WCF 服务和 Thinktecture Identity 服务器

Question

我正在使用 thinktecture identityserver安全 token 服务我正在尝试设置一个场景，其中我有一个使用 WCF 服务的客户端。我被困在遇到下一个错误的地方:

MessageSecurityException
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerException
At least one security token in the message could not be validated.

我已经在 win2008 服务器上设置了 STS，并且所有工作正常，它已经在 MVC 站点上工作了。但是使用 wcf 服务我无法让它工作。我使用 bearerkey 作为 SecurityKeyType。我确实在客户端应用程序函数 RequestToken() 中获得了一个 token 。这是我的 wcf 服务配置:

<system.serviceModel>
    <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="ClaimWcfService" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
        <host>
          <baseAddresses>
            <add baseAddress="https://anno99-pc/"/>
          </baseAddresses>
        </host>
      </service>
    </services>  
    <bindings>
      <ws2007FederationHttpBinding>
        <binding name="">
          <security mode="TransportWithMessageCredential">
            <message establishSecurityContext="false" issuedKeyType="BearerKey">
               <issuerMetadata address="https://serveradress/Idsrv/issue/wstrust/mex" />
            </message>
          </security>
        </binding>
      </ws2007FederationHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          <serviceCertificate findValue="ANNO99-PC" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
      <add scheme="http" binding="ws2007FederationHttpBinding" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

  </system.serviceModel>

  <!-- Config STS -->
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/Service1.svc" />
      </audienceUris>
      <!--Commented by Identity and Access VS Package-->
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://identityserver.v2.wkp.com/trust/wkp">
          <keys>
            <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB" />
          </keys>
          <validIssuers>
            <add name="http://identityserver.v2.wkp.com/trust/wkp" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>

这是客户端:它只是一个控制台应用程序。

static void Main(string[] args)
{
   var token = RequestToken();
   CallService(token);
}

 static string _idsrvEndpoint = "https://serveradress/Idsrv/issue/wstrust/mixed/username";
 static string _realm = "https://anno99-pc/ClaimWcfService/";

 private static void CallService(SecurityToken token)
 {
     var serviceEndpoint = "https://anno99-pc/ClaimWcfService/Service1.svc";

     var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
     binding.Security.Message.EstablishSecurityContext = false;
     binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;

     var factory = new ChannelFactory<IService1>(binding,
            new EndpointAddress(serviceEndpoint));
     factory.Credentials.SupportInteractive = false;
     factory.Credentials.UseIdentityConfiguration = true;

     var channel = factory.CreateChannelWithIssuedToken(token);

        var data = channel.GetData(1);
 }

 private static SecurityToken RequestToken()
 {
     var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

     var credentials = new ClientCredentials();
     credentials.UserName.UserName = "username";
     credentials.UserName.Password = "password";

     return WSTrustClient.Issue(
            new EndpointAddress(_idsrvEndpoint),
            new EndpointAddress(_realm),
            binding,
            credentials);
 }

如果有人能帮助我，那就太好了。

Answer 1

经过一番谷歌搜索和尝试后，我让它开始工作了。我不得不更改配置的这些部分。

  <services>
      <service name="ClaimWcfService.Service1">
        <endpoint address="" binding="ws2007FederationHttpBinding" bindingConfiguration="" contract="ClaimWcfService.IService1" />
      </service>
    </services>


     <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceAuthorization principalPermissionMode="Always" />
          <serviceCredentials useIdentityConfiguration="true">
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>

  <system.identityModel>
    <identityConfiguration saveBootstrapContext="true">
      <audienceUris>
        <add value="https://anno99-pc/ClaimWcfService/" />
      </audienceUris>

      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
        <trustedIssuers>
          <add thumbprint="A540AD5B90B8459E919B39301B89F279A3AAEADB"
               name="idsrv" />
        </trustedIssuers>
      </issuerNameRegistry>

    </identityConfiguration>
  </system.identityModel>

希望对大家有帮助