FederatedMessageSecurityOverHttp.ClaimTypeRequirements Propiedad

Definición

Espacio de nombres:: System.ServiceModel

Ensamblado:: System.ServiceModel.dll

Importante

Parte de la información hace referencia a la versión preliminar del producto, que puede haberse modificado sustancialmente antes de lanzar la versión definitiva. Microsoft no otorga ninguna garantía, explícita o implícita, con respecto a la información proporcionada aquí.

Obtiene una colección de las ClaimTypeRequirement instancias de este enlace.

public:
 property System::Collections::ObjectModel::Collection<System::ServiceModel::Security::Tokens::ClaimTypeRequirement ^> ^ ClaimTypeRequirements { System::Collections::ObjectModel::Collection<System::ServiceModel::Security::Tokens::ClaimTypeRequirement ^> ^ get(); };

public System.Collections.ObjectModel.Collection<System.ServiceModel.Security.Tokens.ClaimTypeRequirement> ClaimTypeRequirements { get; }

member this.ClaimTypeRequirements : System.Collections.ObjectModel.Collection<System.ServiceModel.Security.Tokens.ClaimTypeRequirement>

Public ReadOnly Property ClaimTypeRequirements As Collection(Of ClaimTypeRequirement)

Valor de propiedad

Collection<ClaimTypeRequirement>

Collection<T> de tipo ClaimTypeRequirement. El valor predeterminado es una colección vacía.

Ejemplos

En el código siguiente se muestra cómo acceder a esta propiedad desde el enlace y establecerla.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding
    CreateWSFederationHttpBinding(bool isClient)
{
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;

  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType =
      "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadOnly);
  X509Certificate2Collection certs = store.Certificates.Find(
      X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
  store.Close();

  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );

  // Set the IssuerAddress using the address of the STS and the previously created
  // EndpointIdentity.
  b.Security.Message.IssuerAddress =
      new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration.
  // The IssuerBinding is only used on federated clients.
  if (isClient)
  {
      b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
  }

  // Set the IssuerMetadataAddress using the metadata address of the STS and the
  // previously created EndpointIdentity. The IssuerMetadataAddress is only used
  // on federated services.
  else
  {
      b.Security.Message.IssuerMetadataAddress =
          new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
  }

  // Create a ClaimTypeRequirement.
  ClaimTypeRequirement ctr = new ClaimTypeRequirement
      ("http://example.org/claim/c1", false);

  // Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr);

' This method creates a WSFederationHttpBinding.
Public Shared Function CreateWSFederationHttpBinding(ByVal isClient As Boolean) As WSFederationHttpBinding
  ' Create an instance of the WSFederationHttpBinding.
  Dim b As New WSFederationHttpBinding()

  ' Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message

  ' Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15

  ' Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = True

  ' Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey

  ' Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"

  ' Extract the STS certificate from the certificate store.
  Dim store As New X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser)
  store.Open(OpenFlags.ReadOnly)
  Dim certs As X509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", False)
  store.Close()

  ' Create an EndpointIdentity from the STS certificate.
  Dim identity As EndpointIdentity = EndpointIdentity.CreateX509CertificateIdentity (certs(0))

  ' Set the IssuerAddress using the address of the STS and the previously created 
  ' EndpointIdentity.
  b.Security.Message.IssuerAddress = New EndpointAddress(New Uri("http://localhost:8000/sts/x509"), identity)

  ' Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
  ' The IssuerBinding is only used on federated clients.
  If isClient Then
      b.Security.Message.IssuerBinding = New WSHttpBinding("Issuer")

  ' Set the IssuerMetadataAddress using the metadata address of the STS and the
  ' previously created EndpointIdentity. The IssuerMetadataAddress is only used 
  ' on federated services.
  Else
      b.Security.Message.IssuerMetadataAddress = New EndpointAddress(New Uri("http://localhost:8001/sts/mex"), identity)
  End If

  ' Create a ClaimTypeRequirement.
  Dim ctr As New ClaimTypeRequirement("http://example.org/claim/c1", False)

  ' Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr)

Comentarios

El servicio usa la colección devuelta por esta propiedad para especificar las notificaciones obligatorias y opcionales que deben estar en el token emitido que el cliente usa para acceder al servicio. El servicio expone los tipos de notificación necesarios en los metadatos si la publicación de WSDL está habilitada, pero WCF no requiere que el token emitido contenga los tipos de notificación especificados. Los servicios que deseen aplicar los tipos de notificación necesarios están presentes deben usar la directiva de autorización.

En los clientes federados, esta colección contiene la lista de notificaciones obligatorias y opcionales que se envían al servicio de token de seguridad en la solicitud del cliente para un token emitido.

Se aplica a

Comentarios

¿Le ha resultado útil esta página?