HOW TO:在 WSFederationHttpBinding 上停用安全工作階段
某些服務可能會要求聯合認證,但卻不支援安全工作階段。在此情況下,您必須停用安全工作階段功能。與 WsHttpBinding 不同的是,WSFederationHttpBinding 類別不會在您與服務進行通訊時,提供停用安全工作階段的方法。反之,您必須建立自訂繫結,以便使用啟動安裝程式繫結來取代安全工作階段。
此主題將示範如何修改 WSFederationHttpBinding 內所包含的繫結項目來建立自訂繫結。除了不使用安全工作階段之外,其餘結果會與 WSFederationHttpBinding 相同。
若要建立一個不包含安全工作階段的自訂聯合繫結
在程式碼中以命令方式建立 WSFederationHttpBinding 類別的執行個體,或是從組態檔中載入一個執行個體。
將 WSFederationHttpBinding 複製到 CustomBinding。
在 CustomBinding 中尋找 SecurityBindingElement。
在 SecurityBindingElement 中尋找 SecureConversationSecurityTokenParameters。
將原始的 SecurityBindingElement 取代為來自 SecureConversationSecurityTokenParameters 的啟動安裝安全性繫結項目。
範例
下列範例會建立了一個不包含安全工作階段的自訂聯合繫結。
Imports System
Imports System.Collections.Generic
Imports System.ServiceModel
Imports System.ServiceModel.Channels
Imports System.ServiceModel.Security.Tokens
Imports System.Security.Permissions
<Assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution:=True)>
Public NotInheritable Class CustomBindingCreator
' This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
Public Shared Function CreateFederationBindingWithoutSecureSession(ByVal inputBinding As WSFederationHttpBinding) As CustomBinding
' This CustomBinding starts out identical to the specified WSFederationHttpBinding.
Dim outputBinding As New CustomBinding(inputBinding.CreateBindingElements())
' Find the SecurityBindingElement for message security.
Dim security As SecurityBindingElement = outputBinding.Elements.Find(Of SecurityBindingElement)()
' If the security mode is message, then the secure session settings are the protection token parameters.
Dim secureConversation As SecureConversationSecurityTokenParameters
If WSFederationHttpSecurityMode.Message = inputBinding.Security.Mode Then
Dim symmetricSecurity As SymmetricSecurityBindingElement = CType(security, SymmetricSecurityBindingElement)
secureConversation = CType(symmetricSecurity.ProtectionTokenParameters, SecureConversationSecurityTokenParameters)
' If the security mode is message, then the secure session settings are the endorsing token parameters.
ElseIf WSFederationHttpSecurityMode.TransportWithMessageCredential = inputBinding.Security.Mode Then
Dim transportSecurity As TransportSecurityBindingElement = CType(security, TransportSecurityBindingElement)
secureConversation = CType(transportSecurity.EndpointSupportingTokenParameters.Endorsing(0), SecureConversationSecurityTokenParameters)
Else
Throw New NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode))
End If
' Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
Dim securityIndex As Integer = outputBinding.Elements.IndexOf(security)
outputBinding.Elements(securityIndex) = secureConversation.BootstrapSecurityBindingElement
' Return modified binding.
Return outputBinding
End Function
' It is a good practice to create a private constructor for a class that only
' defines static methods.
Private Sub New()
End Sub 'New
Shared Sub Main()
End Sub 'Main
End Class 'CustomBindingCreator ' Code not shown.
using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security.Tokens;
using System.Security.Permissions;
[assembly: SecurityPermission(
SecurityAction.RequestMinimum, Execution = true)]
namespace Samples
{
public sealed class CustomBindingCreator
{
// This method creates a CustomBinding based on a WSFederationHttpBinding which does not use secure conversation.
public static CustomBinding CreateFederationBindingWithoutSecureSession(WSFederationHttpBinding inputBinding)
{
// This CustomBinding starts out identical to the specified WSFederationHttpBinding.
CustomBinding outputBinding = new CustomBinding(inputBinding.CreateBindingElements());
// Find the SecurityBindingElement for message security.
SecurityBindingElement security = outputBinding.Elements.Find<SecurityBindingElement>();
// If the security mode is message, then the secure session settings are the protection token parameters.
SecureConversationSecurityTokenParameters secureConversation;
if (WSFederationHttpSecurityMode.Message == inputBinding.Security.Mode)
{
SymmetricSecurityBindingElement symmetricSecurity = security as SymmetricSecurityBindingElement;
secureConversation = symmetricSecurity.ProtectionTokenParameters as SecureConversationSecurityTokenParameters;
}
// If the security mode is message, then the secure session settings are the endorsing token parameters.
else if (WSFederationHttpSecurityMode.TransportWithMessageCredential == inputBinding.Security.Mode)
{
TransportSecurityBindingElement transportSecurity = security as TransportSecurityBindingElement;
secureConversation = transportSecurity.EndpointSupportingTokenParameters.Endorsing[0] as SecureConversationSecurityTokenParameters;
}
else
{
throw new NotSupportedException(String.Format("Unhandled security mode {0}.", inputBinding.Security.Mode));
}
// Replace the secure session SecurityBindingElement with the bootstrap SecurityBindingElement.
int securityIndex = outputBinding.Elements.IndexOf(security);
outputBinding.Elements[securityIndex] = secureConversation.BootstrapSecurityBindingElement;
// Return modified binding.
return outputBinding;
}
// It is a good practice to create a private constructor for a class that only
// defines static methods.
private CustomBindingCreator() { }
static void Main()
{
// Code not shown.
}
}
編譯程式碼
- 若要編譯此程式碼範例,請建立一個可參考 System.ServiceModel.dll 組件的專案。