FederatedMessageSecurityOverHttp.ClaimTypeRequirements Özellik

Tanım

Ad Alanı:

System.ServiceModel

Bütünleştirilmiş Kod:

System.ServiceModel.dll

Bu bağlama için örneklerin ClaimTypeRequirement bir koleksiyonunu alır.

public:
 property System::Collections::ObjectModel::Collection<System::ServiceModel::Security::Tokens::ClaimTypeRequirement ^> ^ ClaimTypeRequirements { System::Collections::ObjectModel::Collection<System::ServiceModel::Security::Tokens::ClaimTypeRequirement ^> ^ get(); };

public System.Collections.ObjectModel.Collection<System.ServiceModel.Security.Tokens.ClaimTypeRequirement> ClaimTypeRequirements { get; }

member this.ClaimTypeRequirements : System.Collections.ObjectModel.Collection<System.ServiceModel.Security.Tokens.ClaimTypeRequirement>

Public ReadOnly Property ClaimTypeRequirements As Collection(Of ClaimTypeRequirement)

Özellik Değeri

Collection<ClaimTypeRequirement>

türünde Collection<T>ClaimTypeRequirementbir . Varsayılan değer boş bir topluluktur.

Örnekler

Aşağıdaki kod, bağlamadan bu özelliğe erişmeyi ve ayarlamayı gösterir.

// This method creates a WSFederationHttpBinding.
public static WSFederationHttpBinding
    CreateWSFederationHttpBinding(bool isClient)
{
  // Create an instance of the WSFederationHttpBinding.
  WSFederationHttpBinding b = new WSFederationHttpBinding();

  // Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message;

  // Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15;

  // Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = true;

  // Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey;

  // Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType =
      "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1";

  // Extract the STS certificate from the certificate store.
  X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser);
  store.Open(OpenFlags.ReadOnly);
  X509Certificate2Collection certs = store.Certificates.Find(
      X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", false);
  store.Close();

  // Create an EndpointIdentity from the STS certificate.
  EndpointIdentity identity = EndpointIdentity.CreateX509CertificateIdentity ( certs[0] );

  // Set the IssuerAddress using the address of the STS and the previously created
  // EndpointIdentity.
  b.Security.Message.IssuerAddress =
      new EndpointAddress(new Uri("http://localhost:8000/sts/x509"), identity);

  // Set the IssuerBinding to a WSHttpBinding loaded from configuration.
  // The IssuerBinding is only used on federated clients.
  if (isClient)
  {
      b.Security.Message.IssuerBinding = new WSHttpBinding("Issuer");
  }

  // Set the IssuerMetadataAddress using the metadata address of the STS and the
  // previously created EndpointIdentity. The IssuerMetadataAddress is only used
  // on federated services.
  else
  {
      b.Security.Message.IssuerMetadataAddress =
          new EndpointAddress(new Uri("http://localhost:8001/sts/mex"), identity);
  }

  // Create a ClaimTypeRequirement.
  ClaimTypeRequirement ctr = new ClaimTypeRequirement
      ("http://example.org/claim/c1", false);

  // Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr);

' This method creates a WSFederationHttpBinding.
Public Shared Function CreateWSFederationHttpBinding(ByVal isClient As Boolean) As WSFederationHttpBinding
  ' Create an instance of the WSFederationHttpBinding.
  Dim b As New WSFederationHttpBinding()

  ' Set the security mode to Message.
  b.Security.Mode = WSFederationHttpSecurityMode.Message

  ' Set the Algorithm Suite to Basic256Rsa15.
  b.Security.Message.AlgorithmSuite = SecurityAlgorithmSuite.Basic256Rsa15

  ' Set NegotiateServiceCredential to true.
  b.Security.Message.NegotiateServiceCredential = True

  ' Set IssuedKeyType to Symmetric.
  b.Security.Message.IssuedKeyType = SecurityKeyType.SymmetricKey

  ' Set IssuedTokenType to SAML 1.1
  b.Security.Message.IssuedTokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#samlv1.1"

  ' Extract the STS certificate from the certificate store.
  Dim store As New X509Store(StoreName.TrustedPeople, StoreLocation.CurrentUser)
  store.Open(OpenFlags.ReadOnly)
  Dim certs As X509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, "0000000000000000000000000000000000000000", False)
  store.Close()

  ' Create an EndpointIdentity from the STS certificate.
  Dim identity As EndpointIdentity = EndpointIdentity.CreateX509CertificateIdentity (certs(0))

  ' Set the IssuerAddress using the address of the STS and the previously created 
  ' EndpointIdentity.
  b.Security.Message.IssuerAddress = New EndpointAddress(New Uri("http://localhost:8000/sts/x509"), identity)

  ' Set the IssuerBinding to a WSHttpBinding loaded from configuration. 
  ' The IssuerBinding is only used on federated clients.
  If isClient Then
      b.Security.Message.IssuerBinding = New WSHttpBinding("Issuer")

  ' Set the IssuerMetadataAddress using the metadata address of the STS and the
  ' previously created EndpointIdentity. The IssuerMetadataAddress is only used 
  ' on federated services.
  Else
      b.Security.Message.IssuerMetadataAddress = New EndpointAddress(New Uri("http://localhost:8001/sts/mex"), identity)
  End If

  ' Create a ClaimTypeRequirement.
  Dim ctr As New ClaimTypeRequirement("http://example.org/claim/c1", False)

  ' Add the ClaimTypeRequirement to ClaimTypeRequirements
  b.Security.Message.ClaimTypeRequirements.Add(ctr)

Açıklamalar

Bu özellik tarafından döndürülen koleksiyon, hizmet tarafından istemcinin hizmete erişmek için kullandığı verilen belirteçte bulunması gereken gerekli ve isteğe bağlı talepleri belirtmek için kullanılır. WSDL yayımlama etkinleştirildiyse ancak WCF verilen belirtecin belirtilen talep türlerini içermesi gerekmiyorsa hizmet meta verilerde gerekli talep türlerini kullanıma sunar. Gerekli talep türlerini zorunlu kılmak isteyen hizmetlerin yetkilendirme ilkesi kullanılarak yapılması gerekir.

Federasyon istemcilerinde bu koleksiyon, istemcinin verilen belirteç isteğinde güvenlik belirteci hizmetine gönderilen gerekli ve isteğe bağlı taleplerin listesini içerir.