자체 작성 WCF 서비스를 사용하기 위해 ADFS 2.0을 사용하는 사용자를 인증하고 싶습니다. 이 서비스는 준비가 완료되었으며 완전히 작동합니다. 또한 ADFS 2.0이 올바르게 설정되었습니다.WCF 서비스 클라이언트 구성이 잘못 생성되었습니다.
코드에서 클라이언트 바인딩을 설정하고 그곳에서 작업을 수행하면 모든 것이 예상대로 작동합니다. 그러나 "업데이트 서비스 참조"에 의해 생성 된 구성을 사용하려고 할 때 바인딩이 잘못되어 예상대로 작동하지 않습니다.
어디에서 누락 되었습니까? 어떤 힌트라도 환영합니다.
오류 주어진
처리되지 않은 예외 : System.ServiceModel.FaultException : 메시지 액션 와 'http://docs.oasis-open.org/ws-sx/ws- trust/200512/RST/Issue '는 EndpointDispatcher에서 ContractFilter가 일치하지 않아 수신자에서 을 처리 할 수 없습니다. 이는 계약 불일치 인 (보낸 사람과받는 사람 사이의 불일치한 작업) 또는 보낸 사람과받는 사람 사이의 바인딩/보안이 일치하지 않음 ( )이 원인 일 수 있습니다. 발신자와 수신기가 동일한 계약 및 동일한 바인딩 (예 : 메시지, 전송, 없음과 같은 보안 요구 사항 포함)을 가지고 있는지 확인합니다.
서버 설정 :
<bindings>
<ws2007FederationHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false">
<issuerMetadata address="https://sts.local.domain/adfs/services/trust/mex" />
<issuer address="https://sts.local.domain/adfs/services/trust/2005/windowstransport" binding="ws2007HttpBinding" />
<claimTypeRequirements>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
<add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />
</claimTypeRequirements>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="None" establishSecurityContext="false" negotiateServiceCredential="true" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
클라이언트 구성 (작동하지 않는) :
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IMyService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<message algorithmSuite="Default" establishSecurityContext="false"
issuedKeyType="SymmetricKey" negotiateServiceCredential="true">
<issuer address="https://sts.local.domain/adfs/services/trust/2005/windowstransport" binding="ws2007HttpBinding" />
<issuerMetadata address="https://sts.local.domain/adfs/services/trust/mex" />
<tokenRequestParameters>
<AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>https://service.machine.local/STSWcfService/MyService.svc</Address>
</EndpointReference>
</AppliesTo>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"
xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<wsid:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
Optional="true" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" />
<wsid:ClaimType Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
Optional="true" xmlns:wsid="http://schemas.xmlsoap.org/ws/2005/05/identity" />
</trust:Claims>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Windows" />
<message clientCredentialType="Windows" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="https://service.machine.local/STSWcfService/MyService.svc"
binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IMyService"
contract="ServiceReference.IMyService" name="WS2007FederationHttpBinding_IMyService" />
</client>
클라이언트 코드에서 바인딩 (일) :
private static SecurityToken GetToken()
{
var factory = new WSTrustChannelFactory(new WindowsWSTrustBinding(SecurityMode.Transport), adfsEndPoint)
{
TrustVersion = TrustVersion.WSTrustFeb2005
};
var requestSecurityToken = new RequestSecurityToken
{
RequestType = WSTrustFeb2005Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(serviceEndPoint),
KeyType = WSTrustFeb2005Constants.KeyTypes.Symmetric
};
var channel = factory.CreateChannel();
return channel.Issue(requestSecurityToken);
}
private static void CallService(SecurityToken token)
{
// create binding and turn off sessions
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
// create factory and enable WIF plumbing
var factory = new ChannelFactory<IMyService>(binding, new EndpointAddress(serviceEndPoint));
factory.ConfigureChannelFactory();
// turn off CardSpace - we already have the token
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
foreach (var claim in channel.GetClaims())
{
Console.WriteLine("{0}\n {1}\n {2} ({3})\n", claim.ClaimType, claim.Value, claim.Issuer, claim.OriginalIssuer);
}
}
업데이트 서비스 참조가 실패하면 몇 가지 경고가 생성됩니다. 오류 창에서 경고를 확인할 수 있습니까? – daryal
어떤 오류가 발생합니까? – Aliostad
구성 파일을 사용할 때 발생하는 오류 메시지를 추가했습니다. – Scoregraphic