通过

如何:使用相同类型的多个安全令牌

  • 项目

  • 在 .NET Framework 3.0 中,客户端消息只包含一个任意给定类型的令牌。现在,客户端消息可以包含某种类型的多个令牌。本主题演示如何将同一类型的多个令牌包含在客户端消息中。

  • 请注意,不能以这种方式配置服务:一个服务只能包含一个支持令牌。

使用相同类型的多个安全令牌

  1. 创建要填充的空绑定元素集合。

    // Create an empty BindingElementCollection to populate, 
// then create a custom binding from it.
BindingElementCollection bec = new BindingElementCollection();

  2. 通过调用 CreateMutualCertificateBindingElement 创建 SecurityBindingElement

    SecurityBindingElement sbe = SecurityBindingElement.CreateMutualCertificateBindingElement();

  3. 创建一个 SupportingTokenParameters 集合。

    SupportingTokenParameters supportParams = new SupportingTokenParameters();

  4. 将 SAML 令牌添加到集合中。

    // Two supporting SAML tokens are being added.
supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress1, issuerBinding1));
supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress2, issuerBinding2));

  5. 将集合添加到 SecurityBindingElement 中。

    ((SymmetricSecurityBindingElement)sbe).OperationSupportingTokenParameters.Add("*", supportParams);

  6. 将绑定元素添加到绑定元素集合中。

    bec.Add(sbe);
bec.Add(new TextMessageEncodingBindingElement());
bec.Add(new HttpTransportBindingElement());

  7. 返回从绑定元素集合创建的新自定义绑定。

    // Create a CustomBinding and return it; otherwise, return null.
return new CustomBinding(bec);

示例

下面是前面的过程所描述的整个方法。

// This method creates a CustomBinding that includes two tokens of a given type.
public static Binding CreateCustomBinding(EndpointAddress issuerEndpointAddress1, Binding issuerBinding1, EndpointAddress issuerEndpointAddress2, Binding issuerBinding2)
{
    // Create an empty BindingElementCollection to populate, 
    // then create a custom binding from it.
    BindingElementCollection bec = new BindingElementCollection();

    SecurityBindingElement sbe = SecurityBindingElement.CreateMutualCertificateBindingElement();

    SupportingTokenParameters supportParams = new SupportingTokenParameters();
    
    // Two supporting SAML tokens are being added.
    supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress1, issuerBinding1));
    supportParams.SignedEndorsing.Add(new IssuedSecurityTokenParameters("samlTokenType", issuerEndpointAddress2, issuerBinding2));
    
    ((SymmetricSecurityBindingElement)sbe).OperationSupportingTokenParameters.Add("*", supportParams);
    
    bec.Add(sbe);
    bec.Add(new TextMessageEncodingBindingElement());
    bec.Add(new HttpTransportBindingElement());

    // Create a CustomBinding and return it; otherwise, return null.
    return new CustomBinding(bec);
}

另请参见

概念

安全体系结构