我有一个MVC Web应用程序,已被配置为连接到ADFS以验证用户并获取安全令牌 . 然后,应用程序需要使用该安全令牌调用WCF服务 .

Web应用程序的配置是

<system.identityModel>
<identityConfiguration saveBootstrapContext="true">

  <claimsAuthenticationManager type="MvcApplication1.Security.ClaimsTransformer, MvcApplication1" />
  <claimsAuthorizationManager type="MvcApplication1.Security.AuthorisationManager, MvcApplication1" />

  <audienceUris>
    <add value="https://edd05rgard.hd.dev/adfsproto/web/" />
  </audienceUris>

  <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <trustedIssuers>
      <add thumbprint="49F27C0DD1044D73011894450727E3C3E55DA428" name="http://EDV05TESTADFS1.hdtest.hd.dev/adfs/services/trust" />
    </trustedIssuers>
  </issuerNameRegistry>

</identityConfiguration>
<federationConfiguration>
  <cookieHandler requireSsl="true" />

  <wsFederation passiveRedirectEnabled="true"
                issuer="https://edv05testadfs1.hdtest.hd.dev/adfs/ls/"
                realm="https://edd05rgard.hd.dev/adfsproto/web/"
                reply="https://edd05rgard.hd.dev/adfsproto/web/"
                requireHttps="true" />
</federationConfiguration>

这成功地从ADFS获取令牌,我可以按预期在应用程序内转换声明 .

然后我尝试使用提供的安全令牌调用WCF服务:

BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext;

        var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
        binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Message.IssuerAddress = new EndpointAddress("https://edv05testadfs1.hdtest.hd.dev/adfs/ls");

        var endpoint = new EndpointAddress("https://edd05rgard.hd.dev/adfsproto/service/ClaimsService.svc");

        var factory = new ChannelFactory<IClaimsService>(binding, endpoint);
        factory.Credentials.SupportInteractive = false;
        factory.Credentials.UseIdentityConfiguration = true;

        var context = (BootstrapContext)((ClaimsIdentity)Thread.CurrentPrincipal.Identity).BootstrapContext;
        var channel = factory.CreateChannelWithIssuedToken(context.SecurityToken, endpoint);

        var result = channel.GetClaimsWithDelegation();

执行此代码时,最后一行会导致异常:

处理消息中的安全性令牌时发生错误 . 描述:执行当前Web请求期间发生未处理的异常 . 请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息 . 异常详细信息:System.ServiceModel.FaultException:处理消息中的安全性令牌时发生错误 .

我是否以正确的方式呼叫该服务?如何调查安全令牌中的错误?