发表新帖
发表新帖

How to pass a certificate to WSTrust to get Saml Token

后端 未结
关注
2 954
野趣味
野趣味 2021-01-21 10:17

Here is an example of getting tokem using WSTrustChannelFactory. From here.

var stsBinding = new WS2007HttpBinding();
stsBinding.Security.Mode = SecurityMode.Tra
相关标签:
2条回答
  • 清酒与你
    2021-01-21 10:57

    Here you go.

    private static SecurityToken RequestSecurityToken()    
{    
    // set up the ws-trust channel factory    
    var factory = new WSTrustChannelFactory(    
        new UserNameWSTrustBinding(
          SecurityMode.TransportWithMessageCredential),    
          _idpAddress);    
    factory.TrustVersion = TrustVersion.WSTrust13;            

    var authCertificate = X509.LocalMachine.My.Thumbprint.Find(Properties.Settings.Default.RassCertificateThumbprint).FirstOrDefault();
    if (authCertificate == null)
        throw new InternalException(String.Format("No atuhentication certificate found in store with thumbprint {0}.", Properties.Settings.Default.ClientCertificateThumbprint));

    // overenie je na zaklade certifikatu RASS
    factory.Credentials.ClientCertificate.Certificate = authCertificate;

    // create token request  
    var rst = new RequestSecurityToken    
    {    
        RequestType = RequestTypes.Issue,
        KeyType = KeyTypes.Symmetric,    
        AppliesTo = new EndpointReference(_serviceAddress.AbsoluteUri)    
    };

    // request token and return
    return factory.CreateChannel().Issue(rst);    
}

    BTW: @Mitch is right about access to the private key. I just took your method and replaced few lines of code.

    0 讨论(0)
  • 野性不改
    2021-01-21 11:02

    Use the ClientCertificate property:

    var stsBinding = new WS2007HttpBinding();
stsBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
stsBinding.Security.Message.EstablishSecurityContext = false;
stsBinding.Security.Message.NegotiateServiceCredential = false;

// select the authentication mode of Client Certificate
stsBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;

var wifChannelFactory = new WSTrustChannelFactory(stsBinding, stsEndpoint);
wifChannelFactory.TrustVersion = TrustVersion.WSTrust13;

// Supply the credentials
wifChannelFactory.Credentials.ClientCertificate.Certificate = config.Certificate;

    The PFX you can import to your certificate store via the certmgr.msc snapin. Make sure that the account your application is running as has access to the private key. You can reference it in the store using the x509certificate2 classes.

    0 讨论(0)
 看不清?
提交回复
热议问题