.Net App仅在用户访问根URL时重定向用户进行身份验证

时间:2012-07-13 14:41:03

标签: asp.net .net azure wif acs

我遇到了一个奇怪的问题。我有一个部署到Azure的.Net应用程序,它使用Azure ACS进行身份验证。当项目设置为Web应用程序时,我们主要提供静态.html和.js文件。问题是当用户直接访问我们的根URL时,用户被重定向到仅通过ACS进行身份验证。

例如,我通过Azure模拟器在本地设置了此项。如果用户转到127.0.0.1:81/,则会将其重定向到登录,但如果他们直接转到127.0.0.1:81/Index.html,则可以加载页面而不会重定向到ACS。 (尽管在页面加载到.svc服务期间后续的.js调用失败)

这是我的web.config文件:

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <configSections>
    <section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </configSections>
  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <httpRuntime requestValidationMode ="2.0"/>
    <authorization>
      <deny users="?" />
    </authorization>
    <authentication mode="None" />
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
  </system.web>
  <connectionStrings>
    <add name="ExperienceBrowserEntities" connectionString="metadata=res://*/ExperienceBrowser.csdl|res://*/ExperienceBrowser.ssdl|res://*/ExperienceBrowser.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=tmbwb1mnyn.database.windows.net;Initial Catalog=ExperienceBrowser;Persist Security Info=True;User ID=ExperienceBrowserUser;Password=XXXXXXXX;MultipleActiveResultSets=True;Application Name=EntityFramework&quot;" providerName="System.Data.EntityClient" />
  </connectionStrings>
  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
  </system.serviceModel>
  <appSettings>
    <add key="FederationMetadataLocation" value="https://appCentral.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml" />
  </appSettings>
  <system.webServer>
    <modules>
      <add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
      <add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
    </modules>
  </system.webServer>
  <microsoft.identityModel>
    <service>
      <audienceUris>
        <add value="http://127.0.0.1:81/" />
      </audienceUris>
      <federatedAuthentication>
        <wsFederation passiveRedirectEnabled="true" issuer="https://appCentral.accesscontrol.windows.net/v2/wsfederation" realm="http://127.0.0.1:81/" requireHttps="false" />
        <cookieHandler requireSsl="false" />
      </federatedAuthentication>
      <applicationService>
        <claimTypeRequired>
          <!--Following are the claims offered by STS 'https://appCentral.accesscontrol.windows.net/'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
          <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" optional="true" />
          <claimType type="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" optional="true" />
          <!--<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" optional="true" />-->
          <!--<claimType type="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider" optional="true" />-->
        </claimTypeRequired>
      </applicationService>
      <issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
        <trustedIssuers>
          <add thumbprint="D6DAB54F4A47E88FFF206E6796A3367DA6033B0C" name="https://appCentral.accesscontrol.windows.net/" />
        </trustedIssuers>
      </issuerNameRegistry>
      <certificateValidation certificateValidationMode="None" />
    </service>
  </microsoft.identityModel>
</configuration>

1 个答案:

答案 0 :(得分:0)

认为您需要在IIS中添加要由ASP.NET处理的扩展。这个答案不是基于Azure。我不得不使用常规的IIS和ASP.NET来做这件事。如果它在Azure中不起作用,请告诉我,我将删除答案。

“文件扩展名到ASP.NET的映射是在Internet Information Services(IIS)中完成的。默认情况下,.aspx页面由ASP.NET运行,.htm和.html页面不是。”

ASP.NET Web Page Syntax Overview