我不认为你可以。但是,在您的情况下,您应该只有一个 WIF 端点将多凭证支持留给 STS。
您可以在 STS 上放置多个端点来处理不同类型的身份验证。例如,一种用于 Windows,一种用于用户名/密码。
去年我做了一个代码营 oz 会议来证明这一点。来源附在我的博客文章http://www.neovolve.com/post/2010/11/21/CodeCampOz-Not-a-WIF-of-federation.aspx上。查看NotAWif Demo\4 - Identity Delegation\NotAWif.DelegationSTS中的 web.config 。
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior"
name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract">
<endpoint address="UserName/IWSTrust13"
binding="ws2007HttpBinding"
bindingConfiguration="ws2007HttpBindingUserNameConfiguration"
contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" />
<endpoint address="Windows/IWSTrust13"
binding="ws2007HttpBinding"
bindingConfiguration="ws2007HttpBindingWindowsConfiguration"
contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" />
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://localhost/NotAWif.DelegationSTS/Service.svc" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="ws2007HttpBindingUserNameConfiguration">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="UserName"
establishSecurityContext="false" />
</security>
</binding>
<binding name="ws2007HttpBindingWindowsConfiguration">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows"
establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate findValue="DefaultApplicationCertificate"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
这就是我如何配置 STS 以支持多种类型的身份验证。RP 应该只处理声明,而不是声明|WindowsIdentity。STS 有责任将特定类型的身份验证转换为 RP 将使用的一组声明。