c# – 验证SWT令牌REST WCF服务

我目前正在开发一个WPF客户端,它从Windows Azure AppFabric ACS获取SWT令牌.有了这个令牌,我想使用RESTful WCF服务.
我使用this tutorial来获取SWT令牌,它完美无缺.在this MSDN tutorial的帮助下,我创建了RESTful WCF服务.

问题是令牌可能具有错误的格式,因为令牌验证器无法验证它(令牌验证器的IsHMACValid方法中的错误,swtWithSignatur.Length == 1).

与服务器联系的令牌示例：

{ “appliesTo”： “HTTP：//本地主机：7100 /服务/ Default.aspx的”, “上下文”：NULL, “创建”：1326996221, “过期”：1326999821, “securityToken”：“&安培; LT; XML version =& quot; 1.0& quot; encoding =& quot; utf-16& quot;？>& lt; wsse：BinarySecurityToken wsu：Id =& quot; uuid：74ba5667-04ea-4074-9544 -aaafb570c648& quot; ValueType =& quot; http：//schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0\u0026amp; quot; EncodingType =& quot; http：// docs. oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\u0026amp;quot; xmlns：wsu =& quot; http：//docs.oasis-open.org/ wss / 2004/01 / oasis-200401-wss-wssecurity-utility-1.0.xsd& quot; xmlns：wsse =& quot; http：//docs.oasis-open.org/wss/2004/01/oasis- 200401-WSS-的WSSecurity-secext-1.0.xsd&安培; QUOT;&GT aHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmZW1haWxhZGRyZXNzPXBhdHJpY2suZWNrZXIlNDBnbWFpbC5jb20maHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2 xhaW1zJTJmbmFtZT1QYXRyaWNrK0Vja2VyJmh0dHAlM2ElMmYlMmZzY2hlbWFzLnhtbHNvYXAub3JnJTJmd3MlMmYyMDA1JTJmMDUlMmZpZGVudGl0eSUyZmNsYWltcyUyZm5hbWVpZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2ZpZCUzZEFJdE9hd2xzM1doNlgwRFJ6d1BsdzU2a1R0WURmLVNNaDZxZFJtQSZodHRwJTNhJTJmJTJmc2NoZW1hcy5taWNyb3NvZnQuY29tJTJmYWNjZXNzY29udHJvbHNlcnZpY2UlMmYyMDEwJTJmMDclMmZjbGFpbXMlMmZpZGVudGl0eXByb3ZpZGVyPUdvb2dsZSZBdWRpZW5jZT1odHRwJTNhJTJmJTJmbG9jYWxob3N0JTNhNzEwMCUyZlNlcnZpY2UlMmZEZWZhdWx0LmFzcHgmRXhwaXJlc09uPTEzMjY5OTk4MjEmSXNzdWVyPWh0dHBzJTNhJTJmJTJmZmhiYXlhenVyZW5zLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQlMmYmSE1BQ1NIQTI1Nj1SUnN3OUJTSlc2ZFJ0MjJyNkNkcjZWZHpyJTJicTF6MHlhV0FMNVdlJTJiJTJmV3owJTNk&安培; LT; /的wsse：的BinarySecurityToken>”中, “tokenType”： “http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0”}

在Windows Azure管理门户中,我选择SWT作为我的依赖方应用程序的令牌格式.
根据第一个教程,SWT令牌的格式看起来不错,但令牌验证器不会接受它.

PS：如果有人正在尝试第二个教程(如何：使用ACS部署到Windows Azure的REST WCF服务进行身份验证)：
我认为步骤3中的第11点存在错误,您必须修改web.config文件(系统/ webService部分不存在).配置应如下所示：

<?xml version="1.0"?>
<configuration>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="SWTModule" type="SecurityModule.SWTModule, SecurityModule" />
    </modules>
  </system.webServer>
</configuration>

解决方法:

我发送到服务器的令牌格式错误.
上面的标记是json格式,包含一个’securityToken’,它是xml编码的.使用HttpUtility.UrlDecode和XMLReader,可以检索base64字符串.上述令牌的base64字符串是：

aHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmZW1haWxhZGRyZXNzPXBhdHJpY2suZWNrZXIlNDBnbWFpbC5jb20maHR0cCUzYSUyZiUyZnNjaGVtYXMueG1sc29hcC5vcmclMmZ3cyUyZjIwMDUlMmYwNSUyZmlkZW50aXR5JTJmY2xhaW1zJTJmbmFtZT1QYXRyaWNrK0Vja2VyJmh0dHAlM2ElMmYlMmZzY2hlbWFzLnhtbHNvYXAub3JnJTJmd3MlMmYyMDA1JTJmMDUlMmZpZGVudGl0eSUyZmNsYWltcyUyZm5hbWVpZGVudGlmaWVyPWh0dHBzJTNhJTJmJTJmd3d3Lmdvb2dsZS5jb20lMmZhY2NvdW50cyUyZm84JTJmaWQlM2ZpZCUzZEFJdE9hd2xzM1doNlgwRFJ6d1BsdzU2a1R0WURmLVNNaDZxZFJtQSZodHRwJTNhJTJmJTJmc2NoZW1hcy5taWNyb3NvZnQuY29tJTJmYWNjZXNzY29udHJvbHNlcnZpY2UlMmYyMDEwJTJmMDclMmZjbGFpbXMlMmZpZGVudGl0eXByb3ZpZGVyPUdvb2dsZSZBdWRpZW5jZT1odHRwJTNhJTJmJTJmbG9jYWxob3N0JTNhNzEwMCUyZlNlcnZpY2UlMmZEZWZhdWx0LmFzcHgmRXhwaXJlc09uPTEzMjY5OTk4MjEmSXNzdWVyPWh0dHBzJTNhJTJmJTJmZmhiYXlhenVyZW5zLmFjY2Vzc2NvbnRyb2wud2luZG93cy5uZXQlMmYmSE1BQ1NIQTI1Nj1SUnN3OUJTSlc2ZFJ0MjJyNkNkcjZWZHpyJTJicTF6MHlhV0FMNVdlJTJiJTJmV3owJTNk

我解码了这个字符串并得到了我的ACS令牌.此ACS令牌现在有效,可以使用我的RESTful WCF服务.

服务器端的代码没有改变.这就是我在客户端获得的：

// parse the token from the json string, 
var token = JsonNotifyRequestSecurityTokenResponse.FromJson(txtReceivedToken.Text);
// get the security token and decode it
string xmlString = HttpUtility.UrlDecode(token.SecurityTokenString);
// get the base64 string an
string string64 = "";
using (XmlReader xmlReader = XmlReader.Create(new StringReader(xmlString))) {
  while (xmlReader.Read()) {
    if (xmlReader.NodeType == XmlNodeType.Text) { // find the first text element, which should be the base64 string
      string64 = xmlReader.Value;
      break;
    }
  }
}
// decode it
string acsToken = base64Decode(string64);

// set the header
string headerValue = string.Format("WRAP access_token=\"{0}\"", acsToken);
client.Headers.Add("Authorization", headerValue);
Stream stream = client.OpenRead(@"http://127.0.0.1:81/Service1.svc/users");

StreamReader reader = new StreamReader(stream);
String response = reader.ReadToEnd();

base64Decode方法我从http://www.vbforums.com/showthread.php?t=287324偷走了’.
我从http://www.leastprivilege.com/获得的JsonNotifyRequestSecurityTokenResponse.FromJson部分,但我认为它可以使用任何可用的JSON解析器进行解析.

我不知道它是否是最佳解决方案,但它对我有用.

标签：c,azure,acs
来源： https://codeday.me/bug/20190621/1251494.html