在asp.net应用程序中通过编程方式配置microsoft.identityModel中的联合认证元素

Question

在asp.net应用程序中通过编程方式配置microsoft.identityModel中的联合认证元素

c#asp.netasp.net-mvcwif

5

我正在尝试以编程方式生成包含在microsoft.identityModel配置中的以下配置。

<federatedAuthentication>
   <wsFederation passiveRedirectEnabled="false" requireHttps="true" issuer="https://IssuedByFoo.com" realm="http://Foo.com/" />
   <cookieHandler requireSsl="true" path="/" />
</federatedAuthentication>

到目前为止，我还没有成功配置它。我尝试在application_Start中设置以下内容，但是当我尝试联合时，会收到错误消息：

"ID5002：FederatedPassiveSignIn控件上的Issuer属性必须设置为可以处理WS-Federation被动协议消息的STS终结点的地址。"

FederatedAuthentication.WSFederationAuthenticationModule.Realm = "http://Foo.com/";
FederatedAuthentication.WSFederationAuthenticationModule.Issuer = "https://IssuedByFoo.com";
FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = false;
FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Path = "/";

我非常确定自己没有正确地配置联合身份验证（FederatedAuthentication），也不知道在哪里可以正确地进行配置。我发现的一个问题是，当我在开始请求时设置断点并检查FederatedAuthentication.WSFederationAuthenticationModule时，如果web.config中没有这些属性的值，那么就不会看到设置在它上面的属性。

- Aaron M

2个回答

2

我最终选择了这个。不编辑web.config文件，是否可以获取ACS声明？这似乎有效，并且我们已经在使用自定义模块，所以实现起来很容易。

- Aaron M

感谢您的跟进帖子。链接非常有帮助。 - EvilDr

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- jonho · Accepted Answer

我总是通过代码来管理我的wif配置，只在应用程序设置中使用rp和sts服务器名称等。这个设置应该适合你。顺便说一下 - 这是一个可信方的设置（sts设置更简单）。

 protected void Application_Start()
    {

      FederatedAuthentication.FederationConfigurationCreated += FederatedAuthentication_FederationConfigurationCreated;

      }

       private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
    {
        //from appsettings...
        const string allowedAudience = "http://audience1/user/get";
        const string rpRealm = "http://audience1/";
        const string domain = "";
        const bool requireSsl = false;
        const string issuer = "http://sts/token/create";
        const string certThumbprint = "mythumbprint";
        const string authCookieName = "StsAuth";

        var federationConfiguration = new FederationConfiguration();
                                 federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

        var issuingAuthority = new IssuingAuthority(internalSts);
        issuingAuthority.Thumbprints.Add(certThumbprint);
        issuingAuthority.Issuers.Add(internalSts);
        var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};

        var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
        federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
        federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

        var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
        federationConfiguration.CookieHandler = chunkedCookieHandler;
        federationConfiguration.WsFederationConfiguration.Issuer = issuer;
        federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
        federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

        e.FederationConfiguration = federationConfiguration;