WIF STS ID3242: Das Sicherheitstoken konnte nicht authentifiziert oder autorisiert

Ich bin immer folgende Fehler in meinem client-Anwendung, wenn es versucht, sich zu authentifizieren, um mein service:

ID3242: Das Sicherheitstoken konnte nicht authentifiziert oder autorisiert

Hier ist die Konfiguration des Clients:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
  <ws2007HttpBinding>
    <binding name="stsBinding">
      <security mode="Message">
        <message clientCredentialType="UserName"
          establishSecurityContext="false"
          negotiateServiceCredential="true"/>
      </security>
    </binding>
  </ws2007HttpBinding>
  <ws2007FederationHttpBinding>
    <binding name="echoClaimsBinding">
      <security mode="Message">
        <message>
          <claimTypeRequirements>
            <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false"/>
          </claimTypeRequirements>
          <issuer address="http://localhost:17240/STS.svc"
                  bindingConfiguration="stsBinding"
                  binding="ws2007HttpBinding">
            <identity>
              <dns value="WCFSTS"/>
            </identity>
          </issuer>
          <issuerMetadata address="http://localhost:17240/STS.svc/Mex"></issuerMetadata>
        </message>
      </security>
    </binding>
  </ws2007FederationHttpBinding>
</bindings>
<behaviors>
  <endpointBehaviors>
    <behavior name="echoClaimsBehavior">
      <clientCredentials>
        <serviceCertificate>
          <defaultCertificate
            findValue="CN=WCFSTS"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectDistinguishedName"/>
          <authentication
            revocationMode="NoCheck"
            certificateValidationMode="None"/>
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
<client>
  <endpoint address="http://localhost:1438/EchoClaims.svc/EchoClaims"
            binding="ws2007FederationHttpBinding"
            bindingConfiguration="echoClaimsBinding"
            contract="TestService.IEchoClaims"
            name="WS2007FederationHttpBinding_IEchoClaims"
            behaviorConfiguration="echoClaimsBehavior">
    <identity>
      <dns value="WCFServer"/>
    </identity>
  </endpoint>
</client>
</system.serviceModel>
</configuration>

Hier ist die Konfiguration des Dienstes

<?xml version="1.0"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>

<system.web>
<compilation debug="true" targetFramework="4.0">
  <assemblies>
    <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
  </assemblies>
</compilation>
</system.web>

<system.serviceModel>
<services>
  <service name="WcfService1.EchoClaims"
           behaviorConfiguration="echoClaimsBehavior">

    <endpoint address=""
              contract="WcfService1.IEchoClaims"
              binding="ws2007FederationHttpBinding"
              bindingConfiguration="echoClaimsBinding"></endpoint>
    <endpoint address="mex"
           binding="mexHttpBinding"
           contract="IMetadataExchange" />
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="echoClaimsBehavior">

      <serviceMetadata httpGetEnabled="true" />
      <serviceCredentials>           
        <serviceCertificate 
          findValue="CN=WCFServer" 
          storeLocation="LocalMachine" 
          storeName="My" 
          x509FindType="FindBySubjectDistinguishedName" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

<bindings>
  <ws2007FederationHttpBinding>
    <binding name="echoClaimsBinding">
      <security mode="Message">
        <message negotiateServiceCredential="true">
          <!--<issuerMetadata address="http://localhost:17240/STS.svc/mex" />-->
          <claimTypeRequirements>
            <!--Following are the claims offered by STS 'http://localhost:17240/STS.svc'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
            <add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="false" />               
          </claimTypeRequirements>
        </message>
      </security>
    </binding>
  </ws2007FederationHttpBinding>
</bindings>
<diagnostics>
  <messageLogging logEntireMessage="true"
                  logMessagesAtServiceLevel="true"
                  logMessagesAtTransportLevel="true"></messageLogging>
</diagnostics>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<microsoft.identityModel>
<service>
  <audienceUris mode="Never"/>        
  <issuerNameRegistry type="WcfService1.CustomIssuerNameRegistry, WcfService1"/>        
</service>
</microsoft.identityModel>
<system.diagnostics>
<sources>
  <source name="System.ServiceModel" switchValue="Warning, Error, ActivityTracing"
       propagateActivity="true">
    <listeners>
      <add name="ServiceModelTraceListener"/>
    </listeners>
  </source>
</sources>
<sharedListeners>
  <add initializeData="ecb_tracelog.svclog"
                type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                name="ServiceModelTraceListener" traceOutputOptions="Timestamp">
    <filter type="" />
  </add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
</configuration>

Bitte lassen Sie mich wissen, wenn jemand eine Idee hat, wie Sie feststellen, warum die Authentifizierung scheitert. Ich habe in Genf STS-Ablaufverfolgung auf die ausführliche, aber es ist nicht, dass Sie mir keine Nachrichten darüber, warum das Zertifikat nicht authentifiziert werden.

InformationsquelleAutor Miguel Merayo Regueras | 2011-03-07

Schreibe einen Kommentar