任何“持有人”的“持有人”样品在那里？ [英] Any "holder-of-key" samples out there?

问题描述

在Thinktecture.IdentityModel中有一个示例，其中包含支持"bearer key"的自定义绑定。

我正在寻找一个描述如何支持'活动案例'，客户端是
用另一个密钥（证明密钥？）从STS签署令牌。并且通过这个保护自己免受中间人攻击，并向RP证明它是安全令牌的正当所有者，它提供了b
在消息中。



想法是使用WsTrustChannelFactory检索SAML 2.0令牌并使用

扩展方法CreateChannelWithSecurityToken。 / p>

我觉得困难的是如何将它与我的自定义绑定的

安全绑定设置的设置结合起来。此外，我不确定如何正确设置RST属性。



此外，我发现很难看到实际的"魔法"在哪里。正在发生。

所以如果有人能指出一些关于这个主题的例子或文章，那就太好了！谢谢！

 

解决方案

对称实际上是默认情况。但不是客户端使用证明密钥 - 它是STS。

WSTrustChannel封装了该功能。

In Thinktecture.IdentityModel there is an example with a custom binding supporting a "bearer key".

I am looking for a simular example that describes how to support the 'active case' where the client
signs the token from an STS with another key (proof key?). And through this protect itself against
man-in-the-middle attacks, and to prove to the RP that it is the righful owner of the security token that
it presents in the message.

The idea is to use the WsTrustChannelFactory to retrieve a SAML 2.0 token and to use the
extension method CreateChannelWithSecurityToken.

The bit I find difficult is how to combine this with the settings of my custom binding's
security binding settings. Also I am not sure how to set the RST properties correctly.

Also I find it hard to see where the actual "magic" is taking place.

So if anyone could point to some example or article on this subject, that would be great! Thanks!

 

解决方案

Symmetric is actually the default case. But it is not the client using the proof key - it's the STS.

WSTrustChannel encapsulates that functionality.

这篇关于任何“持有人”的“持有人”样品在那里？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！