Skip to content
This repository has been archived by the owner on Nov 9, 2017. It is now read-only.

"Authorization for token issuance failed because the user is anonymous" when calling service from console client. #887

Open
ShubhraBakshi opened this issue Jan 5, 2017 · 0 comments
Open

"Authorization for token issuance failed because the user is anonymous" when calling service from console client. #887

ShubhraBakshi opened this issue Jan 5, 2017 · 0 comments

Comments

@ShubhraBakshi
Copy link

ShubhraBakshi commented Jan 5, 2017
edited
Loading

I'm trying to access the service from console client, which is protected by Identity Server2. Every time I'm getting the error: Authorization for token issuance failed because the user is anonymous from thinktectureIdentityServer trace log and not getting into the service.
From the browser I'm able to login into the service.
I'll paste my sample code here:

Service web config:

<system.serviceModel>

     <service behaviorConfiguration="WcfService1.Service1Behaviour" name="WcfService1.Service1">
    <endpoint address="" name="WCFServiceHttp" binding="ws2007FederationHttpBinding" bindingConfiguration="ws2007FederationHttpBinding" contract="WcfService1.IService1" />
  </service>
</services>

</system.serviceModel>

<system.identityModel>



  <!--The certificateValidationMode="None" setting is insecure and used only to ease running this sample application. This setting should not be used in production deployments.-->
  <certificateValidation certificateValidationMode="None" />
  <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    <trustedIssuers>
      <add thumbprint="FE1DBA8ED6715C7B5121368529B108870CE0CBFB" name="https://localhost/FedProvider/issue/hrd" />
    
    </trustedIssuers>
  </issuerNameRegistry>
</identityConfiguration>

</system.identityModel>
<system.identityModel.services>

  <wsFederation passiveRedirectEnabled="true" issuer="https://localhost/FedProvider/issue/wsfed"
                realm="https://localhost:44350/"  reply="http://localhost:44350/"
  requireHttps="false" />
  <cookieHandler requireSsl="false" />
</federationConfiguration>

</system.identityModel.services>
<microsoft.identityModel>


  </audienceUris>

  <applicationService>
    <claimTypeRequired>
      <!--Following are the claims offered by STS. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
      <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
      <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
      <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />

    </claimTypeRequired>
  </applicationService>
</service>

</microsoft.identityModel>

The Client:
namespace Client
{
class Program
{
static string _idsrvEndpoint = "https://localhost/FedProvider/issue/wstrust/mixed/username";
static string _realm = "https://localhost:44350/";

    static void Main(string[] args)
    {
        var token = RequestToken();
        CallService(token);
    }

    private static void CallService(SecurityToken token)
    {
        var serviceEndpoint = "https://" + "localhost:44350" + "/Service1.svc";
        
        var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
        binding.Security.Message.EstablishSecurityContext = false;
        binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
        
        var factory = new ChannelFactory<IService1>(binding,
        new EndpointAddress(serviceEndpoint));
        factory.Credentials.SupportInteractive = false;

        var channel = factory.CreateChannelWithIssuedToken(token);
        var claims = channel.TestService();

       // claims.ForEach(c => Console.WriteLine("{0}\n {1}\n\n", c.Type, c.Value));
    }

    private static SecurityToken RequestToken()
    {
        try
        {
            var binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);

            var credentials = new ClientCredentials();
            credentials.UserName.UserName = "test";
            credentials.UserName.Password = "test123";
            
            System.Net.ServicePointManager.ServerCertificateValidationCallback +=
            (se, cert, chain, sslerror) =>
            {
                return true;
            };

            return WSTrustClient.Issue(
                new EndpointAddress(_idsrvEndpoint),
                new EndpointAddress(_realm),
                binding,
                credentials);
        }
        catch (FaultException ex )
        {

        }
        catch(Exception)
        { }

        return null;
    }
}

Any help is grateful, as it has already taken my lot of time.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ShubhraBakshi