0

我正在开发 Windows 应用程序(WPF、WCF 和 XAML 等)。还有一个用 VB6(Web 类)设计的遗留 Web 应用程序。该应用程序正在使用框架 4.0,尽管有些已升级到 4.5。简而言之,所有这些都有些遗产。

客户要求关闭 TLS 1.0 和 1.1。在进行注册表更改以关闭上述内容后,我收到一个错误 - “调用者未经服务验证。” 在 WPF 应用程序中。

登录时获取Token的代码如下:

  private SecurityToken GetToken(string username, string password)
  {
     try
     {
        var stsEndpointAddress = EndpointAddressAccess.GetEndpointAddress(ShellState.NimbusSecurityTokenServerConfiguration.BindingProfile,
                                                                   ShellState.NimbusSecurityTokenServerConfiguration.Address);
        var stsBinding = BindingAccess.GetBinding(ShellState.NimbusSecurityTokenServerConfiguration.BindingProfile);

        var tokenClient = new WSTrustChannelFactory(stsBinding, stsEndpointAddress);

        tokenClient.Credentials.UserName.UserName = username;
        tokenClient.Credentials.UserName.Password = password;

        tokenClient.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; // TODO - fix (profile value - lite or secure)

        tokenClient.TrustVersion = TrustVersion.WSTrust13;
        tokenClient.Open();
        // mat_mac 0 Keep the line below : .NET 4.5 version of this code
        //var rst = new RequestSecurityToken(RequestTypes.Issue)
        var rst = new RequestSecurityToken(WSTrust13Constants.RequestTypes.Issue)
        {
           //// TODO - remove or modify this audience section -- coordinate with other settings around Audience and whether it's checked
           // Note - can't just remove this.  Need to set some alternative properties (I think) to state that the audience isn't being validated
           // Without this line the WCF call fails with some obscure errors
           //AppliesTo = new EndpointReference("net.tcp://localhost:9876/AuthenticationWcf")
           //AppliesTo = new EndpointReference("urn://dummy")  // <<----- .NET4.5 Version of this code 
           AppliesTo = new EndpointAddress("urn://dummy")
        };
        var chn = tokenClient.CreateChannel();
        return chn.Issue(rst);
     }
     catch (System.ServiceModel.Security.MessageSecurityException)
     {
        _log.Error("GetToken caught MessageSecurityException");
        return null;
     }
     catch (Exception ex)
     {
        _log.ErrorException("GetToken threw exception", ex);
        return null;
     }
  }

该错误显然作为异常返回 - “GetToken throwed exception”(上图)

如果有人可以提供帮助,我将不胜感激?谢谢和亲切的问候。

4

0 回答 0