В этой теме рассматривается ведение трассировки в Windows® Identity Foundation (WIF). Она похожа на трассировку в Служба WCF (Windows Communication Foundation). Дополнительные сведения о трассировке в WCF см. в разделе Инструкции: включение трассировки.

Включение трассировки

Самым простым способом является включение трассировки в файле app.config или web.config приложения. Следующая конфигурация включает трассировки WIF, которые записываются в файл C:\logs\WIF.xml. Обратите внимание, что папка, в которой сохраняется файл журнала, должна уже существовать. Трассировки WIF можно просмотреть с помощью программы svctraceviewer.exe, которая находится в каталоге \Program Files\Microsoft SDKs\Windows\v6.0A\bin на диске установки Visual Studio.

  Копировать код
<system.diagnostics>

  <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </listeners> </source> </sources>

  <trace autoflush="true" />

</system.diagnostics>

Следующая конфигурация включает трассировки WCF и WIF, которые записываются в файлы C:\logs\WCF.xml и C:\logs\WIF.xml. Обратите внимание, что источники трассировки различаются с помощью атрибута name в элементе source.

  Копировать код
<system.diagnostics>

  <sources>

	<source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="wif" /> </listeners> </source>

	<source name="System.ServiceModel.MessageLogging" logKnownPii="false" switchValue="Verbose"> <listeners> <add name="wcf" /> </listeners> </source>

  </sources>

  <sharedListeners> <add name="wcf" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WCF.xml" /> <add name="wif" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </sharedListeners>

  <trace autoflush="true" />

</system.diagnostics>
БезопасностьПримечание.
Трассировка WIF не пытается отфильтровывать персональные данные. Поэтому трассировки WIF следует сохранять в безопасном расположении.

Трассировки

В данной теме рассматриваются следующие трассировки.

В следующих таблицах показано, какие трассировки удобно использовать в различных сценариях.

Для разработчиков служб STS

Выпуск маркера Сценарий Трассировка

WS-Federation

Сбой выпуска маркера

HashTrace

Предупреждение. Сообщение WS-Federation не обработано

HashTrace

Успех

Token

Получение запроса маркера безопасности

Token

Тело POST (включая wresult)

PassiveMessage, WsFedMessage

HashTraceRecord

HashTrace

WS-Trust

Запрос ActAs в запросе маркера безопасности

HashTrace

Ответ на запрос маркера безопасности/Запрос маркера безопасности (трассировки WCF)

HashTrace

Для разработчиков приложений проверяющей стороны

Проверка маркера Сценарий Трассировка

WS-Federation

Сбой (URI аудитории, проверка сертификата)

HashTrace, Reference

Предупреждение. Сообщение WS-Federation не обработано

HashTrace, Reference

Успех

Token

ClaimsPrincipal

ClaimsPrincipal

Тело POST (ответ FedPassive)

PassiveMessage, WsFedMessage

Cookie (имя)

ChunkedCookie

Другое

Авторизации

ClaimsPrincipal

Исключения

Exception

ChunkedCookieHandler

Трассировка ChunkedCookieHandler содержит сведения о cookie-файле: имя, размер, путь к файлу, домен, срок истечения действия, безопасность канала и предпринятое для него действие (чтение, запись или удаление).

В следующей трассировке сохраняются данные о записываемых cookie-файлах.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.3655884Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>ChunkedCookieHandler: Writing Name=FedAuth Path=/ Domain= Expires=Session Secure=True HttpOnly=True</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

В следующей трассировке сохраняются данные о считываемых cookie-файлах.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.3812141Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5b00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>ChunkedCookieHandler: Reading Name=FedAuth</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

ClaimsPrincipal

Трассировка ClaimsPrincipal содержит сведения о созданном участнике: имя и все содержащиеся в нем удостоверения утверждений. Каждое удостоверение утверждений имеет имя, NameClaimType, RoleClaimType, Label, Actor (может быть пусто) и набор утверждений.

Ниже приводится пример трассировки ClaimsPrincipal.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-28T00:37:18.9548714Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="4380" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

		<Description>Setting an IClaimsPrincipal on the current EvaluationContext</Description>

		<AppDomain>ActiveStsExample.vshost.exe</AppDomain>

		<ClaimsPrincipalTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/ClaimsPrincipalTraceRecord"> <ClaimsPrincipal Identity.Name="MyDomain\MyUserName"> <ClaimsIdentity Name="MyDomain\MyUserName" NameClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" RoleClaimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Label="">

				<Claim Value="MyDomain\MyUserName" Type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

				<Claim Value="http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509" Type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>

			</ClaimsIdentity> </ClaimsPrincipal> </ClaimsPrincipalTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

DeflateCookie

Трассировка DeflateCookie содержит сведения о сжатии cookie-файла: исходный размер и сжатый размер.

Ниже приводится пример трассировки DeflateCookie.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-27T16:06:43.0843258Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" /> <Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem>DeflateCookieTransform: BeforeDeflate=5224 AfterDeflate=2596</DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

HashTrace

Трассировка HashTrace содержит сведения о подписях и подписывании XML: байтов в шестнадцатеричном виде, байтов в строковом виде (при записи включаются PreCanonicalBytes), длина и значение.

