>
          </security>
        </binding>
      </wsFederationHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false before deployment -->
          <serviceMetadata httpsGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials useIdentityConfiguration="true">
            <!--Certificate added by Identity and Access Tool for Visual Studio.-->
            <serviceCertificate findValue="[Thumbprint]" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint" />
          </serviceCredentials>
        <serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
    -->
    <directoryBrowse enabled="false" />
  </system.webServer>
  <connectionStrings>
   [Some connection strings]
  </connectionStrings>
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://myservice.cloudapp.net/MyService.svc" />
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://mysts.com">
          <keys>
            <add thumbprint="[Thumbprint]" />
          </keys>
          <validIssuers>
            <add name="http://mysts.com" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
      <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
      <certificateValidation certificateValidationMode="ChainTrust"/>
      <securityTokenHandlers>
        <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </securityTokenHandlers>
    </identityConfiguration>
  </system.identityModel>
  <appSettings>
    <add key="ida:FederationMetadataLocation" value="https://mysts.com/FederationMetadata/2007-06/FederationMetadata.xml" />
    <add key="ida:ProviderSelection" value="productionSTS" />
  </appSettings>
</configuration>
4

0 回答 0