thinktecture identityserver Security Token Serviceを使用しています。WCFサービスを使用するクライアントがあるシナリオを設定しようとしています。次のエラーが発生する時点で立ち往生しています:
MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.
win2008 サーバーで STS をセットアップしましたが、すべて正常に動作し、MVC サイトで既に動作しています。しかし、wcf サービスでは動作しません。Bearerkey を SecurityKeyType として使用しています。クライアント アプリ関数 RequestToken() でトークンを取得します。これが私のwcfサービス構成です:
<system.serviceModel>
<services>
<service name="ClaimWcfService.Service1">
<endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
<host>
<baseAddresses>
<add baseAddress="https://anno99-pc/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" issuedKeyType="BearerKey">
<issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceCredentials useIdentityConfiguration="true">
<serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<!-- Config STS -->
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://identityserver.v2.wkp.com/trust/wkp">
<keys>
<add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
</keys>
<validIssuers>
<add name="http://identityserver.v2.wkp.com/trust/wkp" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
これがクライアントです。単なるコンソール アプリです。
static void Main(string[] args)
{
var token = RequestToken();
CallService(token);
}
static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
static string _realm = "https://anno99-pc/ClaimWcfService/";
private static void CallService(SecurityToken token)
{
var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IService1>(binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var channel = factory.CreateChannelWithIssuedToken(token);
var data = channel.GetData(1);
}
private static SecurityToken RequestToken()
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = "username";
credentials.UserName.Password = "password";
return WSTrustClient.Issue(
new EndpointAddress(_idsrvEndpoint),
new EndpointAddress(_realm),
binding,
credentials);
}
誰かが私を助けることができれば、それは素晴らしいことです.