IdentityServer
"Authorization for token issuance failed because the user is anonymous" when calling service from console client.
I'm trying to access the service from console client, which is protected by Identity Server2. Every time I'm getting the error: Authorization for token issuance failed because the user is anonymous from thinktectureIdentityServer trace log and not getting into the service. From the browser I'm able to login into the service. I'll paste my sample code here:
Service web config:
<system.serviceModel>
<service behaviorConfiguration="WcfService1.Service1Behaviour" name="WcfService1.Service1">
<endpoint address="" name="WCFServiceHttp" binding="ws2007FederationHttpBinding" bindingConfiguration="ws2007FederationHttpBinding" contract="WcfService1.IService1" />
</service>
</services>
</system.serviceModel>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<!--The certificateValidationMode="None" setting is insecure and used only to ease running this sample application. This setting should not be used in production deployments.-->
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="FE1DBA8ED6715C7B5121368529B108870CE0CBFB" name="https://localhost/FedProvider/issue/hrd" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel> <system.identityModel.services> <federationConfiguration>
<wsFederation passiveRedirectEnabled="true" issuer="https://localhost/FedProvider/issue/wsfed"
realm="https://localhost:44350/" reply="http://localhost:44350/"
requireHttps="false" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
</system.identityModel.services>
<microsoft.identityModel>
</audienceUris>
<applicationService>
<claimTypeRequired>
<!--Following are the claims offered by STS. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
<claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
</claimTypeRequired>
</applicationService>
</service>
</microsoft.identityModel>
The Client: namespace Client { class Program { static string _idsrvEndpoint = "https://localhost/FedProvider/issue/wstrust/mixed/username"; static string _realm = "https://localhost:44350/";
static void Main(string[] args)
{
var token = RequestToken();
CallService(token);
}
private static void CallService(SecurityToken token)
{
var serviceEndpoint = "https://" + "localhost:44350" + "/Service1.svc";
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
var factory = new ChannelFactory<IService1>(binding,
new EndpointAddress(serviceEndpoint));
factory.Credentials.SupportInteractive = false;
var channel = factory.CreateChannelWithIssuedToken(token);
var claims = channel.TestService();
// claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value));
}
private static SecurityToken RequestToken()
{
try
{
var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
var credentials = new ClientCredentials();
credentials.UserName.UserName = "test";
credentials.UserName.Password = "test123";
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
return true;
};
return WSTrustClient.Issue(
new EndpointAddress(_idsrvEndpoint),
new EndpointAddress(_realm),
binding,
credentials);
}
catch (FaultException ex )
{
}
catch(Exception)
{ }
return null;
}
}
Any help is grateful, as it has already taken my lot of time.
