2
我有以下代码尝试使用WIF发出“发出”请求。WIF WSTrustSerializationException - 声明方言不能设置为自定义值?
当我运行它时,我得到以下异常。使用定制索赔的问题请求安全令牌是不是可能?
Additional information: ID3257: RequestSecurityToken contains at least one Claim with a Claim value specified but the RequestClaimCollection.Dialect is set to 'urn:custom_namespace:sts:1_0'. The RequestClaimCollection.Dialect must be set to 'http://docs.oasis-open.org/wsfed/authorization/200706/authclaims' for the value to be serialized out.
代码:
private const string CLAIMS_DIALECT = "urn:custom_namespace:sts:1_0";
private const string REQUEST_CLAIM_TYPE = "urn:custom_namespace:sts:1_0";
private const string REQUEST_CLAIM_VALUE = "urn:oasis:names:tc:SAML2.0:consent:current-explicit";
public System.IdentityModel.Tokens.SecurityToken RequestSecurityToken(string input)
{
System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);
WS2007HttpBinding binding = new WS2007HttpBinding();
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
var trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(new Uri(STS_URL)));
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
trustChannelFactory.Credentials.ClientCertificate.Certificate = GetCertificateBySubjectName(LOCALHOST_CERTIFICATE_SUBJECT_NAME);
trustChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
trustChannelFactory.Credentials.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
try
{
RequestSecurityToken rst = new RequestSecurityToken();
rst.AppliesTo = new EndpointAddress(new Uri(APPLIES_TO_URL), new X509CertificateEndpointIdentity(GetCertificateBySubjectName(LOGON_SERVICE_CERTIFICATE_SUBJECT_NAME)));
rst.ActAs = BuildSecurityTokenElementFromInput(input);
rst.RequestType = RequestTypes.Issue;
rst.Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(5));
rst.Claims.Dialect = CLAIMS_DIALECT;
var requestClaim = new RequestClaim(REQUEST_CLAIM_TYPE, false, REQUEST_CLAIM_VALUE);
rst.Claims.Add(requestClaim);
WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();
RequestSecurityTokenResponse rstr = null;
return channel.Issue(rst, out rstr);
}
finally
{
trustChannelFactory.Close();
}
}