WCF客户端错误:“未指定安全令牌发行者的地址”
本文关键字:发行者 令牌 地址 安全 未指定 客户端 错误 WCF | 更新日期: 2023-09-27 18:10:56
我从WCF客户端收到以下错误。"未指定安全令牌发行者的地址。必须在目标'http://site.com/TLAPI.svc'的绑定中指定显式的颁发者地址,或者必须在凭据中配置本地颁发者地址。"
我正在尝试连接到SharePoint服务应用程序。我已经添加了生成下面客户机类的服务引用。下面是我到目前为止的代码:
TipAndLeadAPIContractClient client = new TipAndLeadAPIContractClient(@"CustomBinding_ITipAndLeadAPIContract", @"http://site.com/TLAPI.svc");
client.ChannelFactory.Credentials.SupportInteractive = false;
client.ClientCredentials.UserName.UserName = "user";
client.ClientCredentials.UserName.Password = "password";
client.ConvertToTLForm(@"C:'Clients'ServiceApplication'CAP'capsample1.xml", "tl_library", "http://site/");
下面是我的客户端绑定配置:
<binding name="CustomBinding_ITipAndLeadAPIContract">
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedToken"
requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false">
<issuedTokenParameters keyType="SymmetricKey" tokenType="" />
<localClientSettings cacheCookies="true" detectReplays="true"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap />
</security>
<binaryMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
maxSessionSize="2048">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binaryMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
下面是我的Service Application绑定配置:
<binding name="CalcServiceHttpBinding">
<security authenticationMode="IssuedToken" allowInsecureTransport="true" />
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="1048576" maxArrayLength="2097152" />
</binaryMessageEncoding>
<httpTransport maxReceivedMessageSize="2162688" authenticationScheme="Ntlm" useDefaultWebProxy="false" />
</binding>
使用IssuedToken凭证类型设置绑定:
<issuedTokenParameters keyType="SymmetricKey" tokenType="" />
首先,我不确定为什么您的tokenType
属性是空白的。这应该设置为将要协商的令牌类型,例如SAML令牌,例如tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
。
下一个节点有一个名为<issuer>
的子节点,它允许您指定客户端应该用来协商令牌的安全令牌服务器(STS)的地址。你得到的异常是告诉你这是没有配置的。<issuer>
元素可能如下所示。
<issuer address="https://someserver/SomeSTS" binding="<some binding type>" bindingConfiguration="<some binding configuration for the STS>" />
除了地址之外,您还需要指定绑定类型,该绑定类型应该与您可能需要能够与STS通信的任何自定义配置一起使用。