Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
320 views
in Technique[技术] by (71.8m points)

federated identity - How to specify a certificate as the credentials for a wsTrustChannel with Thinktecture IdentityServer

I would have thought that one could basically switch the client credentials from this:

var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = "MyUserName"
clientCredentials.UserName.Password = "MyPassword"

to:

var clientCredentials = new ClientCredentials();
clientCredentials.ClientCertificate.Certificate = myX509Certificate;

and then create a wsTrustChannel to get a security token.

wsTrustChannelFactory.SetCredentials(clientCredentials);

var channel = _wsTrustChannelFactory.CreateChannel(new EndpointAddress(endpointAddress));

var token = channel.Issue(new RequestSecurityToken
{
    TokenType = tokenType,
    AppliesTo = new EndpointReference(realm),
    RequestType = RequestTypes.Issue,
    KeyType = KeyTypes.Bearer
}, out requestSecurityTokenResponse);

The username and password work fine, just using the certificate complains that there's no UserName specified. I was under the impression that the token issuer would look up the associated user from the certificate. Where am I going wrong here?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

EDIT - Double whoops! I was using a UserNameWSTrustBinding for the endpoint, when I should have obviously been using a CertificateWSTrustBinding. Making this change solved this issue.


EDIT - I thought I'd solved this as below, but it's still asking for a Username even on this endpoint. Any ideas?


Whoops! Worked this out about 5 minutes after I posted the above question. There's a different endpoint address for the certificate authentication:

https://servername/identityserver/issue/wstrust/mixed/certificate

instead of

https://servername/identityserver/issue/wstrust/mixed/username

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...