以编程方式为受 WIF 保护的 WCF 服务创建客户端代理
以下是我到目前为止所做的工作:
1) 创建一个 ASP.NET MVC 依赖方应用程序并使用 ADFS v2.0 保护它。这有效。
2) 使用声明感知服务模板为 ASP.NET 网站创建 WCF 服务。我已打开该服务的 ASP.NET 兼容性,因为否则该服务不会激活。我已将所述服务的接口移至“SharedContracts”程序集。
3) 使用“添加 STS”引用将 WCF 服务设置为依赖方,同时也指向我的 ADFS 服务器。
4) 配置 ADFS 服务器以包含 WCF 服务作为依赖方并向其发出 LDAP 声明。
我现在想做的是使用 ActAs 与服务对话。换句话说,当有人使用充满声明的令牌从 ASP.NET MVC 站点点击 HomeController.Index() 时(请记住 MVC 站点是依赖方),我希望此方法以编程方式创建客户端代理并调用单个我在 WCF 服务上拥有的服务方法(一种名为“HelloClaim”的方法,它与声明感知服务模板附带的库存方法几乎相同)。
这是我到目前为止得到的代码:
[ValidateInput(false)]
public ActionResult Index()
{
SecurityToken callerToken = null;
IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;
if (claimsPrincipal != null)
{
foreach (IClaimsIdentity claimsIdentity in claimsPrincipal.Identities)
{
if (claimsIdentity.BootstrapToken is SamlSecurityToken)
{
callerToken = claimsIdentity.BootstrapToken;
break;
}
}
string baseAddress = "http://khoffman2/SecureServices/Service.svc";
ChannelFactory<IHelloClaim> factory = new ChannelFactory<IHelloClaim>(new WebHttpBinding(), new EndpointAddress(baseAddress));
factory.ConfigureChannelFactory<IHelloClaim>();
IHelloClaim hello = factory.CreateChannelActingAs<IHelloClaim>(callerToken);
string result = hello.HelloClaim();
ViewData["Message"] = "Welcome to ASP.NET MVC!";
}
return View();
}
当我尝试调用该方法时,收到以下错误消息:
此工厂启用了手动寻址,因此发送的所有消息都必须预先寻址。
我很确定我在以编程方式配置绑定和端点方面做得还不够。如果你们中的任何人以前做过这个或者知道如何做,我很乐意能够让它发挥作用。
最重要的是,我只是使用基本的身份委托场景 - 唯一的区别是我没有使用生成的客户端代理。
Here's what I've done so far:
1) Created an ASP.NET MVC relying party application and secured it with ADFS v2.0. This works.
2) Created a WCF Service using the Claims-Aware service template for an ASP.NET website. I've turned ASP.NET compatibility for the service ON because the service wouldn't activate otherwise. I've moved the interface for said service to a 'SharedContracts' assembly.
3) Set up the WCF service as a relying party using the "Add STS" reference, also pointing at my ADFS server.
4) Configured the ADFS server to include the WCF service as a relying party and issue it LDAP claims.
What I want to do now is talk to the service using ActAs. In other words, when someone hits HomeController.Index() from the ASP.NET MVC site with a token full of claims (remember the MVC site is a relying party), I want this method to programmatically create a client proxy and invoke the single service method I have on the WCF service (a method called "HelloClaim", which is nearly identical to the stock method that comes with the claims-aware service template).
Here's the code I've got so far:
[ValidateInput(false)]
public ActionResult Index()
{
SecurityToken callerToken = null;
IClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as IClaimsPrincipal;
if (claimsPrincipal != null)
{
foreach (IClaimsIdentity claimsIdentity in claimsPrincipal.Identities)
{
if (claimsIdentity.BootstrapToken is SamlSecurityToken)
{
callerToken = claimsIdentity.BootstrapToken;
break;
}
}
string baseAddress = "http://khoffman2/SecureServices/Service.svc";
ChannelFactory<IHelloClaim> factory = new ChannelFactory<IHelloClaim>(new WebHttpBinding(), new EndpointAddress(baseAddress));
factory.ConfigureChannelFactory<IHelloClaim>();
IHelloClaim hello = factory.CreateChannelActingAs<IHelloClaim>(callerToken);
string result = hello.HelloClaim();
ViewData["Message"] = "Welcome to ASP.NET MVC!";
}
return View();
}
When I attempt to invoke the method, I get the following error message:
Manual addressing is enabled on this factory, so all messages sent must be pre-addressed.
I'm pretty sure I'm just not doing enough to configure the binding and the endpoint programmatically. If any of you have done this before or you know how to do it, I would love to be able to get this working.
Bottom line is I'm just making use of the basic identity delegation scenario - the only difference is I'm not using generated client proxies.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
请查看 TechNet 上的本指南,因为它提供了有关如何设置您所描述的方案的演练:
http://technet.microsoft.com/en-us/library/adfs2-identity-delegation-step-by- step-guide(WS.10).aspx
在他们的示例中,我相信他们使用的是标准 WebForms,但在 MVC 的情况下,您可以将 ChannelFactory 初始化放在 Application_Start 内的 Global.asax 中。
Take a look at this guide over at TechNet as it has a walkthrough on how to setup the scenario you've described:
http://technet.microsoft.com/en-us/library/adfs2-identity-delegation-step-by-step-guide(WS.10).aspx
In their example, I believe they are using standard WebForms, but in the case of MVC you can put the ChannelFactory initialization within the Global.asax within the Application_Start.