我目前正在开发一个WPF客户端,它从Windows Azure AppFabric ACS获取SWT令牌.有了这个令牌,我想使用RESTful WCF服务.
我使用this tutorial来获取SWT令牌,它完美无缺.在this MSDN tutorial的帮助下,我创建了RESTful WCF服务.
问题是令牌可能具有错误的格式,因为令牌验证器无法验证它(令牌验证器的IsHMACValid方法中的错误,swtWithSignatur.Length == 1).
与服务器联系的令牌示例:
{ “appliesTo”: “HTTP://本地主机:7100 /服务/ Default.aspx的”, “上下文”:NULL, “创建”:1326996221, “过期”:1326999821, “securityToken”:“&安培; LT; XML version =& quot; 1.0& quot; encoding =& quot; utf-16& quot;?>& lt; wsse:BinarySecurityToken wsu:Id =& quot; uuid:74ba5667-04ea-4074-9544 -aaafb570c648& quot; ValueType =& quot; http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0\u0026amp; quot; EncodingType =& quot; http:// docs. oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\u0026amp;quot; xmlns:wsu =& quot; http://docs.oasis-open.org/ wss / 2004/01 / oasis-200401-wss-wssecurity-utility-1.0.xsd& quot; xmlns:wsse =& quot; http://docs.oasis-open.org/wss/2004/01/oasis- 200401-WSS-的WSSecurity-secext-1.0.xsd&安培; QUOT;> aHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmZW1haWxhZGRyZXNzPXBhdHJpY2suZWNrZXIlNDBnbWFpbC5jb20maHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2 xhaW1zJTJmbmFtZT1QYXRyaWNrK0Vja2VyJmh0dHAlM2ElMmYlMmZzY2hlbWFzLnhtbHNvYXAub3JnJTJmd3MlMmYyMDA1JTJmMDUlMmZpZGVudGl0eSUyZmNsYWltcyUyZm5hbWVpZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2ZpZCUzZEFJdE9hd2xzM1doNlgwRFJ6d1BsdzU2a1R0WURmLVNNaDZxZFJtQSZodHRwJTNhJTJmJTJmc2NoZW1hcy5taWNyb3NvZnQuY29tJTJmYWNjZXNzY29udHJvbHNlcnZpY2UlMmYyMDEwJTJmMDclMmZjbGFpbXMlMmZpZGVudGl0eXByb3ZpZGVyPUdvb2dsZSZBdWRpZW5jZT1odHRwJTNhJTJmJTJmbG9jYWxob3N0JTNhNzEwMCUyZlNlcnZpY2UlMmZEZWZhdWx0LmFzcHgmRXhwaXJlc09uPTEzMjY5OTk4MjEmSXNzdWVyPWh0dHBzJTNhJTJmJTJmZmhiYXlhenVyZW5zLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQlMmYmSE1BQ1NIQTI1Nj1SUnN3OUJTSlc2ZFJ0MjJyNkNkcjZWZHpyJTJicTF6MHlhV0FMNVdlJTJiJTJmV3owJTNk&安培; LT; /的wsse:的BinarySecurityToken>”中, “tokenType”: “http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0”}
在Windows Azure管理门户中,我选择SWT作为我的依赖方应用程序的令牌格式.
根据第一个教程,SWT令牌的格式看起来不错,但令牌验证器不会接受它.
PS:如果有人正在尝试第二个教程(如何:使用ACS部署到Windows Azure的REST WCF服务进行身份验证):
我认为步骤3中的第11点存在错误,您必须修改web.config文件(系统/ webService部分不存在).配置应如下所示:
<?xml version="1.0"?>
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="SWTModule" type="SecurityModule.SWTModule, SecurityModule" />
</modules>
</system.webServer>
</configuration>
解决方法:
我发送到服务器的令牌格式错误.
上面的标记是json格式,包含一个’securityToken’,它是xml编码的.使用HttpUtility.UrlDecode和XMLReader,可以检索base64字符串.上述令牌的base64字符串是:
aHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmZW1haWxhZGRyZXNzPXBhdHJpY2suZWNrZXIlNDBnbWFpbC5jb20maHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1QYXRyaWNrK0Vja2VyJmh0dHAlM2ElMmYlMmZzY2hlbWFzLnhtbHNvYXAub3JnJTJmd3MlMmYyMDA1JTJmMDUlMmZpZGVudGl0eSUyZmNsYWltcyUyZm5hbWVpZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2ZpZCUzZEFJdE9hd2xzM1doNlgwRFJ6d1BsdzU2a1R0WURmLVNNaDZxZFJtQSZodHRwJTNhJTJmJTJmc2NoZW1hcy5taWNyb3NvZnQuY29tJTJmYWNjZXNzY29udHJvbHNlcnZpY2UlMmYyMDEwJTJmMDclMmZjbGFpbXMlMmZpZGVudGl0eXByb3ZpZGVyPUdvb2dsZSZBdWRpZW5jZT1odHRwJTNhJTJmJTJmbG9jYWxob3N0JTNhNzEwMCUyZlNlcnZpY2UlMmZEZWZhdWx0LmFzcHgmRXhwaXJlc09uPTEzMjY5OTk4MjEmSXNzdWVyPWh0dHBzJTNhJTJmJTJmZmhiYXlhenVyZW5zLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQlMmYmSE1BQ1NIQTI1Nj1SUnN3OUJTSlc2ZFJ0MjJyNkNkcjZWZHpyJTJicTF6MHlhV0FMNVdlJTJiJTJmV3owJTNk
我解码了这个字符串并得到了我的ACS令牌.此ACS令牌现在有效,可以使用我的RESTful WCF服务.
服务器端的代码没有改变.这就是我在客户端获得的:
// parse the token from the json string,
var token = JsonNotifyRequestSecurityTokenResponse.FromJson(txtReceivedToken.Text);
// get the security token and decode it
string xmlString = HttpUtility.UrlDecode(token.SecurityTokenString);
// get the base64 string an
string string64 = "";
using (XmlReader xmlReader = XmlReader.Create(new StringReader(xmlString))) {
while (xmlReader.Read()) {
if (xmlReader.NodeType == XmlNodeType.Text) { // find the first text element, which should be the base64 string
string64 = xmlReader.Value;
break;
}
}
}
// decode it
string acsToken = base64Decode(string64);
// set the header
string headerValue = string.Format("WRAP access_token=\"{0}\"", acsToken);
client.Headers.Add("Authorization", headerValue);
Stream stream = client.OpenRead(@"http://127.0.0.1:81/Service1.svc/users");
StreamReader reader = new StreamReader(stream);
String response = reader.ReadToEnd();
base64Decode方法我从http://www.vbforums.com/showthread.php?t=287324偷走了’.
我从http://www.leastprivilege.com/获得的JsonNotifyRequestSecurityTokenResponse.FromJson部分,但我认为它可以使用任何可用的JSON解析器进行解析.
我不知道它是否是最佳解决方案,但它对我有用.