How to specify a certificate as the credentials fo

2020-02-15 02:15发布

I would have thought that one could basically switch the client credentials from this:

var clientCredentials = new ClientCredentials();
clientCredentials.UserName.UserName = "MyUserName"
clientCredentials.UserName.Password = "MyPassword"

to:

var clientCredentials = new ClientCredentials();
clientCredentials.ClientCertificate.Certificate = myX509Certificate;

and then create a wsTrustChannel to get a security token.

wsTrustChannelFactory.SetCredentials(clientCredentials);

var channel = _wsTrustChannelFactory.CreateChannel(new EndpointAddress(endpointAddress));

var token = channel.Issue(new RequestSecurityToken
{
    TokenType = tokenType,
    AppliesTo = new EndpointReference(realm),
    RequestType = RequestTypes.Issue,
    KeyType = KeyTypes.Bearer
}, out requestSecurityTokenResponse);

The username and password work fine, just using the certificate complains that there's no UserName specified. I was under the impression that the token issuer would look up the associated user from the certificate. Where am I going wrong here?

标签： federated-identity thinktecture-ident-server ws-trust

1条回答

Root（大扎）

2楼-- · 2020-02-15 02:52

EDIT - Double whoops! I was using a UserNameWSTrustBinding for the endpoint, when I should have obviously been using a CertificateWSTrustBinding. Making this change solved this issue.

EDIT - I thought I'd solved this as below, but it's still asking for a Username even on this endpoint. Any ideas?

Whoops! Worked this out about 5 minutes after I posted the above question. There's a different endpoint address for the certificate authentication:

https://servername/identityserver/issue/wstrust/mixed/certificate

instead of

https://servername/identityserver/issue/wstrust/mixed/username

0人赞添加讨论(0) 举报

How to specify a certificate as the credentials fo

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间