我正在使用 .NET 4.5 中包含的 WIF 框架创建 STS。我正在使用 WSTrustServiceHost 自托管此 STS(目前)类(class)。为此,我正在执行以下操作:
var conf = new SecurityTokenServiceConfiguration("isser name here", true)
{
DisableWsdl = true,
SecurityTokenService = typeof(MyTokenService),
};
var ct = new WSTrustServiceContract(conf);
var host = new WSTrustServiceHost(ct);
host.Open();
// ...
如您所见,我正在传入 true到 loadConfig SecurityTokenServiceConfiguration 的参数构造函数,其中,文档说:
true to load settings from the configuration file; otherwise false.
我有一个 identityConfiguration元素在我的配置文件中,但它似乎没有被加载。我可以更改配置文件,例如我可以更改 securityTokenHandlers ,并且这些更改未反射(reflect)在构造的 SecurityTokenServiceConfiguration 中。 .
在我的 app.config 文件中,我有以下内容:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="sts_behavior">
<serviceCredentials useIdentityConfiguration="true" identityConfiguration="the_issuer_id">
<serviceCertificate findValue="7A5D7EB05EC741E45BF4EDA7E574F58DC31EF290" x509FindType="FindByThumbprint" storeName="My" storeLocation="LocalMachine" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<ws2007HttpBinding>
<binding name="sts_binding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<services>
<service name="System.ServiceModel.Security.WSTrustServiceContract" behaviorConfiguration="sts_behavior">
<endpoint address="http://my-machine:54512/tokens" binding="ws2007HttpBinding" contract="System.ServiceModel.Security.IWSTrust13SyncContract" bindingConfiguration="sts_binding" />
</service>
</services>
</system.serviceModel>
可以看出,<serviceCredentials>元素指的是 <identityConfiguration>元素存在于配置文件中,如果我将此名称更改为不匹配 <identityConfiguration>元素,打开服务主机时会抛出错误。这<identityConfiguration>元素仍未使用,但是,我可以 <clear/>安全 token 处理程序,并且在收到请求时仍会使用 token 处理程序。
如何使用最少的编程配置来配置和自托管自定义 STS?
最佳答案
经过大量探索,我发现 SecurityTokenServiceConfiguration 的重载之一构造函数允许指定 <identityConfiguration> 的名称从中加载配置的元素:
//
// Summary:
// Initializes a new instance of the System.IdentityModel.Configuration.SecurityTokenServiceConfiguration
// class that has the specified issuer name and signing credentials. Settings
// are loaded from the specified named configuration.
//
// Parameters:
// issuerName:
// The issuer name. Sets the System.IdentityModel.Configuration.SecurityTokenServiceConfiguration.TokenIssuerName
// property.
//
// signingCredentials:
// The signing credentials for the STS. Sets the System.IdentityModel.Configuration.SecurityTokenServiceConfiguration.SigningCredentials
// property.
//
// serviceName:
// The name of the <identityConfiguration> element from which the configuration
// is to be loaded.
public SecurityTokenServiceConfiguration(string issuerName, SigningCredentials signingCredentials, string serviceName);
关于c# - 如何使 SecurityTokenServiceConfiguration 从 app.config 加载配置信息?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14528102/