Útmutató: Biztonságos munkamenetek letiltása WSFederationHttpBindingen
Egyes szolgáltatásokhoz összevont hitelesítő adatok szükségesek, de nem támogatják a biztonságos munkameneteket. Ebben az esetben le kell tiltania a biztonságos munkamenet funkciót. A szolgáltatással való kommunikáció során az WSHttpBindingWSFederationHttpBinding osztály nem biztosít módot a biztonságos munkamenetek letiltására. Ehelyett létre kell hoznia egy egyéni kötést, amely lecseréli a biztonságos munkamenet beállításait egy bootstrapre.
Ez a témakör bemutatja, hogyan módosíthatja a kötéselemeket egy WSFederationHttpBinding egyéni kötés létrehozásához. Az eredmény megegyezik azzal a WSFederationHttpBinding kivételel, hogy nem használ biztonságos munkameneteket.
Egyéni összevont kötés létrehozása biztonságos munkamenet nélkül
Hozzon létre egy példányt a WSFederationHttpBinding kódban, vagy töltsön be egyet a konfigurációs fájlból.
Klónozza a WSFederationHttpBindingCustomBinding.
Keresse meg a SecurityBindingElementCustomBinding.
Keresse meg a SecureConversationSecurityTokenParametersSecurityBindingElement.
Cserélje le az eredetit SecurityBindingElement a rendszerindító biztonsági kötés elemére a SecureConversationSecurityTokenParameters.
Példa
Az alábbi példa egy egyéni összevont kötést hoz létre biztonságos munkamenet nélkül.
using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
namespace Samples
{
public sealed class CustomBindingCreator
{
// This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
SecurityBindingElement security = outputBinding.Elements.Find<SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
// Return modified binding.
return outputBinding;
}
// It is a good practice to create a private constructor for a class that only
// defines static methods.
private CustomBindingCreator() { }
static void Main()
{
// Code not shown.
}
}
Imports System.Collections.Generic
Imports System.ServiceModel
Imports System.ServiceModel.Channels
Imports System.ServiceModel.Security.Tokens
Imports System.Security.Permissions
Public NotInheritable Class CustomBindingCreator
' This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
Public Shared Function CreateFederationBindingWithoutSecureSession(ByVal inputBinding As WSFederationHttpBinding) As CustomBinding
' This CustomBinding starts out identical to the specified WSFederationHttpBinding.
Dim outputBinding As New CustomBinding(inputBinding.CreateBindingElements())
' Find the SecurityBindingElement for message security.
Dim security As SecurityBindingElement = outputBinding.Elements.Find(Of SecurityBindingElement)()
' If the security mode is message, then the secure session settings are the protection token parameters.
Dim secureConversation As SecureConversationSecurityTokenParameters
If WSFederationHttpSecurityMode.Message = inputBinding.Security.Mode Then
Dim symmetricSecurity As SymmetricSecurityBindingElement = CType(security, SymmetricSecurityBindingElement)
secureConversation = CType(symmetricSecurity.ProtectionTokenParameters, SecureConversationSecurityTokenParameters)
' If the security mode is message, then the secure session settings are the endorsing token parameters.
ElseIf WSFederationHttpSecurityMode.TransportWithMessageCredential = inputBinding.Security.Mode Then
Dim transportSecurity As TransportSecurityBindingElement = CType(security, TransportSecurityBindingElement)
secureConversation = CType(transportSecurity.EndpointSupportingTokenParameters.Endorsing(0), SecureConversationSecurityTokenParameters)
Else
Throw New NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode))
End If
' Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
Dim securityIndex As Integer = outputBinding.Elements.IndexOf(security)
outputBinding.Elements(securityIndex) = secureConversation.BootstrapSecurityBindingElement
' Return modified binding.
Return outputBinding
End Function
' It is a good practice to create a private constructor for a class that only
' defines static methods.
Private Sub New()
End Sub
Shared Sub Main()
End Sub
End Class
A kód összeállítása
- A példakód fordításához hozzon létre egy projektet, amely a System.ServiceModel.dll szerelvényre hivatkozik.