目前我正在处理一个项目,我的应用程序必须使用ADFS进行验证才能登录。
我找到了一些代码来从ADFS获取令牌,但它一直给我上面的错误,而没有任何关于错误的好描述。
这是我使用的代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.Net;
using System.IdentityModel.Protocols.WSTrust;
using System.IdentityModel.Tokens;
namespace ADFS_token_test_3
{
class Program
{
static void Main(string[] args)
{
go();
}
static public EndpointAddress ep;
static public WSTrustChannelFactory factory;
public static string go()
{
WS2007HttpBinding binding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
ep = new EndpointAddress("https://companyname.nl/adfs/services/trust/13/usernamemixed");
factory = new WSTrustChannelFactory(binding, ep);
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
factory.Credentials.UserName.UserName = "username";
factory.Credentials.UserName.Password = "password";
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference("https://companyname.nl/adfs/services/trust/13/usernamemixedr"),
KeyType = KeyTypes.Bearer,
};
IWSTrustChannelContract channel = factory.CreateChannel();
// Error line
GenericXmlSecurityToken genericToken = channel.Issue(rst)
as GenericXmlSecurityToken;
return genericToken.TokenXml.InnerXml.ToString();
}
}
}
错误发生在带有错误注释的行上。
有人知道线索吗?
检查是否可以到达CRL分发点
我在一些ADFS Single SignOn web应用程序中遇到过这个问题。ADFS使用PKI证书(例如用于对令牌进行签名)。这些证书通常具有必须可访问的CRL(证书吊销列表)。如果无法检查吊销列表,则可能会出现上述错误消息。对我来说,它是一个防火墙,位于我的应用程序和CDP(CRL分发点)服务器之间。
PS。您可以在查看证书本身的详细信息时验证CDP。