.NET 4.5에서 ADFS를 사용하여 WCF 웹 서비스를 보호하는 방법은 무엇입니까?

Question

ID 및 액세스 도구 (VS 2012의 일부)를 사용하여 회사 ADFS 서버를 사용하도록 WCF를 구성 할 수 있습니다.

관련 Web.config의 내가 콘솔 응용 프로그램에서이 WCF 서비스를 참조 할 때

<system.serviceModel> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <!-- To avoid disclosing metadata information, set the values below to false before deployment --> 
      <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> 
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> 
      <serviceDebug includeExceptionDetailInFaults="false" /> 
      <serviceCredentials useIdentityConfiguration="true"> 
      <!--Certificate added by Identity and Access Tool for Visual Studio.--> 
      <!-- <serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />--> 
      <serviceCertificate findValue="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" /> 
      </serviceCredentials> 
      <serviceAuthorization principalPermissionMode="Always"/> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <protocolMapping> 
     <add scheme="http" binding="ws2007FederationHttpBinding" /> 
     <add binding="basicHttpsBinding" scheme="https" /> 
    </protocolMapping> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
    <bindings> 
     <ws2007FederationHttpBinding> 
     <binding name=""> 
      <security mode="TransportWithMessageCredential"> 
      <message establishSecurityContext="false"> 
       <issuerMetadata address="https://auth1.domain.com/adfs/services/trust/mex" /> 
      </message> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true" /> 
    <!-- 
     To browse web app root directory during debugging, set the value below to true. 
     Set to false before deployment to avoid disclosing web app folder information. 
     --> 
    <directoryBrowse enabled="true" /> 
    </system.webServer> 
    <system.identityModel> 
    <identityConfiguration> 
     <audienceUris> 
     <add value="https://wcfurl.domain.com/" /> 
     </audienceUris> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> 
     <authority name="http://auth1.domain.com/adfs/services/trust"> 
      <keys> 
      <add thumbprint="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" /> 
      </keys> 
      <validIssuers> 
      <add name="http://auth1.domain.com/adfs/services/trust" /> 
      </validIssuers> 
     </authority> 
     </issuerNameRegistry> 
     <!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.--> 
     <certificateValidation certificateValidationMode="None" /> 
    </identityConfiguration> 
    </system.identityModel> 

그러나 호출은 WCF 서비스에 직접한다 (서비스 참조 추가), 그것은 인증을 ADFS로 리디렉션되지 않는다 표준 ASP.NET 응용 프로그램과 같을 것입니다.

코드로 adfs 호출을 구현해야합니까? 그렇다면 그것을하는 방법에 대한 단서?

Answer 1

에릭은 SAML 기반 인증 웹 서비스와 브라우저 기반 애플리케이션 (웹 애플리케이션)에서 서로 다른 인증 메커니즘을 사용합니다. 이 http://msdn.microsoft.com/en-us/magazine/ee335705.aspx

-Peace