本文介绍了不安全或不正确安全的故障从对方收到。(当使用SAML工作)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是新来的WCF Web服务。目前我正在联合Web服务与联邦绑定(SAML)。我注意到MSDN例子帮助的SAML令牌Provider'.but的问题是,我不能够使用该服务,当我使用它,它会抛出无担保或不正确安全的故障,从另一方接收的与内部异常为的处理消息中的安全令牌时发生错误。

I'm new to WCF web service. currently i'm working on a federated web service with federation binding(SAML) .I took help of MSDN examples on 'SAML Token Provider'.but the problem is that i'm not able to consume the service ,when i consume it, it throws "An unsecured or incorrectly secured fault was received from the other party" with inner exception as "An error occurred when processing the security tokens in the message."

这是在服务器端

 <?xml version="1.0"?>
  <configuration>
   <system.web>
     <compilation debug="true" targetFramework="4.0"/>
   </system.web>
   <system.serviceModel>
     <bindings>
       <wsFederationHttpBinding>
          <binding name="Binding1">
            <security mode="Message" >
              <message negotiateServiceCredential ="false" issuedKeyType ="AsymmetricKey"
                             issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
              </message>
            </security>
          </binding>
          <!-- Binding that expect SAML tokens with Asymmetric proof keys -->
          <binding name="Binding2">
             <security mode="Message">
                <message negotiateServiceCredential ="false"
                             issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
                </message>
             </security>
          </binding>
       </wsFederationHttpBinding>
    </bindings>
    <services>
    <!--<service name="MobileInterfaceWCFService.MobileService" behaviorConfiguration="MobileInterfacebehavior">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basic_http" contract="MobileInterfaceWCFService.IMobileInterface" />
        </service>
        <service name ="MobileInterfaceWCFService.MobileService" behaviorConfiguration="MobileInterfaceWCFService.Service1Behavior">
            <endpoint address="" binding="wsHttpBinding" contract="MobileInterfaceWCFService.IMobileInterface" bindingName="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService" bindingConfiguration="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
        </service> -->
        <service name ="MobileInterfaceWCFService.MobileService" behaviorConfiguration="MobileInterfaceWCFService.SamlTokenBehavior">
            <endpoint address="" binding="wsFederationHttpBinding" contract="MobileInterfaceWCFService.IMobileInterface" bindingName="Binding1" bindingConfiguration="Binding1">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
        </service>
    </services>
    <client>
        <endpoint address="http://host-root/MobileSharedWebService/MobileSharedWebService.svc" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService" contract="ServiceReference1.ITMMobileSharedWebService" name="wsHttpBinding_ITMNetWCFService_ITMMobileSharedWebService">
            <identity>
                <dns value="localhost"/>
            </identity>
        </endpoint>
    </client>
    <behaviors>
        <serviceBehaviors>
            <behavior name="MobileInterfacebehavior">
                <!--<serviceMetadata httpGetEnabled="true" />-->
            </behavior>
            <behavior name="MobileInterfaceWCFService.Service1Behavior">
                <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
            <!--    <serviceMetadata httpGetEnabled="true"/> -->
                <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
                <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>

            <behavior name="MobileInterfaceWCFService.SamlTokenBehavior">
                <serviceMetadata httpGetEnabled="true"  />
                <!--
                    The serviceCredentials behavior allows one to define a service certificate.
                    A service certificate is used by a client to authenticate the service and provide message protection.
                    This configuration references the "localhost" certificate installed during the setup instructions.
                    -->
                <serviceCredentials>
                    <!-- Set allowUntrustedRsaIssuers to true to allow self-signed, asymmetric key based SAML tokens -->
                    <issuedTokenAuthentication allowUntrustedRsaIssuers ="false" >
                        <!-- Add Alice to the list of certs trusted to issue SAML tokens -->
                        <knownCertificates>
                            <add storeLocation="LocalMachine"
                                 storeName="TrustedPeople"
                                 x509FindType="FindBySubjectName"
                                 findValue="Alice"/>
                            </knownCertificates>
                    </issuedTokenAuthentication>
                    <serviceCertificate storeLocation="LocalMachine"
                                        storeName="My"
                                        x509FindType="FindBySubjectName"
                                        findValue="localhost"  />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <handlers accessPolicy="Read, Script" />
    <security>
        <authentication>
            <anonymousAuthentication enabled="true" />
            <windowsAuthentication enabled="true" />
        </authentication>
    </security>
    <asp enableParentPaths="true" />
</system.webServer>

<system.diagnostics>
        <sources>
            <source name="System.ServiceModel"
                    switchValue="Information, ActivityTracing"
                    propagateActivity="true">
                <listeners>
                    <add name="traceListener"
                        type="System.Diagnostics.XmlWriterTraceListener"
                        initializeData= "c:\log\Traces.svclog" />
                </listeners>
            </source>
        </sources>
    </system.diagnostics>

     </configuration>

下面是消费终端

<?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.serviceModel>
    <bindings>
        <wsFederationHttpBinding>
         <binding name="Binding1_IMobileInterface"  >
            <security mode="Message">
                <message issuedKeyType="AsymmetricKey"      issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
                    negotiateServiceCredential="false"  >
                </message>
                </security>
            </binding>
        </wsFederationHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost/WCF_MobileInterface/MobileService.svc"
            binding="wsFederationHttpBinding" bindingConfiguration="Binding1_IMobileInterface"
            contract="ServiceReference1.IMobileInterface" name="Binding1_IMobileInterface">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>
  </configuration>

注:我已经尝试了所有这些均与相同类型的错误/问题的解决方案在计算器以及对谷歌,但未能解决问题

任何快速帮助将不胜感激

在此先感谢

推荐答案

我已经解决了错误不得不添加下面根据我的 wsfederationbinding

I have resolved error which i had mentioned above.I had to add following tag under my wsfederationbinding

<allowedAudienceUris>
    <add allowedAudienceUri="http://localhost/WCF_MobileInterface/MobileService.svc"/>
</allowedAudienceUris>



中提到的URI的 allowedAudienceuri 属性是主机WCF服务。

the uri mentioned within allowedAudienceuri attribute is the host WCF service.

其实我才知道这是错误,当我加入了以下标签来承载WCF服务的Web配置文件()

Actually i got to know this was the error when I added the following tag to host WCF service's web config file(),

<serviceSecurityAudit  auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true" />



下的行为标签,它是映射到我的 wsfederationbinding ,这个标签会记录。在system`s事件查看器中应用程序日志类别确切的错误信息

under behavior tag which was mapping to my wsfederationbinding,this tag logs the exact error message within application log category within system`s eventviewer.

注:我已使在服务器和消费水平的跟踪,它没有给予适当的错误message.but我发现这个问题在事件查看器

Note: I had enabled tracing at server and consumer level, it didnt give proper error message.but I found the issue by checking the error logs in event viewer

检查错误日志希望这可以帮助别人谁是类似那种挣扎错误。

hope this helps someone who is struggling with similar sort of error.

这篇关于不安全或不正确安全的故障从对方收到。(当使用SAML工作)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 21:46