我在IP 192.168.0.200的内部网络中配置并运行ADFS控制台应用程序应该能够从外部网络对此ADFS实例进行身份验证 . 为了实现这一点,我已经配置了NAT规则如下:externaldomain.com:9443 - > 192.168.0.200:443
console app以这种方式调用ADFS:
string relyingPartyId = @"https://localhost:8099/";
string adfsEndpoint = @"https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed";
var binding2 = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential)
{
ClientCredentialType = HttpClientCredentialType.None
};
var trustChannelFactory2 = new WSTrustChannelFactory(binding2, new EndpointAddress(adfsEndpoint))
{
TrustVersion = TrustVersion.WSTrust13
};
var channelCredentials2 = trustChannelFactory2.Credentials;
channelCredentials2.UserName.UserName = @"user";
channelCredentials2.UserName.Password = @"password";
channelCredentials2.SupportInteractive = false;
var tokenClient2 = (WSTrustChannel)trustChannelFactory2.CreateChannel();
var rst2 = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Bearer)
{
AppliesTo = new EndpointReference(relyingPartyId),
ReplyTo = relyingPartyId,
TokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
};
SecurityToken token = tokenClient2.Issue(rst2);
ADFS崩溃,但例外情况是:“带有'https://externaldomain.com:9443/adfs/services/trust/13/usernamemixed ' cannot be processed at the receiver, due to an AddressFilter mismatch at the EndpointDispatcher. Check that the sender and receiver'的EndpointAddresses的消息同意 . ”
如果我在ADFS配置中关闭“usernamemixed” - 它回复正确 - 找不到 endpoints . 我假设问题在于adfs WCF endpoints 配置 . 有人可以建议如何处理它吗?
还有一点需要注意,测试Web应用程序(也在外部Web服务器上运行)可以对此adfs实例进行身份验证(使用adfs登录页面),而不会出现任何问题 .