0

使用身份和访问工具(VS 2012 的一部分),我能够配置 WCF 以使用我们公司的 ADFS 服务器。

相关web.config

 <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceCredentials useIdentityConfiguration="true">
            <!--Certificate added by Identity and Access Tool for Visual Studio.-->
            <!-- <serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />-->
            <serviceCertificate findValue="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
          </serviceCredentials>
          <serviceAuthorization principalPermissionMode="Always"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
      <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name="">
          <security mode="TransportWithMessageCredential">
            <message establishSecurityContext="false">
              <issuerMetadata address="https://auth1.domain.com/adfs/services/trust/mex" />
            </message>
          </security>
        </binding>
      </ws2007FederationHttpBinding>
    </bindings>
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
      -->
    <directoryBrowse enabled="true" />
  </system.webServer>
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://wcfurl.domain.com/" />
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://auth1.domain.com/adfs/services/trust">
          <keys>
            <add thumbprint="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
          </keys>
          <validIssuers>
            <add name="http://auth1.domain.com/adfs/services/trust" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
      <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
      <certificateValidation certificateValidationMode="None" />
    </identityConfiguration>
  </system.identityModel>

但是,当我从控制台应用程序(添加服务引用)引用此 WCF 服务时,调用是直接对 WCF 服务进行的,它不会像使用标准 ASP.NET 应用程序那样重定向到 ADFS 进行身份验证。

我真的必须通过代码实现对 adfs 的调用吗?如果是这样,有什么线索可以做吗?

4

1 回答 1

1

Eric 在基于 SAML 的身份验证 Web 服务和基于浏览器的应用程序(即 Web 应用程序)中使用不同的身份验证机制。尝试查看被动与主动身份验证,在您的情况下,客户端应使用 WS-Trust 驱动身份验证(主动客户端),因为 Web 服务调用中没有重定向。查看此http://msdn.microsoft.com/en -我们/杂志/ee335705.aspx

-和平

于 2014-10-02T14:50:11.873 回答