У меня есть веб-сайт, который входит в систему с использованием STS, а затем получает делегированный токен с помощью токена начальной загрузки. Затем я пытаюсь использовать маркер delgated для подключения к службе WCF. Я считаю, что мой конфиг WCF это неправильно. Я перепробовал так много разных конфигураций, что потерян.
Я получил различные ошибки из «Описание Не удалось найти канал для получения входящего сообщения. Не найдена ни конечная точка, ни действие SOAP». URI аудитории отсутствует в токене SAML.
Я уверен, что это федеративные конфигурации.
Любые идеи будут полезны!
Или у кого-нибудь есть пример делегирования в службу wcf?
Спасибо!
Это заводской код канала.
private static IService1 GetServiceProxy(SecurityToken token)
{
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
var factory = new ChannelFactory<IService1>(
binding,
new EndpointAddress(serviceAddress));
factory.Credentials.SupportInteractive = false;
factory.ConfigureChannelFactory();
var channel = factory.CreateChannelWithIssuedToken(token);
return channel;
}
Это конфиг служб. У меня есть 3 различных подвязки, которые я тоже пробовал.
<system.serviceModel>
<diagnostics>
<messageLogging logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
logKnownPii="true"
logEntireMessage="true"
logMalformedMessages="true" />
</diagnostics>
<bindings>
<ws2007FederationHttpBinding>
<binding name="ServiceHost_Service1">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="SymmetricKey">
<issuerMetadata address="https://localhost/sts2/issue/wstrust/mex"/>
<issuer address="http://localhost/sts2/issue/wstrust/message/username"
binding="ws2007HttpBinding"
bindingConfiguration="https://localhost/sts2/issue/wstrust/message/username">
<identity>
<certificate encodedValue="certblahblah"/>
</identity>
</issuer>
<tokenRequestParameters></tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/mixed/certificate"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
<binding name="https://localhost/sts2/issue/wstrust/message/username"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
algorithmSuite="Default"
establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<federatedServiceHostConfiguration/>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber">
</serviceCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration"
type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</behaviorExtensions>
</extensions>
<services>
<service name="ServiceHost_Service1">
<endpoint binding="ws2007FederationHttpBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<servicePrincipalName value="localhost"/>
<certificate encodedValue="certblahblah"/>
</identity>
</endpoint>
<endpoint address="MEX" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange"/>
</service>
</services>
<!--<client>
<endpoint binding="customBinding"
bindingConfiguration="ServiceHost_Service1"
contract="ServiceHost.IService1">
<identity>
<userPrincipalName value="localhost"/>
<certificate encodedValue="certblahblahblah"/>
</identity>
</endpoint>
</client>-->
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Это личность
<microsoft.identityModel>
<certificateValidation revocationMode="NoCheck"
certificateValidationMode="None" />
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="c4e675b5add2a7d6d59bbd5e04ca30b440e23eff"
name="Thinktecture.IdentityServer" />
</trustedIssuers>
</issuerNameRegistry>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="false"
issuer="https://localhost/sts2/issue/wsfed"
realm="https://localhost/ServiceHost/" />
<cookieHandler requireSsl="true" />
</federatedAuthentication>
<serviceCertificate>
<certificateReference findValue="1d076d8f9dff87a44b59d09ec0e1bc60"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySerialNumber"/>
</serviceCertificate>