Override/Add 子应用程序中的 IdentityConfiguration
Override/Add IdentityConfiguration in chlild application
我正在创建一个自定义 STS(使用 .NET 4.5),它使用 issuedTokenAuthentication(SAML 1.0 和 SAML 2.0)令牌进行身份验证并发布二进制令牌。
自定义 STS 是另一个使用 WIF 的 .NET 4.5 Web 应用程序的子应用程序,父应用程序具有 <identityConfiguration>。
这阻止我在自定义 STS 中添加 <identityConfiguration name="idConf">,尽管我指定了名称。我在 STS 启动期间收到错误 -
Parser Error Message: ID1024: The configuration property value is not valid.
Property name: ''
Error: 'An item with the same key has already been added.'
在没有 <identityConfiguration name="idConf"> 的情况下,STS 启动但 SAML 令牌验证在 WCF System.ServiceModel tokenValidation 中失败,甚至在 RST 到达自定义 STS 逻辑之前,出现与 audienceUris、颁发者、证书验证等相关的错误.
这是来自 web.config 文件的片段 -
<system.identityModel>
<identityConfiguration name="idConf" >
<certificateValidation certificateValidationMode="None" />
<securityTokenHandlers name="STSTokenHandlers" >
<clear/>
<securityTokenHandlerConfiguration>
<certificateValidation certificateValidationMode="None" />
<audienceUris mode="Never" />
</securityTokenHandlerConfiguration>
<remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="CustomHandler.CustSaml2SecurityTokenHandler, CustomSTS.Business" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
...
<system.serviceModel>
...
<behavior name="WSTrustServiceBehaviour">
<serviceCredentials identityConfiguration="idConf" >
<issuedTokenAuthentication audienceUriMode="Never" certificateValidationMode="None" >
</issuedTokenAuthentication>
</serviceCredentials>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
...
<services>
<service behaviorConfiguration="WSTrustServiceBehaviour" name="CustomSecurityTokenService">
<endpoint name="WSTrust13HttpEndpoint" address="" binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FedttpBinding" contract="System.ServiceModel.Security.IWSTrust13SyncContract" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
我还尝试以编程方式创建 var idConfig = new System.IdentityModel.Configuration.IdentityConfiguration("idConf"); 并对其进行初始化,但在这种情况下我收到错误消息 -
ID7012: No <identityConfiguration> element with the name 'idConf' was found in the <system.identityModel> configuration section.
如何在子应用程序中添加 <identityConfiguration> 而不与父应用程序 <IdentityConfiguration> 发生冲突?
谢谢!
在尝试了多个选项后,似乎声明多个 identityConfiguration 的选项仅限于父或子一个应用程序。如果父 web.config 在 web.config 中存在,则子应用程序无法清除或覆盖它。
但是,如果父应用程序以编程方式创建 identityConfiguration,则子应用程序 web.config 可以创建自己的 identityConfiguration。
我正在创建一个自定义 STS(使用 .NET 4.5),它使用 issuedTokenAuthentication(SAML 1.0 和 SAML 2.0)令牌进行身份验证并发布二进制令牌。
自定义 STS 是另一个使用 WIF 的 .NET 4.5 Web 应用程序的子应用程序,父应用程序具有 <identityConfiguration>。
这阻止我在自定义 STS 中添加 <identityConfiguration name="idConf">,尽管我指定了名称。我在 STS 启动期间收到错误 -
Parser Error Message: ID1024: The configuration property value is not valid.
Property name: ''
Error: 'An item with the same key has already been added.'
在没有 <identityConfiguration name="idConf"> 的情况下,STS 启动但 SAML 令牌验证在 WCF System.ServiceModel tokenValidation 中失败,甚至在 RST 到达自定义 STS 逻辑之前,出现与 audienceUris、颁发者、证书验证等相关的错误.
这是来自 web.config 文件的片段 -
<system.identityModel>
<identityConfiguration name="idConf" >
<certificateValidation certificateValidationMode="None" />
<securityTokenHandlers name="STSTokenHandlers" >
<clear/>
<securityTokenHandlerConfiguration>
<certificateValidation certificateValidationMode="None" />
<audienceUris mode="Never" />
</securityTokenHandlerConfiguration>
<remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="CustomHandler.CustSaml2SecurityTokenHandler, CustomSTS.Business" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
...
<system.serviceModel>
...
<behavior name="WSTrustServiceBehaviour">
<serviceCredentials identityConfiguration="idConf" >
<issuedTokenAuthentication audienceUriMode="Never" certificateValidationMode="None" >
</issuedTokenAuthentication>
</serviceCredentials>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
...
<services>
<service behaviorConfiguration="WSTrustServiceBehaviour" name="CustomSecurityTokenService">
<endpoint name="WSTrust13HttpEndpoint" address="" binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FedttpBinding" contract="System.ServiceModel.Security.IWSTrust13SyncContract" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
我还尝试以编程方式创建 var idConfig = new System.IdentityModel.Configuration.IdentityConfiguration("idConf"); 并对其进行初始化,但在这种情况下我收到错误消息 -
ID7012: No <identityConfiguration> element with the name 'idConf' was found in the <system.identityModel> configuration section.
如何在子应用程序中添加 <identityConfiguration> 而不与父应用程序 <IdentityConfiguration> 发生冲突?
谢谢!
在尝试了多个选项后,似乎声明多个 identityConfiguration 的选项仅限于父或子一个应用程序。如果父 web.config 在 web.config 中存在,则子应用程序无法清除或覆盖它。 但是,如果父应用程序以编程方式创建 identityConfiguration,则子应用程序 web.config 可以创建自己的 identityConfiguration。