Procédure : désactiver des sessions sécurisées sur un WSFederationHttpBinding
Certains services peuvent requérir des informations d'identification fédérées mais ne prennent pas en charge les sessions sécurisées. Dans ce cas, vous devez désactiver la fonctionnalité de session sécurisée. Contrairement à WSHttpBinding, la classe WSFederationHttpBinding n'offre aucun moyen de désactiver les sessions sécurisées lors de la communication avec un service. À la place, vous devez créer une liaison personnalisée qui remplace les paramètres de session sécurisée par un démarrage.
Cette rubrique montre comment modifier les éléments de liaison contenus dans une WSFederationHttpBinding pour créer une liaison personnalisée. Le résultat est identique à WSFederationHttpBinding mais n'utilise pas de sessions sécurisées.
Pour créer une liaison fédérée personnalisée sans session sécurisée
Créez une instance de la classe WSFederationHttpBinding soit impérativement dans du code, soit en la chargeant à partir du fichier de configuration.
Clonez la WSFederationHttpBinding dans une CustomBinding.
Recherchez SecurityBindingElement dans CustomBinding.
Recherchez SecureConversationSecurityTokenParameters dans SecurityBindingElement.
Remplacez le SecurityBindingElement d’origine par l’élément de liaison de sécurité de démarrage des SecureConversationSecurityTokenParameters.
Exemple
L'exemple suivant permet de créer une liaison fédérée personnalisée sans session sécurisée.
using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
namespace Samples
{
public sealed class CustomBindingCreator
{
// This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
SecurityBindingElement security = outputBinding.Elements.Find<SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
// Return modified binding.
return outputBinding;
}
// It is a good practice to create a private constructor for a class that only
// defines static methods.
private CustomBindingCreator() { }
static void Main()
{
// Code not shown.
}
}
Imports System.Collections.Generic
Imports System.ServiceModel
Imports System.ServiceModel.Channels
Imports System.ServiceModel.Security.Tokens
Imports System.Security.Permissions
Public NotInheritable Class CustomBindingCreator
' This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
Public Shared Function CreateFederationBindingWithoutSecureSession(ByVal inputBinding As WSFederationHttpBinding) As CustomBinding
' This CustomBinding starts out identical to the specified WSFederationHttpBinding.
Dim outputBinding As New CustomBinding(inputBinding.CreateBindingElements())
' Find the SecurityBindingElement for message security.
Dim security As SecurityBindingElement = outputBinding.Elements.Find(Of SecurityBindingElement)()
' If the security mode is message, then the secure session settings are the protection token parameters.
Dim secureConversation As SecureConversationSecurityTokenParameters
If WSFederationHttpSecurityMode.Message = inputBinding.Security.Mode Then
Dim symmetricSecurity As SymmetricSecurityBindingElement = CType(security, SymmetricSecurityBindingElement)
secureConversation = CType(symmetricSecurity.ProtectionTokenParameters, SecureConversationSecurityTokenParameters)
' If the security mode is message, then the secure session settings are the endorsing token parameters.
ElseIf WSFederationHttpSecurityMode.TransportWithMessageCredential = inputBinding.Security.Mode Then
Dim transportSecurity As TransportSecurityBindingElement = CType(security, TransportSecurityBindingElement)
secureConversation = CType(transportSecurity.EndpointSupportingTokenParameters.Endorsing(0), SecureConversationSecurityTokenParameters)
Else
Throw New NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode))
End If
' Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
Dim securityIndex As Integer = outputBinding.Elements.IndexOf(security)
outputBinding.Elements(securityIndex) = secureConversation.BootstrapSecurityBindingElement
' Return modified binding.
Return outputBinding
End Function
' It is a good practice to create a private constructor for a class that only
' defines static methods.
Private Sub New()
End Sub
Shared Sub Main()
End Sub
End Class
Compilation du code
- Pour compiler l'exemple de code, créez un projet qui référence l'assembly System.ServiceModel.dll.