2

메신저 thinktecture identityserver Security Token Service를 사용하여 WCF 서비스를 사용하는 클라이언트가있는 시나리오를 설정하려고합니다.WCF 서비스 및 Thinktecture ID 서버

MessageSecurityException 
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. 
InnerException 
At least one security token in the message could not be validated. 

나는했습니다를 셋업 win2008 서버의 STS와 이미 MVC 사이트로 작업하는 모든 작업 올바른 : 나는 다음 오류가 어디 지점에 갇혔어요. 하지만 wcf 서비스를 사용하면 작동하지 않습니다. 나는 Bearerkey를 SecurityKeyType으로 사용하고 있습니다. 클라이언트 응용 프로그램 함수 RequestToken() 토큰을 가져옵니다. 다음은 내 wcf 서비스 설정입니다.

<system.serviceModel> 
    <services> 
     <service name="ClaimWcfService.Service1"> 
     <endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" /> 
     <host> 
      <baseAddresses> 
      <add baseAddress="https://anno99-pc/"/> 
      </baseAddresses> 
     </host> 
     </service> 
    </services> 
    <bindings> 
     <ws2007FederationHttpBinding> 
     <binding name=""> 
      <security mode="TransportWithMessageCredential"> 
      <message establishSecurityContext="false" issuedKeyType="BearerKey"> 
       <issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" /> 
      </message> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceAuthorization principalPermissionMode="Always" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      <serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <protocolMapping> 
     <add scheme="http" binding="ws2007FederationHttpBinding" /> 
    </protocolMapping> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 

    </system.serviceModel> 

    <!-- Config STS --> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="https://anno99-pc/ClaimWcfService/Service1.svc" /> 
     </audienceUris> 
     <!--Commented by Identity and Access VS Package--> 
     <certificateValidation certificateValidationMode="None" /> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> 
     <authority name="http://identityserver.v2.wkp.com/trust/wkp"> 
      <keys> 
      <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" /> 
      </keys> 
      <validIssuers> 
      <add name="http://identityserver.v2.wkp.com/trust/wkp" /> 
      </validIssuers> 
     </authority> 
     </issuerNameRegistry> 
    </identityConfiguration> 
    </system.identityModel> 

이것은 클라이언트입니다. 단지 콘솔 앱입니다.

static void Main(string[] args) 
{ 
    var token = RequestToken(); 
    CallService(token); 
} 

static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username"; 
static string _realm = "https://anno99-pc/ClaimWcfService/"; 

private static void CallService(SecurityToken token) 
{ 
    var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc"; 

    var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); 
    binding.Security.Message.EstablishSecurityContext = false; 
    binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; 

    var factory = new ChannelFactory<IService1>(binding, 
      new EndpointAddress(serviceEndpoint)); 
    factory.Credentials.SupportInteractive = false; 
    factory.Credentials.UseIdentityConfiguration = true; 

    var channel = factory.CreateChannelWithIssuedToken(token); 

     var data = channel.GetData(1); 
} 

private static SecurityToken RequestToken() 
{ 
    var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential); 

    var credentials = new ClientCredentials(); 
    credentials.UserName.UserName = "username"; 
    credentials.UserName.Password = "password"; 

    return WSTrustClient.Issue(
      new EndpointAddress(_idsrvEndpoint), 
      new EndpointAddress(_realm), 
      binding, 
      credentials); 
} 

누구든지 나를 도와 줄 수 있다면 좋을 것입니다.

답변

6

인터넷 검색 및 시도 후, 나는 작동하도록했습니다. 구성의 이러한 부분을 변경해야했습니다.

<services> 
     <service name="ClaimWcfService.Service1"> 
     <endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" /> 
     </service> 
    </services> 


    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceAuthorization principalPermissionMode="Always" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 

    <system.identityModel> 
    <identityConfiguration saveBootstrapContext="true"> 
     <audienceUris> 
     <add value="https://anno99-pc/ClaimWcfService/" /> 
     </audienceUris> 

     <certificateValidation certificateValidationMode="None" /> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> 
     <trustedIssuers> 
      <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" 
       name="idsrv" /> 
     </trustedIssuers> 
     </issuerNameRegistry> 

    </identityConfiguration> 
    </system.identityModel> 

나는이 도움이 되었으면 좋겠 사람

+0

** 생산 없음 **으로 설정되지 certificateValidationMode을! – Matt