以编程方式在asp.net应用程序上的microsoft.identityModel中配置federatedAuthentication元素

时间:2014-04-21 20:35:34

标签: c# asp.net asp.net-mvc wif

我正在尝试以编程方式生成microsoft.identityModel配置中包含的以下配置。 

<federatedAuthentication>
   <wsFederation passiveRedirectEnabled="false" requireHttps="true" issuer="https://IssuedByFoo.com" realm="http://Foo.com/" />
   <cookieHandler requireSsl="true" path="/" />
</federatedAuthentication>

到目前为止,我还没能成功配置它。我尝试在application_Start中设置以下内容,但在尝试联合

时收到错误消息

“ID5002:FederatedPassiveSignIn控件上的Issuer属性必须设置为可以处理WS-Federation被动协议消息的STS端点的地址。”

FederatedAuthentication.WSFederationAuthenticationModule.Realm = "http://Foo.com/";
FederatedAuthentication.WSFederationAuthenticationModule.Issuer = "https://IssuedByFoo.com";
FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = false;
FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Path = "/";

我很确定我没有正确配置FederatedAuthentication,我不确定在哪里正确配置它。我注意到的一件事是,当我在开始请求上设置断点,并检查FederatedAuthentication.WSFederationAuthenticationModule时,当web.config中没有值时,我看不到设置的属性

2 个答案:

答案 0 :(得分:8)

我总是从代码管理我的所有wif配置,只需使用rp和sts服务器名称的应用程序设置等。 这个设置应该适合你。顺便说一句 - 这是依赖方的设置(sts设置更简单。)

 protected void Application_Start()
    {

      FederatedAuthentication.FederationConfigurationCreated += FederatedAuthentication_FederationConfigurationCreated;

      }

       private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
    {
        //from appsettings...
        const string allowedAudience = "http://audience1/user/get";
        const string rpRealm = "http://audience1/";
        const string domain = "";
        const bool requireSsl = false;
        const string issuer = "http://sts/token/create;
        const string certThumbprint = "mythumbprint";
        const string authCookieName = "StsAuth";

        var federationConfiguration = new FederationConfiguration();
                                 federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

        var issuingAuthority = new IssuingAuthority(internalSts);
        issuingAuthority.Thumbprints.Add(certThumbprint);
        issuingAuthority.Issuers.Add(internalSts);
        var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};

        var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
        federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
        federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

        var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
        federationConfiguration.CookieHandler = chunkedCookieHandler;
        federationConfiguration.WsFederationConfiguration.Issuer = issuer;
        federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
        federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

        e.FederationConfiguration = federationConfiguration;

答案 1 :(得分:1)

我最终选择了这个

Is it possible to get ACS claims without editing web.config?

这似乎有效,我们已经使用了自定义模块,因此很容易实现

相关问题
最新问题