Postupy: Zakázání zabezpečených relací u třídy WSFederationHttpBinding
Některé služby můžou vyžadovat federované přihlašovací údaje, ale nepodporují zabezpečené relace. V takovém případě je nutné zakázat funkci zabezpečené relace. WSHttpBindingNa rozdíl od třídy WSFederationHttpBinding neposkytuje způsob, jak zakázat zabezpečené relace při komunikaci se službou. Místo toho musíte vytvořit vlastní vazbu, která nahradí nastavení zabezpečené relace metodou bootstrap.
Toto téma ukazuje, jak upravit prvky vazby obsažené v rámci objektu WSFederationHttpBinding vytvořit vlastní vazbu. Výsledek je shodný s tím rozdílem WSFederationHttpBinding , že nepoužívá zabezpečené relace.
Vytvoření vlastní federované vazby bez zabezpečené relace
Vytvořte instanci WSFederationHttpBinding třídy buď imperativní v kódu, nebo načtením z konfiguračního souboru.
Naklonujte ho WSFederationHttpBinding do souboru CustomBinding.
Najděte v SecurityBindingElement okně CustomBinding.
Najděte v SecureConversationSecurityTokenParameters okně SecurityBindingElement.
Nahraďte originál SecurityBindingElement elementem vazby zabezpečení bootstrap z objektu SecureConversationSecurityTokenParameters.
Příklad
Následující příklad vytvoří vlastní federovanou vazbu bez zabezpečené relace.
using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
namespace Samples
{
public sealed class CustomBindingCreator
{
// This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
SecurityBindingElement security = outputBinding.Elements.Find<SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
// Return modified binding.
return outputBinding;
}
// It is a good practice to create a private constructor for a class that only
// defines static methods.
private CustomBindingCreator() { }
static void Main()
{
// Code not shown.
}
}
Imports System.Collections.Generic
Imports System.ServiceModel
Imports System.ServiceModel.Channels
Imports System.ServiceModel.Security.Tokens
Imports System.Security.Permissions
Public NotInheritable Class CustomBindingCreator
' This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
Public Shared Function CreateFederationBindingWithoutSecureSession(ByVal inputBinding As WSFederationHttpBinding) As CustomBinding
' This CustomBinding starts out identical to the specified WSFederationHttpBinding.
Dim outputBinding As New CustomBinding(inputBinding.CreateBindingElements())
' Find the SecurityBindingElement for message security.
Dim security As SecurityBindingElement = outputBinding.Elements.Find(Of SecurityBindingElement)()
' If the security mode is message, then the secure session settings are the protection token parameters.
Dim secureConversation As SecureConversationSecurityTokenParameters
If WSFederationHttpSecurityMode.Message = inputBinding.Security.Mode Then
Dim symmetricSecurity As SymmetricSecurityBindingElement = CType(security, SymmetricSecurityBindingElement)
secureConversation = CType(symmetricSecurity.ProtectionTokenParameters, SecureConversationSecurityTokenParameters)
' If the security mode is message, then the secure session settings are the endorsing token parameters.
ElseIf WSFederationHttpSecurityMode.TransportWithMessageCredential = inputBinding.Security.Mode Then
Dim transportSecurity As TransportSecurityBindingElement = CType(security, TransportSecurityBindingElement)
secureConversation = CType(transportSecurity.EndpointSupportingTokenParameters.Endorsing(0), SecureConversationSecurityTokenParameters)
Else
Throw New NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode))
End If
' Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
Dim securityIndex As Integer = outputBinding.Elements.IndexOf(security)
outputBinding.Elements(securityIndex) = secureConversation.BootstrapSecurityBindingElement
' Return modified binding.
Return outputBinding
End Function
' It is a good practice to create a private constructor for a class that only
' defines static methods.
Private Sub New()
End Sub
Shared Sub Main()
End Sub
End Class
Probíhá kompilace kódu
- Pokud chcete zkompilovat příklad kódu, vytvořte projekt, který odkazuje na sestavení System.ServiceModel.dll.