如何解决此 WIF/WCF 异常?
Posted
技术标签:
【中文标题】如何解决此 WIF/WCF 异常?【英文标题】:How do I resolve this WIF/WCF exception? 【发布时间】:2014-03-06 02:01:39 【问题描述】:我正在尝试实现How To: Enable WIF for a WCF Web Service Application。我一直到第 3 步 - 测试您的解决方案,我得到以下异常:
没有发现机器上安装了 CardSpace 服务的版本。请安装 CardSpace 并重试操作。
异常发生在Client项目的Program.cs第23行:
Console.WriteLine(client.ComputeResponse("Hello World"));
堆栈跟踪:
服务器堆栈跟踪: 在 System.IdentityModel.Selectors.CardSpaceShim.GetCardSpaceImplementationDll() 在 System.IdentityModel.Selectors.CardSpaceShim.InitializeIfNecessary() 在 System.IdentityModel.Selectors.CardSpaceSelector.GetToken(CardSpacePolicyElement[] policyChain, SecurityTokenSerializer tokenSerializer) 在 System.ServiceModel.Description.ClientCredentials.GetInfoCardSecurityToken(Boolean requiresInfoCard, CardSpacePolicyElement[] 链, SecurityTokenSerializer tokenSerializer) 在 System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs) 在 System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
在 [0] 处重新抛出异常: 在 System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult 结果) 在 System.ServiceModel.Dispatcher.ImmutableClientRuntime.DisplayInitializationUIAsyncResult.End(IAsyncResult 结果) 在 System.ServiceModel.Dispatcher.ImmutableClientRuntime.EndDisplayInitializationUI(IAsyncResult 结果) 在 System.ServiceModel.Dispatcher.ImmutableClientRuntime.DisplayInitializationUI(ServiceChannel 通道) 在 System.ServiceModel.Channels.ServiceChannel.DisplayInitializationUI() 在 System.ServiceModel.Channels.ServiceChannel.CallDisplayUIOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel 通道,TimeSpan 超时) 在 System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan 超时,CallOnceManager 级联) 在 System.ServiceModel.Channels.ServiceChannel.EnsureDisplayUI() 在 System.ServiceModel.Channels.ServiceChannel.Call(字符串操作,布尔单向,ProxyOperationRuntime 操作,Object[] 输入,Object[] 输出,TimeSpan 超时) 在 System.ServiceModel.Channels.ServiceChannel.Call(字符串操作,布尔单向,ProxyOperationRuntime 操作,Object[] 输入,Object[] 输出) 在 System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime 操作) 在 System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage 消息)
1: 处重新抛出异常 在 System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) 在 System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 类型) 在 Client.ServiceReference1.IService1.ComputeResponse(字符串输入) 在 c:\Users\currentuser\Documents\Visual Studio 2012\Projects\TestService\Client\Service References\ServiceReference1\Reference.cs: 53 行中的 Client.ServiceReference1.Service1Client.ComputeResponse(字符串输入) 在 c:\Users\currentuser\Documents\Visual Studio 2012\Projects\TestService\Client\Program.cs:line 23 中的 Client.Program.Main(String[] args)
【问题讨论】:
【参考方案1】:在您对我之前的回答发表评论后,我在本教程上花了很长时间试图重现您的问题(这很容易)并修复它(这很困难)。
问题是,身份和访问扩展有一个错误,并在服务的 web.config 中放置了错误的颁发者地址。如果您查看 2013 年 8 月 13 日 homepage of Identity and Access tool 上 ChrisPD 的评论,您会看到:
克里斯警察: 在继续调查此问题时,我注意到身份和访问工具将颁发者元数据地址放入“
https://localhost/adfs/services/trust/mex
”的配置文件中,而不是“http://localhost:15196/wsTrustSTS/mex
”的正确值,其中 15196 是工具中分配的端口号。当我将其替换为服务配置并运行添加服务引用时,它生成了一个发行者地址http://localhost:15196/wsTrustSTS/
。 因此,Identity and Access 工具中似乎存在一个错误,即在选择 LocalSTS 时它没有插入正确的 issuerMetadata 地址。
我完全按照 ChrisPD 的建议进行操作,但在构建证书链时遇到了小问题,因为 Identity and Access 工具在示例中使用的证书是自签名的,并且仅放置在 LocalMachine\My 商店中。因此它不被信任。我也将它复制到 LocalMachine\Root 存储(我使用了 mmc 控制台)并且它有效。
