找不到“System.IdentityModel.Tokens.UserNameSecurityToken"令牌类型的令牌验证器. [英] Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type.
问题描述
我正在尝试让第三方 Java 客户端与我编写的 WCF 服务进行通信.
I am trying to get a third party Java client to communicate with a WCF service I have written.
收到消息时出现以下异常:
I get the following exception when receiving the message:
无法找到令牌验证器'System.IdentityModel.Tokens.UserNameSecurityToken' 令牌类型.代币根据当前的安全性,不能接受这种类型的设置.
Cannot find a token authenticator for the 'System.IdentityModel.Tokens.UserNameSecurityToken' token type. Tokens of that type cannot be accepted according to current security settings.
这是我的配置:
绑定
<customBinding>
<binding name="TestSecureBinding">
<security authenticationMode="MutualCertificate" />
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<httpsTransport requireClientCertificate="true" maxReceivedMessageSize="5242880" />
</binding>
</customBinding>
行为:
<serviceBehaviors>
<behavior name="TestCertificateBehavior">
<serviceCredentials>
<clientCertificate>
<certificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="Test 01"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
端点:
<service name="TestService"
behaviorConfiguration="TestCertificateBehavior">
<endpoint
name="TestEndpoint"
address="https://localhost:443"
contract="TestServiceContract"
binding="customBinding"
bindingConfiguration="TestSecureBinding">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="https://localhost:443" />
</baseAddresses>
</host>
</service>
有人知道这是什么原因吗?
Does anyone know what is causing this?
推荐答案
我已经接受了我无法在配置文件中执行此操作的事实,并已求助于在代码中创建服务主机.
I have accepted that I can't do this in the config file and have resorted to creating the service host in code.
这是创建绑定、绑定元素和创建服务主机的完整示例.
Here is the full example of creating the binding, binding elements and creating the service host.
请注意,您可能没有使用 WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W - 您可能使用的版本比我必须使用的版本更新 - 但只需将其替换为您的服务的正确版本即可.
Please note, you may not be using WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005W - you are probably using a more recent version than I am having to use - but just substitute that for the correct version for your service.
var securityBindingElement = (AsymmetricSecurityBindingElement)SecurityBindingElement.CreateMutualCertificateBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
securityBindingElement.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters());
securityBindingElement.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
securityBindingElement.IncludeTimestamp = true;
securityBindingElement.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.EncryptBeforeSign;
var customBinding = new CustomBinding();
customBinding.Elements.Add(securityBindingElement);
customBinding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressing10, Encoding.UTF8));
customBinding.Elements.Add(new HttpsTransportBindingElement() { MaxReceivedMessageSize = 5242880 });
ServiceHost customServiceHost = new ServiceHost(type);
customServiceHost.AddServiceEndpoint(typeof(ITestServiceContract), customBinding, "https://localhost:443");
customServiceHost.Open();
这篇关于找不到“System.IdentityModel.Tokens.UserNameSecurityToken"令牌类型的令牌验证器.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
