我有一个以编程方式公开WsFederationHttpBinding端点的WCF服务。然后,我想使用Visual Studio使用服务引用对话框创建一个客户端端点。客户机生成正确的端点和绑定,但我必须在客户机配置中为STS手动创建绑定,并将其连接到联邦服务绑定的发行者元素。是否有一种方法可以创建服务器端绑定,以便在客户机上自动生成STS绑定?
这基本上就是我在代码中生成绑定的方式:public class MyServiceHost : ServiceHostFactory
{
protected override void AddServiceEndpoint(ServiceHost host, Type contract, Uri address)
{
var binding = new WSFederationHttpBinding();
// set up some binding properties here
binding.Security = new WSFederationHttpSecurity
{
Mode = WSFederationHttpSecurityMode.Message,
Message = new FederatedMessageSecurityOverHttp
{
AlgorithmSuite = SecurityAlgorithmSuite.Default,
EstablishSecurityContext = true,
IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1",
NegotiateServiceCredential = false,
IssuerAddress = new EndpointAddress(
new Uri("http://mydomain/STSService.svc"),
EndpointIdentity.CreateSpnIdentity("http/IDENTITYMASKED")),
IssuerBinding = new WSHttpBinding
{
Name = "stsBinding",
Security = new WSHttpSecurity
{
Mode = SecurityMode.Message,
Message = new NonDualMessageSecurityOverHttp
{
ClientCredentialType = MessageCredentialType.Windows,
NegotiateServiceCredential = true,
AlgorithmSuite = SecurityAlgorithmSuite.Default,
EstablishSecurityContext = false
}
}
}
}
};
host.AddServiceEndpoint(contract, binding, address);
}
}
当我在Visual Studio中生成代理时,stsBinding不存在于配置或连接中,是否有办法让这种情况发生或MEX不允许它?
不确定它是否有帮助,因为我自己的服务还没有运行,但是我的(目前未测试的)代码设置了FederatedMessageSecurityOverHttp元素的IssuerMetadataAddress,这应该是使客户端向导能够生成绑定的原因。