Ниже приводится пример трассировки HashTrace.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-08-28T01:04:35.4997605Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">

		<Description>Microsoft.IdentityModel Diagnostic Trace</Description>

		<AppDomain>ActiveStsExample.vshost.exe</AppDomain>

		<HashTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/HashTraceRecord">

			<PreCanonicalBytes> <Length>3240</Length> <HexBytes>EFBBBF3C417…</HexBytes> <Encoding.UTF8>&lt;Assertion ID="_0457ef59-6994-40ee-a733-b9a1210bead3" IssueInstant="2009-08-28T01:04:27.590Z" Version="2.0" /AttributeStatement&gt;</Encoding.UTF8> </PreCanonicalBytes>

			<CanonicalBytes> <Length>3241</Length> <HexBytes>3C417373657274696F6E20</HexBytes> <Encoding.UTF8>&lt;Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0457ef59-6994-40ee-a733-b9a1210bead3" …/Assertion&gt;</Encoding.UTF8> </CanonicalBytes>

			<Hash> <Length>44</Length> <Value>pBEYEHY7srohYL4L0lHWgIhxDw8YCaPyUb99OUI/OZA=</Value> </Hash>

		</HashTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

PassiveMessage

Трассировка PassiveMessage содержит сведения о пассивном сообщении или сообщении входа служба STS, которое было получено на пассивном веб-сайте: пары имя/значение из HTTP-запроса.

Ниже приводится пример трассировки PassiveMessage.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information"> <Description>HttpRequest.Form in SignInWithResponseMessage.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <PassiveMessageTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/PassiveMessageTraceRecord"> <Request> <wa>wsignin1.0</wa> <wresult> <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=localhost</X509IssuerName> <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> </wresult> <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx> </Request> </PassiveMessageTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Reference

Трассировка Reference содержит сведения о ссылках в SignedInfo: идентификатор ссылки (URI), логическое значение, означающее равенство, вычисленный дайджест и дайджест ссылки.

Ниже приводится пример трассировки Reference.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose"> <Description>Computing and checking digest of reference.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <ReferenceTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/ReferenceTraceRecord"> <Reference>#_a4e312b7-af54-4623-9c36-9d1da05b16de</Reference> <Equal>True</Equal> <ComputedDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ComputedDigestBase64> <ReferenceDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ReferenceDigestBase64> </ReferenceTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Token

Трассировка Token содержит сведения о маркере. В настоящий момент при чтении ведется трассировка только маркеров SessionTokens, Saml11 и Saml2. Эта трассировка содержит разные сведения для каждого типа маркеров.

Ниже приводится пример трассировки Token.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Verbose">0</SubType> <Level>16</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose"> <Description>Validating SecurityToken.</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <TokenTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/TokenTraceRecord"> <SecurityToken Type="System.IdentityModel.Tokens.SamlSecurityToken"> <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_a4e312b7-af54-4623-9c36-9d1da05b16de" Issuer="PassiveSigninSTS" IssueInstant="2009-11-04T01:36:22.156Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> <saml:Conditions NotBefore="2009-11-04T01:36:22.156Z" NotOnOrAfter="2009-11-04T02:36:22.156Z"> <saml:AudienceRestrictionCondition> <saml:Audience>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</saml:Audience> </saml:AudienceRestrictionCondition> </saml:Conditions> <saml:AttributeStatement> <saml:Subject> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"> <saml:AttributeValue>MyName</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="myID" AttributeNamespace="http://WindowsIdentityFoundationSamples"> <saml:AttributeValue>myemail@contoso.com</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="AgeClaim" AttributeNamespace="http://WindowsIdentityFoundationSamples/2008/05"> <saml:AttributeValue a:type="tn:integer" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" xmlns:tn="http://www.w3.org/2001/XMLSchema">50</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod> <ds:Reference URI="#_a4e312b7-af54-4623-9c36-9d1da05b16de"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod> <ds:DigestValue>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>NtLi5N5V/fOqTLxJZLMjODgPoAPxMllaPN1xsboU712EDk6TZ5RrdZjvjprKFEYKHCKG1bg779VXoXGYZImi0enBoyL0kXYtdfEtHTmYBwpXyib1bbhP0IuFAVQ7JCkhFDmODWA6nDLYBtlz2FQwEVqGnNM5OCDZZ6ItLvq7rnI=</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIB7jCCAVugAwIBAgIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wMDAxMDEwODAwMDBaFw0zNjAxMDEwODAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtINoa5bYMLtbJoewBFrajwnQu3K8lahVL3EokQLuXZNA59DFzf1KJTjeAa+otkydNZygMqYj6odA/PHS1v36Kt+9KU88jj+HmxCY3zlzLLLAeLphMNboV69qrv8Xhjl9Av8p3+YEQWecN+z2NT4jN/b93zHuum0UOHxgpzeuBF0CAwEAAaNJMEcwRQYDVR0BBD4wPIAQ7LJlFrGxniplf/NwIOqPJ6EWMBQxEjAQBgNVBAMTCWxvY2FsaG9zdIIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAA4GBAB+WKIcbd7DhDmThLxlH5M2YoGNKnwx4YqPKz5J7MaM+G5D1YGG9PQfQtxLi7E6G+slSIJ73Vhhf7odZ9VE7znnh2qLISe0THnWg8NUqm9eSLpUEixzoxQQsqZf24z0qtzVlsrjJNc4EnY2F71vUc0+1FlTZvZU0CVVNX349wiUc</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> </saml:Assertion> </SecurityToken> </TokenTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

