Сервис WCF и сервер удостоверений Thinktecture
Я пытаюсь создать сценарий, в котором у меня есть клиент, использующий службу WCF. Я застрял в точке, где я получаю следующую ошибку:
MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.
Я настроил STS на сервере win2008 и все работает правильно, он уже работает с сайтом MVC. Но с сервисом wcf я не могу заставить его работать. Я использую bearerkey в качестве SecurityKeyType. Я получаю токен в функции клиентского приложения RequestToken(). Вот мой конфиг службы wcf:
<system.serviceModel>
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
<host>
<baseAddresses>
<add baseAddress="https://anno99-pc/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
<issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
<serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<!-- Config STS -->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://identityserver.v2.wkp.com/trust/wkp">
<keys>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
</keys>
<validIssuers>
<add name="http://identityserver.v2.wkp.com/trust/wkp" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
Это клиент: это просто консольное приложение.
static void Main(string[] args)
{
var token = RequestToken();
CallService(token);
}
static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
static string _realm = "https://anno99-pc/ClaimWcfService/";
private static void CallService(SecurityToken token)
{
var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IService1>(binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var channel = factory.CreateChannelWithIssuedToken(token);
var data = channel.GetData(1);
}
private static SecurityToken RequestToken()
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = "username";
credentials.UserName.Password = "password";
return WSTrustClient.Issue(
new EndpointAddress(_idsrvEndpoint),
new EndpointAddress(_realm),
binding,
credentials);
}
Если бы кто-нибудь мог мне помочь, это было бы здорово.
1 ответ
Решение
После некоторого поиска в Google и я получил его на работу. Мне пришлось изменить эти части конфигурации.
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/" />
</audienceUris>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
name="idsrv" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
Я надеюсь, что это помогает кому-то