Comment transmettre un jeton de sécurité (Réclamations) à un service WCF compatible WIF?

Question

mon escopette:

Comment passez-vous un jeton de sécurité (réclamations) à un service WCF WIF?

Mettre en œuvre la sécurité asp mvc (ok)

Mettre en oeuvre la sécurité dans WCF (non ok)

passer le jeton de client à WCF. (Non ok)

Mon code client

using System.IdentityModel.Tokens; 
    using System.Security.Claims; 
    using System.ServiceModel; 
    using System.ServiceModel.Security; 
    using System.Web.Mvc; 
    using Microsoft.IdentityModel.Protocols.WSTrust; 
    using Nobre.Core.Helpers; 
    using Wcf; 


    namespace Mvc.Controllers 
    { 
     public class HomeController : Controller 
     { 
      [Authorize] 
      public ActionResult Index() 
      { 
       var identity = HttpContext.User.Identity as ClaimsIdentity; 
       var securityToken = WcfHelper.GetActAsToken(identity.BootstrapContext as BootstrapContext); 
       var serviceAddress = "https://estnbr363.nobre.local/Service1.svc"; 
       var binding = new WSFederationHttpBinding(); 

       binding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; 
       binding.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15; 
       binding.Security.Message.NegotiateServiceCredential = true; 
       binding.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey; 
       binding.Security.Message.IssuedTokenType ="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"; 

       var factory = new ChannelFactory<IService1>(binding, serviceAddress); 
       factory.ConfigureChannelFactory(); 
       factory.Credentials.SupportInteractive = false; 
       var channel = factory.CreateChannelActingAs(securityToken); 

       return View(channel.GetData(1)); 

      } 
     } 
    } 


    web config service   
<?xml version="1.0"?> 
<configuration> 
    <configSections> 
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> 
    </configSections> 
    <appSettings> 
    <add key="ida:FederationMetadataLocation" value="https://nobre-security.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml" /> 
    <add key="ida:Issuer" value="https://nobre-security.accesscontrol.windows.net/v2/wsfederation" /> 
    <add key="ida:ProviderSelection" value="ACS" /> 
    </appSettings> 
    <location path="FederationMetadata"> 
    <system.web> 
     <!--<authorization> 
     <allow users="*" /> 
     </authorization>--> 
    </system.web> 
    </location> 
    <system.web> 
    <!--<authorization> 
     <deny users="?" /> 
    </authorization>--> 
    <compilation debug="true" targetFramework="4.5" /> 
    <httpRuntime targetFramework="4.5" /> 
    </system.web> 
    <system.serviceModel> 
    <diagnostics> 
     <messageLogging maxMessagesToLog="25000" logEntireMessage="true" logMessagesAtServiceLevel="false" logMalformedMessages="true" logMessagesAtTransportLevel="true"> 
     <filters> 
      <clear/> 
     </filters> 
     </messageLogging> 
    </diagnostics> 
    <behaviors> 
     <serviceBehaviors> 
     <behavior> 
      <serviceMetadata httpsGetEnabled="true" /> 
      <serviceDebug includeExceptionDetailInFaults="true" /> 
      <serviceCredentials useIdentityConfiguration="true" /> 
      <serviceAuthorization principalPermissionMode="Always" /> 
     </behavior> 
     </serviceBehaviors> 
    </behaviors> 
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> 
    <bindings> 
     <ws2007FederationHttpBinding > 
     <binding > 
      <security mode="TransportWithMessageCredential"> 
      <message issuedKeyType="BearerKey" negotiateServiceCredential="true"> 
       <issuerMetadata address="https://federation.nobre.net.br/adfs/services/trust/mex" /> 
      </message> 
      </security> 
     </binding> 
     </ws2007FederationHttpBinding> 
    </bindings> 
    <services> 
     <service name="Wcf.Service1" behaviorConfiguration=""> 
     <endpoint name="ws2007FederationHttpBinding.Service1" address="ws2007FederationHttpBinding" binding="ws2007FederationHttpBinding" contract="Wcf.IService1" /> 
     </service>  
    </services> 
    </system.serviceModel> 
    <system.webServer> 
    <modules runAllManagedModulesForAllRequests="true" /> 
    <directoryBrowse enabled="true" /> 
    </system.webServer> 
    <system.identityModel> 
    <identityConfiguration saveBootstrapContext="true"> 
     <audienceUris> 
     <add value="https://estnbr363.nobre.local/Service1.svc" /> 
     </audienceUris> 
     <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"> 
     <authority name="https://nobre-security.accesscontrol.windows.net/"> 
      <keys> 
      <add thumbprint="213D414F8E89D865FD10A49C8C8F838A9460EBEE" /> 
      </keys> 
      <validIssuers> 
      <add name="https://nobre-security.accesscontrol.windows.net/" /> 
      </validIssuers> 
     </authority> 
     </issuerNameRegistry>  
     <certificateValidation certificateValidationMode="None" /> 
    </identityConfiguration> 
    </system.identityModel> 
</configuration> 

erreur de ligne

channel.GetData(1); 

L'adresse de l'émetteur du jeton de sécurité n'a pas été spécifiée. Une adresse d'émetteur explicite doit être spécifiée sur le lien vers la destination 'https://estnbr363.nobre.local/Service1.svc' ou l'adresse de l'expéditeur doit être configurée dans les informations d'identification.

the problem are these lines below! how to implement ? 

    // Extract the STS certificate from the certificate store. ????????? 
     X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser); 
     store.Open(OpenFlags.ReadOnly); 
     X509Certificate2Collection certs = store.Certificates.Find(
      X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false); 
     store.Close(); 

     // Create an EndpointIdentity from the STS certificate. ??????????? 
     EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity (certs[0]); 

     // Set the IssuerAddress using the address of the STS and the previously created ??????? 

     // EndpointIdentity. 
     b.Security.Message.IssuerAddress = 
      new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity); 

Answer 1

J'ai eu un problème similaire et ce

factory.Credentials.SupportInteractive = false; 

éteint CardSpace pour moi. Il suffit de le placer après le ConfigureChannelFactory() dans le code client.

[Authorize] 
public ActionResult Index(){ 
    var identity = HttpContext.User.Identity as ClaimsIdentity; 
    var securityToken = WcfHelper.GetActAsToken(identity.BootstrapContext as BootstrapContext); 
    string serviceAddress = "svc"; 
    var binding = new  WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential); 
    var factory = new ChannelFactory<IService>(binding,new EndpointAddress(serviceAddress)); 
    factory.ConfigureChannelFactory(); 
    factory.Credentials.SupportInteractive = false; 
    var channel = factory.CreateChannelActingAs(securityToken); 
    channel.DoWork(); 
} 

SupportInterative:

Obtient ou définit une valeur qui indique si le système est autorisé à invite interactive à l'utilisateur des informations d'identification en cas de besoin. Pour l'exemple , la définition à false peut être souhaitée dans les scénarios de niveau intermédiaire.