问题
I would have thought that one could basically switch the client credentials from this:
var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = "MyUserName"
clientCredentials.UserName.Password = "MyPassword"
to:
var clientCredentials = new ClientCredentials();
clientCredentials.ClientCertificate.Certificate = myX509Certificate;
and then create a wsTrustChannel to get a security token.
wsTrustChannelFactory.SetCredentials(clientCredentials);
var channel = _wsTrustChannelFactory.CreateChannel(new EndpointAddress(endpointAddress));
var token = channel.Issue(new RequestSecurityToken
{
TokenType = tokenType,
AppliesTo = new EndpointReference(realm),
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer
}, out requestSecurityTokenResponse);
The username and password work fine, just using the certificate complains that there's no UserName specified. I was under the impression that the token issuer would look up the associated user from the certificate. Where am I going wrong here?
回答1:
EDIT - Double whoops! I was using a UserNameWSTrustBinding for the endpoint, when I should have obviously been using a CertificateWSTrustBinding. Making this change solved this issue.
EDIT - I thought I'd solved this as below, but it's still asking for a Username even on this endpoint. Any ideas?
Whoops! Worked this out about 5 minutes after I posted the above question. There's a different endpoint address for the certificate authentication:
https://servername/identityserver/issue/wstrust/mixed/certificate
instead of
https://servername/identityserver/issue/wstrust/mixed/username
来源:https://stackoverflow.com/questions/22138715/how-to-specify-a-certificate-as-the-credentials-for-a-wstrustchannel-with-thinkt