尝试从 mircosoft 获取示例应用程序(声明感知 Web 表单应用程序)https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/telligent.evolution。 Components.attachements/01/8598/00/00/03/64/54/88/SampApp%20and%20Rules.zip 在我们的 Web 服务器上运行。
我们的 adfs 服务器是 www.fedsvc3copa.beta.pa.gov 示例应用程序托管在应用程序中:https://costa.beta.pa.gov/ 我们的联邦元数据是 https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml
不幸的是,我相信我的网络配置中有一些不正确的东西,并且很难找到它。当我浏览到 https://costa.beta.pa.gov/ 我收到
WIF10201:找不到 securityToken 的有效密钥映射: “System.IdentityModel.Tokens.X509SecurityToken”和颁发者: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'。描述: 当前执行期间发生未处理的异常 网络请求。请查看堆栈跟踪以获取有关的更多信息 错误及其在代码中的起源。
异常详细信息: System.IdentityModel.Tokens.SecurityTokenValidationException: WIF10201:找不到 securityToken 的有效密钥映射: “System.IdentityModel.Tokens.X509SecurityToken”和颁发者: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'。
来源错误:
执行过程中产生了未处理的异常 当前的网络请求。有关原产地和地点的信息 可以使用下面的异常堆栈跟踪来识别异常。
堆栈跟踪:
[SecurityTokenValidationException:WIF10201:没有有效的键映射 找到 securityToken: “System.IdentityModel.Tokens.X509SecurityToken”和颁发者: 'http://www.fedsvc3copa.beta.pa.gov/adfs/services/trust'。]
System.IdentityModel.Tokens.SamlSecurityTokenHandler.ValidateToken(SecurityToken 令牌)+1461
System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken 令牌,布尔值 EnsureBearerToken,字符串端点Uri)+135
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase 请求)+666
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(对象 发送者,EventArgs 参数)+467
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +139 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep 步骤) +195 System.Web.HttpApplication.ExecuteStep(IExecutionStep) 步骤,布尔值&同步完成)+88版本信息:Microsoft .NET Framework 版本:4.0.30319; ASP.NET版本:4.7.3163.0
如果有人发现任何不正确的地方,我已在下面添加了我的网络配置。
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
<machineKey decryptionKey="5D497CFB20EB5927CB3FC44F65DBD3C6D6C366ACFCF20DC5" validationKey="80546F84BEDD8B38A995CCDD44E01C1794861685E605ECBFB5A231EAA7EAD9A99977312362EBDD2B9727F9357AF9A161F97AD49DD6E34E7CFC22D572BD4B90FD" />
</system.web>
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://www.fedsvc3copa.beta.pa.gov/federationmetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Issuer" value="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" />
<add key="ida:ProviderSelection" value="productionSTS" />
<add key="ida:EnforceIssuerValidation" value="false" />
</appSettings>
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://costa.beta.pa.gov/" />
</audienceUris>
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
<!--Commented by Identity and Access VS Package-->
<!--<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry"><authority name="http://sts.costa.beta.pa.gov/adfs/services/trust"><keys><add thumbprint="?I put my thumbprint here" /></keys><validIssuers><add name="sts.contoso.com" /></validIssuers></authority></issuerNameRegistry>-->
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust">
<keys>
<add thumbprint="I put my thumbrint here " />
</keys>
<validIssuers>
<add name="https://www.fedsvc3copa.beta.pa.gov/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true" issuer="https://www.fedsvc3copa.beta.pa.gov/adfs/ls/" realm="https://costa.beta.pa.gov/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
根据记忆,这是因为与该指纹匹配的证书不在证书存储 - 本地计算机中。