为什么传入联合安全令牌时此WCF调用失败

Question

我试图将安全令牌从客户端应用程序传递到WCF服务进行身份验证。

对于这个例子，我只是使用标准的文件，新的WCF应用程序项目，并试图调用GetData方法。

我在客户端上以下异常

{“的消息无法处理。这是最有可能的，因为 行动‘http://tempuri.org/IService1/GetData’不正确，或因为 消息包含无效或过期安全上下文令牌或 ，因为绑定之间不匹配如果服务由于 处于非活动状态而导致服务中止通道，则安全上下文 将无效为防止服务中止空闲会话 过早地增加服务端点上的接收超时 结合。“}

如果我启用的WCF服务，我可以看到下面的错误

有没有通道，可以用行动 ‘http://tempuri.org/IService1/GetData’接受邮件跟踪。

为我服务的Web.config看起来像这样

<?xml version="1.0"?> 
<configuration> 
    <configSections> 
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />   
    </configSections> 

    <system.web> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5"/> 
    </system.web> 

    <!--Configure STS--> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="https://stsserver.security.int/myApp" /> 
     </audienceUris> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"> 
     <trustedIssuers> 
      <add thumbprint="‎3c8fc34bd483b07ba0d1509827fc4788c36247e4" name="StartSSL Login" /> 
     </trustedIssuers> 
     </issuerNameRegistry> 
     <certificateValidation certificateValidationMode="None"/> 
    </identityConfiguration> 
    </system.identityModel> 

    <system.serviceModel> 
    <bindings> 
     <ws2007FederationHttpBinding> 
     <binding name ="IdentityServer"> 
      <security mode="TransportWithMessageCredential"> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
    <services> 
     <service name="Services.Service1" behaviorConfiguration="CertificateBehavior"> 
     <endpoint name="ws" binding="ws2007FederationHttpBinding" bindingConfiguration="IdentityServer" contract="Services.IService1" address=""/> 
     </service> 
    </services> 

    <behaviors> 
     <serviceBehaviors> 
     <behavior name="CertificateBehavior"> 
      <serviceCredentials> 
      <serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> 
      </serviceCredentials> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 

    </system.serviceModel>  
</configuration> 

在我的客户端应用程序的方法调用该WCF服务看起来像这样

static void CallSecuredService(SecurityToken samlToken) 
{ 
    var binding = new WS2007FederationHttpBinding((WSFederationHttpSecurityMode.TransportWithMessageCredential)); 
    binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey; 
    binding.Security.Message.EstablishSecurityContext = false; 

    var factory = new ChannelFactory<IService1>(binding, new EndpointAddress("https://localhost/myservice/Service1.svc")); 
    factory.Credentials.SupportInteractive = false; 
    factory.Credentials.UseIdentityConfiguration = true; 
    var proxy = factory.CreateChannelWithIssuedToken(samlToken); 

    Console.WriteLine(proxy.GetData(1)); 
} 

任何指针，以我的事应该检查会很好，因为我现在在这一点上有点不知所措。我不知道我怎么能进一步调试呢？

Answer 1

我终于设法通过这个错误。问题是服务和客户端绑定之间的小错失匹配。

改变我绑定在web.config中这个固定的问题

<bindings> 
    <ws2007FederationHttpBinding> 
    <binding name ="IdentityServer"> 
     <security mode="TransportWithMessageCredential"> 
     <message issuedKeyType="BearerKey" establishSecurityContext="false"/> 
     </security> 
    </binding> 
    </ws2007FederationHttpBinding> 
</bindings>