简单 WCF - Cardspace

meetsenthilbtech

4.11/5 (10投票s)

2008年5月5日

CPOL

2分钟阅读

32847

470

在 Windows Communication Foundation (WCF) 应用程序中实现 Windows CardSpace

引言

步骤 1：在 MMC -> 控制台 -> 证书 -> 本地计算机 -> 受信任的根证书颁发机构中下载并安装 esBPFX.pfx X509 证书（参考：https://codeproject.org.cn/kb/wcf/senthil.aspx）
步骤 2：下载源代码

本文档描述了如何在 WCF 应用程序中实现 Windows Cardspace。此过程涉及的步骤非常简单，并且可以在配置文件中完成。

Using the Code

创建一个带有 service1.svc 的 WCF 服务应用程序，其中 IContract1 是一个接口（端点），任何类/服务都可以集成它。

FederationHTTPBinding

此绑定将描述客户端使用安全令牌进行身份验证。因此，使用 federationhttpbinding 可以与 Cardspace 集成。

//federationhttpbinding
//
<service name="Service1" behaviorConfiguration="Behav1">
    <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
    </endpoint>
</service>

身份

从客户端到服务器传递的信息/声明详细信息必须从 X509 证书存储中进行数字签名。此 X509 证书可以是自定义证书，也可以从 Verisign 证书存储中获取。对于自定义证书，请参阅本文档 https://codeproject.org.cn/kb/wcf/senthil.aspx，了解逐步创建 X509 证书的方法。获取 X509 证书后，在 WCF 配置文件中的 identity 块中提及详细信息，如下所示

// Identity 
//
<service name="Service1" behaviorConfiguration="Behav1">
    <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
     <identity>
          <certificateReference 
             findValue="TempCA" 
             storeLocation="LocalMachine" 
             storeName="Root" 
             x509FindType="FindBySubjectName" />
        </identity>
    </endpoint>
</service>

绑定

绑定配置必须基于在端点配置中定义的名称“binding1”进行描述

//wsfederationhttpbinding
//
<wsFederationHttpBinding> 
    <binding name="binding1">
       <security mode="Message">
       </security>
    </binding>
</wsFederationHttpBinding>

声明详细信息

需要描述令牌颁发者地址，并提及来自用户/客户端的所需声明。

//wsfederationhttpbinding
//
<wsFederationHttpBinding> 
    <binding name="binding1">
       <security mode="Message">
          <message>
              <issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
              <claimTypeRequirements>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
                 <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
              </claimTypeRequirements>
          </message>
       </security>
    </binding>
</wsFederationHttpBinding>

客户端配置文件

完成上述步骤后，使用 svcutil.exe <url>，客户端可以为特定的 WCF 服务创建代理类，其中包含在客户端配置文件中生成的带有声明详细信息的证书令牌。

声明检索

要检索客户端发送的声明详细信息，以下代码块将有所帮助。

For Each objClaimSet As IdentityModel.Claims.ClaimSet In ac.ClaimSets
    For Each objClaim As IdentityModel.Claims.Claim In objClaimSet
       If objClaim.ClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" Then
          //email address retrieval   
       End If
    End For
End For

与电子邮件地址类似，可以检索进一步的声明详细信息。

以下是各种声明详细信息的列表

Given Name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname 
Email Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Surname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Street Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
Locality = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
State/Province = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Postal Code = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
Country = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
Home Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
Other Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Mobile Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Date of Birth = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
Gender = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
PPID = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
Web site = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website

示例 Web.config

以下是供您参考的 WCF 配置文件示例

<system.serviceModel>
  <services>
     <service name="Service1" behaviorConfiguration="Behav1">
       <endpoint address="secure" contract="IContract1" binding="wsFederationHttpBinding" bindingConfiguration="binding1">
       <identity>
            <certificateReference 
             findValue="TempCA" 
             storeLocation="LocalMachine" 
             storeName="Root" 
             x509FindType="FindBySubjectName" />
          </identity>
       </endpoint>
       <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
     </service>
  </services>
  <behaviors>
     <serviceBehaviors>
         <behavior name="Behav1">
           <serviceDebug includeExceptionDetailInFaults="true"/>
           <serviceMetadata httpGetEnabled="true"/>
         </behaviour>
     </serviceBehaviors>
  </behaviors>
  <bindings>
     <wsFederationHttpBinding>
        <binding name="binding1">
           <security mode="Message">
              <message>
                <issuer address="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
                <claimTypeRequirements>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"/>
                   <add claimType ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"/>
                </claimTypeRequirements>
              </message>
           </security>
        </binding>
     <wsFederationHttpBinding/>
  <bindings/>
</system.serviceModel>

就这样了！如果任何用户/客户端访问任何 WCF 服务，Cardspace 将提示该特定用户。

关注点

WCF 中的技巧

历史

2008 年 5 月 5 日。首次发布