vb.net - 如何为 wso2 安全 token 服务创建 .NET 客户端

Question

我需要为 wso2 安全 token 服务创建一个 .NET 客户端。

通常我会创建一个简单的控制台或 WinForm 项目，向它添加一个服务引用。公开的 WSDL 将转入一组类，我可以使用这些类来查询服务并正确管理其响应。

不幸的是，生成的请求和响应类是空的:只是没有任何属性或方法的类声明。这类似于另一个(未回答)堆栈溢出问题 https://stackoverflow.com/q/22049080/2131913 中描述的行为

我在此论坛帖子中找到了对该服务的示例请求:http://cxf.547215.n5.nabble.com/Sample-STS-Client-tp4643980p4664175.html我让它与 SOAP UI 一起工作。

是否有一种适当的、可能是自动化的方法来重新创建查询安全 token 服务所需的复杂数据结构？

编辑

好的，经过多次尝试后，我已将上述论坛帖子中的 SOAP 请求减少到仍然从 STS 服务获取 RequestSecurityTokenResponse 所需的最小结构。

    <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
  <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-6D35592DCDDA26FFF3141578725699577">
        <wsse:Username>USERNAME HERE</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD HERE</wsse:Password>
      </wsse:UsernameToken>
      <wsu:Timestamp wsu:Id="TS-6D35592DCDDA26FFF3141578725699576">
        <wsu:Created>2014-11-12T10:14:16.995Z</wsu:Created>
        <wsu:Expires>2014-11-12T10:16:16.995Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
    <wsa:Action soap:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action>
    <wsa:MessageID soap:mustUnderstand="1">uuid:6d4eab69-77f9-42b7-8d6b-1f710020fb0b</wsa:MessageID>
    <wsa:To soap:mustUnderstand="1">STS ENDPOINT ADDRESS HERE</wsa:To>
  </soap:Header>
  <soap:Body>
    <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
      <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
      <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
      <wst:Claims>
        <wsid:ClaimType Uri="http://wso2.org/claims/userid" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity"/>
      </wst:Claims>
    </wst:RequestSecurityToken>
  </soap:Body>
</soap:Envelope>

我已经在我的项目的 app.config 中定义了一个 wsHttpBinding ，如下所示:

  <wsHttpBinding>
    <binding name="SendUsername"  messageEncoding="Text">
      <security mode ="TransportWithMessageCredential">
        <message clientCredentialType ="UserName"/>
        <transport clientCredentialType ="Basic" />
      </security>
    </binding>
  </wsHttpBinding>

添加或不添加 CustomBinding 如下所示:

<customBinding>
     <binding name="wso2carbon-stsSoap12Binding">
      <security defaultAlgorithmSuite="Default" authenticationMode="IssuedToken"
        requireDerivedKeys="true" securityHeaderLayout="Lax" includeTimestamp="true">
        <localClientSettings detectReplays="false" />
        <localServiceSettings detectReplays="false" />
        <issuedTokenParameters keyType ="SymmetricKey" tokenType ="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0">
          <issuer address =STS ENDPOINT ADDRESS HERE binding ="wsHttpBinding" bindingConfiguration ="SendUsername"/>
          <claimTypeRequirements>
            <add claimType ="http://wso2.org/claims/userid"/>
          </claimTypeRequirements>
        </issuedTokenParameters>
      </security>
      <textMessageEncoding messageVersion="Soap12" />
      <httpsTransport />
    </binding>
  </customBinding>

然而，在这两种情况下，请求都会引发超时异常，并使用 WCF 跟踪发出的请求进行检查，我可以看到它缺少 Claims 元素。任何提示？

Answer 1

请引用这篇文章

Security Token Service with WSO2 Identity Server 2.0

有关这方面的更多见解，请参阅:

http://wso2.com/library/3190/

Configuring WSO2 Identity Server Passive STS with an ASP.NET Client