WsFedMessage

Трассировка WsFedMessage содержит сведения из сообщений WSFederationMessges: CanReadSignInResponse, GetReturnUrlFromResponse, CreateSignInResponse и GetSignInResponse.

Ниже приводится пример трассировки WsFedMessage.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>1</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" /> <Channel /> <Computer>MyComputer</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information"> <Description>GetSignInResponseMessage</Description> <AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain> <WSFederationMessageTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/WSFederationMessageTraceRecord"> <WSFederationMessage> <BaseUri>https://localhost/PassiveRedirectBasedClaimsAwareWebApp/Default.aspx</BaseUri> <wa>wsignin1.0</wa> <wresult> <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512"> <trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx"> <trust:Lifetime> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created> <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires> </trust:Lifetime> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address> </EndpointReference> </wsp:AppliesTo> <trust:RequestedSecurityToken> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> </e:EncryptionMethod> <KeyInfo> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <X509Data> <X509IssuerSerial> <X509IssuerName>CN=localhost</X509IssuerName> <X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber> </X509IssuerSerial> </X509Data> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue> </e:CipherData> </e:EncryptedKey> </KeyInfo> <xenc:CipherData> <xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </trust:RequestedSecurityToken> <trust:RequestedAttachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedAttachedReference> <trust:RequestedUnattachedReference> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier> </o:SecurityTokenReference> </trust:RequestedUnattachedReference> <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType> <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType> <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType> </trust:RequestSecurityTokenResponse> </trust:RequestSecurityTokenResponseCollection> </wresult> <wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx> </WSFederationMessage> </WSFederationMessageTraceRecord> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>

Exceptions

Исключения WIF представляют собой трассировки с полным стеком. Ниже приводится пример трассировки Exception.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>8</EventID> <Type>3</Type> <SubType Name="Error">0</SubType> <Level>2</Level> <TimeCreated SystemTime="2009-08-28T01:04:27.2624325Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Error">

		<Description>Handled exception.</Description>

		<AppDomain>ActiveStsExample.vshost.exe</AppDomain>

		<Exception>

			<ExceptionType>System.Security.AccessControl.PrivilegeNotHeldException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>

			<Message>The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</Message>

			<StackTrace> at Microsoft.IdentityModel.Privilege.EnableTokenPrivilege(SafeCloseHandle threadToken) at Microsoft.IdentityModel.Privilege.Enable() at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.KerberosCertificateLogon(X509Certificate2 certificate) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CertificateLogon(X509Certificate2 x509Certificate) at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CreateFromCertificate(X509Certificate2 certificate, Boolean useWindowsTokenService) at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token) at Microsoft.IdentityModel.Tokens.WrappedX509SecurityTokenAuthenticator.ValidateTokenCore(SecurityToken token) at System.IdentityModel.Selectors.SecurityTokenAuthenticator.ValidateToken(SecurityToken token) at System.ServiceModel.Security.TlsnegoTokenAuthenticator.ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation) at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego) at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request) at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp;amp; outputs) at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp;amp; rpc) at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet) at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext) at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result) at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result) at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously) at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item) at System.ServiceModel.Channels.InputQueue`1.Dispatch() at System.ServiceModel.Channels.InputQueue`1.OnDispatchCallback(Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2() at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke() at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks() at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state) at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP) </StackTrace>

			<ExceptionString>System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</ExceptionString>

		</Exception> </TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

AppDomain Unloading

Трассировка AppDomain Unloading выполняется в WIF. Ниже приводится пример трассировки AppDomain Unloading.

  Копировать код
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">

  <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>2</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2009-08-28T01:04:44.0647095Z" /> <Source Name="Microsoft.IdentityModel" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="2" /> <Channel/> <Computer>MyComputer</Computer> </System>

  <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">

		<Description>AppDomain unloading.</Description>

		<AppDomain>ActiveStsExample.vshost.exe</AppDomain>

		<AppDomain.FriendlyName>ActiveStsExample.vshost.exe</AppDomain.FriendlyName>

		<ProcessName>ActiveStsExample.vshost</ProcessName>

		<ProcessId>8908</ProcessId>

		</TraceRecord> </DataItem> </TraceData> </ApplicationData>

</E2ETraceEvent>

Трассировка и приложения проверяющей стороны

На следующей схеме показано соответствие трассировок и событий в конвейере приложения проверяющей стороны.

Трассировка проверяющей стороны