编辑: 我的 web.config 看起来像
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="ida:FederationMetadataLocation" value="http://localhost:14060/wsFederationSTS/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:ProviderSelection" value="localSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials useIdentityConfiguration="true">
<!--Certificate added by Identity and Access Tool for Visual Studio.-->
<serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="Message">
<message>
<issuerMetadata address="http://localhost:14060/wsTrustSTS/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:49768/Service1.svc" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="LocalSTS"><keys><add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" /></keys><validIssuers><add name="LocalSTS" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="9B74CB2F320F7AAFC156E1252270B1DC01EF40D0" name="LocalSTS" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
</configuration>
和 app.config 类似:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IService1">
<security>
<message>
<issuer address="http://localhost:14060/wsTrustSTS/" binding="ws2007HttpBinding"
bindingConfiguration="http://localhost:14060/wsTrustSTS/">
<identity>
<userPrincipalName value="ellework\ppolacko" />
</identity>
</issuer>
<issuerMetadata address="http://localhost:14060/wsTrustSTS/mex" />
<tokenRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="http://localhost:14060/wsTrustSTS/">
<security>
<message establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:49768/Service1.svc" binding="ws2007FederationHttpBinding"
bindingConfiguration="WS2007FederationHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WS2007FederationHttpBinding_IService1">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAydG2/dJ6+Purio4Xzd3ztFWxsDUgAAAAAQAAANUBAAAwggHRMIIBOqADAgECAhB4dGIh+3ScrU79RRAyML8sMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMzAyMjExNTU5MDBaFw0xODAyMjEwMDAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2d2XGXk/bvHmqv0Fl3conPWldZ3U5AblUnGH8+ew7u4GnWgQ2kL1aQXDf4eGGCBd0rtkUn0cggwE1Fh9TtLQ21RuWjLpAu86xQZCgxycAfu07Axyt8CCOshbkyfW5u+PRS5vUH9nDm4eG4X5y+8NKcyTcCwCrJUBVRXNgpu1VzcCAwEAAaMkMCIwCwYDVR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAHfckVaKBDdQML7KcQkR6gHVj4icw/uoTBdrQH7OrKEUTa9CzL6yDyTRXw2IhMU60eHD3JzVWX3HYQX2z76vZ2F0C2BAKN1xtai0uASFJE7Hfjuj9wZy7Sp8ZuJ3Xchu+OCXHW65l3iPFndRaZMGTHZOhEE2BeI1a0VEu+VSSKyx" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
【讨论】:
这似乎与教程不兼容。我在哪里可以得到findValue
的值,为什么我需要设置supportInteractive
="false" 当该工具应该为您处理WIF 仿真时?
我在 App.config 和 Web.config 中更改了 <issuerMetadata address... />
以在地址中包含端口。我仍然收到相同的异常消息,因此我尝试将 localhost 证书从 Personal
移动到 Trusted Root Certification Authorities
,但仍然出现相同的错误。
我已经从我的演示中添加了确切的 app.config 和 web.config。另外,我没有移动本地主机证书,我复制了它。
我想我会尝试别的。除了 App.config 中的 ws2007HttpBinding
块(因为我使用的是联合)之外,我的所有内容都相同,但它仍然给我错误。
ws2007HttpBinding 用于与 LocalSTS 通信。这很重要。创建 wcf 客户端时,它会自动调用 STS 以获取 SAML 令牌。然后它调用包含此令牌的 WCF 服务。尝试将我的配置与您的配置合并,看看它是否开始工作。但是,如果您想尝试另一个示例,我建议您查看at Thinktecture IdentityServer v2以上是关于如何解决此 WIF/WCF 异常?的主要内容,如果未能解决你的问题,请参考以下文章
如何解决此错误异常:Gradle 任务 assembleDebug 失败,退出代码为 1
如何解决此问题 [错误:flutter/lib/ui/ui_dart_state.cc(199)] 未处理的异常:NoSuchMethodError:getter 'phone' 被调用为 null。