다음을 통해 공유


방법: WSFederationHttpBinding에서 보안 세션을 사용하지 않도록 설정

일부 서비스에서 페더레이션 자격 증명을 필요로 하지만 보안 세션을 지원하지 않을 수도 있습니다. 이 경우 보안 세션 기능을 사용하지 않도록 설정해야 합니다. WsHttpBinding과 달리 WSFederationHttpBinding 클래스에서는 서비스와 통신할 때 보안 세션을 사용하지 않도록 설정할 수 없습니다. 대신 보안 세션 설정을 부트스트랩으로 대체하는 사용자 지정 바인딩을 만들어야 합니다.

이 항목에서는 WSFederationHttpBinding에 포함된 바인딩 요소를 수정하여 사용자 지정 바인딩을 만드는 방법을 보여 줍니다. 보안 세션을 사용하지 않는 점만 제외하고 결과는 WSFederationHttpBinding과 동일합니다.

보안 세션을 사용하지 않고 사용자 지정 페더레이션 바인딩을 만들려면

  1. 구성 파일에서 로드하거나 코드에서 명령적으로 WSFederationHttpBinding 클래스 인스턴스를 만듭니다.

  2. WSFederationHttpBindingCustomBinding으로 복제합니다.

  3. CustomBinding에서 SecurityBindingElement를 찾습니다.

  4. SecurityBindingElement에서 SecureConversationSecurityTokenParameters를 찾습니다.

  5. 원래 SecurityBindingElementSecureConversationSecurityTokenParameters의 부트스트랩 보안 바인딩 요소로 바꿉니다.

예제

다음 예제에서는 보안 세션을 사용하지 않고 사용자 지정 페더레이션 바인딩을 만듭니다.

Imports System
Imports System.Collections.Generic
Imports System.ServiceModel
Imports System.ServiceModel.Channels
Imports System.ServiceModel.Security.Tokens
Imports System.Security.Permissions


<Assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution:=True)> 



Public NotInheritable Class CustomBindingCreator

    ' This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
    Public Shared Function CreateFederationBindingWithoutSecureSession(ByVal inputBinding As WSFederationHttpBinding) As CustomBinding
        ' This CustomBinding starts out identical to the specified WSFederationHttpBinding.
        Dim outputBinding As New CustomBinding(inputBinding.CreateBindingElements())
        ' Find the SecurityBindingElement for message security.
        Dim security As SecurityBindingElement = outputBinding.Elements.Find(Of SecurityBindingElement)()
        ' If the security mode is message, then the secure session settings are the protection token parameters.
        Dim secureConversation As SecureConversationSecurityTokenParameters
        If WSFederationHttpSecurityMode.Message = inputBinding.Security.Mode Then
            Dim symmetricSecurity As SymmetricSecurityBindingElement = CType(security, SymmetricSecurityBindingElement)
            secureConversation = CType(symmetricSecurity.ProtectionTokenParameters, SecureConversationSecurityTokenParameters)
            ' If the security mode is message, then the secure session settings are the endorsing token parameters.
        ElseIf WSFederationHttpSecurityMode.TransportWithMessageCredential = inputBinding.Security.Mode Then
            Dim transportSecurity As TransportSecurityBindingElement = CType(security, TransportSecurityBindingElement)
            secureConversation = CType(transportSecurity.EndpointSupportingTokenParameters.Endorsing(0), SecureConversationSecurityTokenParameters)
        Else
            Throw New NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode))
        End If
        ' Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
        Dim securityIndex As Integer = outputBinding.Elements.IndexOf(security)
        outputBinding.Elements(securityIndex) = secureConversation.BootstrapSecurityBindingElement
        ' Return modified binding.
        Return outputBinding

    End Function

    ' It is a good practice to create a private constructor for a class that only 
    ' defines static methods.
    Private Sub New()

    End Sub 'New

    Shared Sub Main()

    End Sub 'Main
End Class 'CustomBindingCreator ' Code not shown.
using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
using System.Security.Permissions;
[assembly: SecurityPermission(
   SecurityAction.RequestMinimum, Execution = true)]
namespace Samples
{
    
    public sealed class CustomBindingCreator
    {
        // This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
        public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
        {
            // This CustomBinding starts out identical to the specified WSFederationHttpBinding.
            CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
            // Find the SecurityBindingElement for message security.
            SecurityBindingElement security = outputBinding.Elements.Find<SecurityBindingElement>();
            // If the security mode is message, then the secure session settings are the protection token parameters.
            SecureConversationSecurityTokenParameters secureConversation;
            if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
            {
                SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
                secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
            }
            // If the security mode is message, then the secure session settings are the endorsing token parameters.
            else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
            {
                TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
                secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
            }
            else
            {
                throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
            }
            // Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
            int securityIndex = outputBinding.Elements.IndexOf(security);
            outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
            // Return modified binding.
            return outputBinding;
        }
        // It is a good practice to create a private constructor for a class that only 
        // defines static methods.
        private CustomBindingCreator() { }
        static void Main() 
        { 
            // Code not shown.
        }

    }

코드 컴파일

  • 코드 예제를 컴파일하려면 System.ServiceModel.dll 어셈블리를 참조하는 프로젝트를 만듭니다.

참고 항목

개념

바인딩 및 보안