如何将证书传递给 WTrust 以获取 Saml 令牌 [英] How to pass a certificate to WSTrust to get Saml Token

问题描述

这是一个使用 WSTrustChannelFactory 获取令牌的示例.从这里.

Here is an example of getting tokem using WSTrustChannelFactory. From here.

var stsBinding = new WS2007HttpBinding();
stsBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
stsBinding.Security.Message.EstablishSecurityContext = false;
stsBinding.Security.Message.NegotiateServiceCredential = false;
stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;


WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(
    stsBinding
    , new EndpointAddress(tokenurl)
    );
trustChannelFactory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13;

X509Store myStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
myStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = myStore.Certificates.Find(X509FindType.FindBySerialNumber, "MycertSerialNumber", true);
X509Certificate2 cert = coll[0];
trustChannelFactory.Credentials.ClientCertificate.Certificate = cert;

WSTrustChannel channel = (WSTrustChannel)trustChannelFactory.CreateChannel();

RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue, keyType);
rst.AppliesTo = new EndpointAddress(realm);
RequestSecurityTokenResponse rstr = null;
rst.TokenType = SecurityTokenTypes.Saml;

SecurityToken token = channel.Issue(rst, out rstr);

现在我没有用户名/密码，但提供商给了我证书 .pfx 文件.我如何将它传递给 WSTrushChannelFactory?我曾尝试使用 CertificateBinding 但没有成功.

Now I don't have a username/password but the provider has given me certificate .pfx file. How do I pass it to the WSTrushChannelFactory? I have tried using CertificateBinding but no success.

以上更新代码:11/05/2014:

Updated Code above: 11/05/2014:

收到此错误:ID3242:无法对安全令牌进行身份验证或授权.

推荐答案

使用 ClientCertificate 属性:

Use the ClientCertificate property:

var stsBinding = new WS2007HttpBinding();
stsBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
stsBinding.Security.Message.EstablishSecurityContext = false;
stsBinding.Security.Message.NegotiateServiceCredential = false;

// select the authentication mode of Client Certificate
stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;

var wifChannelFactory = new WSTrustChannelFactory(stsBinding, stsEndpoint);
wifChannelFactory.TrustVersion = TrustVersion.WSTrust13;

// Supply the credentials
wifChannelFactory.Credentials.ClientCertificate.Certificate = config.Certificate;

您可以导入到您的证书的 PFX 通过 certmgr.msc 管理单元存储.确保您的应用程序运行的帐户为 可以访问私钥.您可以在商店中引用它使用x509certificate2 类.

The PFX you can import to your certificate store via the certmgr.msc snapin. Make sure that the account your application is running as has access to the private key. You can reference it in the store using the x509certificate2 classes.

这篇关于如何将证书传递给 WTrust 以获取 Saml 令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！