如何配置WCF以使用Azure ACS的URN格式的自定义Realm?
如何使用ACS对我的内部托管的WCF服务进行WCF客户端身份验证?问题围绕设置自定义Realm(我无法弄清楚如何设置)。
我的ACS配置类似于ACS Samples,但“Realm”的定义如下所示。
摘自Azure ACS配置页面
客户端代码
EndpointAddress serviceEndpointAddress = new EndpointAddress( new Uri( "http://localhost:7000/Service/Default.aspx"),
EndpointIdentity.CreateDnsIdentity( GetServiceCertificateSubjectName() ),
new AddressHeaderCollection() );
ChannelFactory<IStringService> stringServiceFactory = new ChannelFactory<IStringService>(Bindings.CreateServiceBinding("https://agent7.accesscontrol.appfabriclabs.com/v2/wstrust/13/certificate"), serviceEndpointAddress );
// Set the service credentials.
stringServiceFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
stringServiceFactory.Credentials.ServiceCertificate.DefaultCertificate = GetServiceCertificate();
// Set the client credentials.
stringServiceFactory.Credentials.ClientCertificate.Certificate = GetClientCertificateWithPrivateKey();
服务器端代码
string acsCertificateEndpoint = String.Format( "https://{0}.{1}/v2/wstrust/13/certificate", AccessControlNamespace, AccessControlHostName );
ServiceHost rpHost = new ServiceHost( typeof( StringService ) );
rpHost.Credentials.ServiceCertificate.Certificate = GetServiceCertificateWithPrivateKey();
rpHost.AddServiceEndpoint( typeof( IStringService ),
Bindings.CreateServiceBinding( acsCertificateEndpoint ),
"http://localhost:7000/Service/Default.aspx"
);
//
// This must be called after all WCF settings are set on the service host so the
// Windows Identity Foundation token handlers can pick up the relevant settings.
//
ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;
// Accept ACS signing certificate as Issuer.
serviceConfiguration.IssuerNameRegistry = new X509IssuerNameRegistry( GetAcsSigningCertificate().SubjectName.Name );
// Add the SAML 2.0 token handler.
serviceConfiguration.SecurityTokenHandlers.AddOrReplace( new Saml2SecurityTokenHandler() );
// Add the address of this service to the allowed audiences.
serviceConfiguration.SecurityTokenHandlers.Configuration.AudienceRestriction.AllowedAudienceUris.Add( new Uri( "urn:federation:customer:222:agent:11") );
FederatedServiceCredentials.ConfigureServiceHost( rpHost, serviceConfiguration );
return rpHost;
...其中urn:federation:customer:222:agent:11
是依赖方ID
...和http://localhost:7000/Service/Default.aspx
是我希望上述WCF / WIF客户端在进行ACS身份验证后绑定到的位置。
题
如何编辑上面的代码,以便客户端和服务器都可以针对某个端口(localhost:700)以及urn领域进行操作:federation:customer:222:agent:11
我想我的服务器代码是正确的;但是如何在客户端设置AudienceRestriction
?
没有找到相关结果
已邀请:
3 个回复
导力疵谜
械怒等
。它会覆盖令牌请求消息的
元素。
在服务配置中添加相同的代码段将导致服务引用实用程序将其包含在服务客户端的
元素中。必须将其移动到父
元素才能正常工作。
哭木算