SAML断言中的AudienceRestriction

时间:2009-08-28 19:38:19

标签: c# saml

有人可以指点我在条件节点中创建包含AudienceRestriction的SamlAssertion示例的方向吗?

下面是我的代码示例,我想把它放在:

//Create the SAML Assertion
SamlAssertion samlAssert = new SamlAssertion();
samlAssert.AssertionId = Convert.ToBase64String(encoding.GetBytes(System.Guid.NewGuid().ToString()));
samlAssert.Issuer = "http://www.example.com/";

// Set up the conditions of the assertion - Not Before and Not After
samlAssert.Conditions = new SamlConditions(DateTime.Now, DateTime.Now.AddMinutes(5));

所需的XML看起来像这样:

<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_e835eca079133299b2f8a2a63ad72fe8" IssueInstant="2007-02-07T20:22:58.165Z" Issuer="http://www.example.com/" MajorVersion="1" MinorVersion="1">
 <Conditions NotBefore="2007-02-07T20:22:58.162Z" NotOnOrAfter="2007-02-07T20:24:58.162Z">
  <AudienceRestrictionCondition>
   <Audience>http://www.example2.com</Audience> 
  </AudienceRestrictionCondition>
 </Conditions>

我看到有一个SamlConditions类的构造函数允许第三个参数,条件,并且有一个SamlAudienceRestriction类,但我似乎无法弄清楚如何连接这两个。我想如果我看到一些代码,那对我来说就会变得非常痛苦,但不幸的是,今天我的google-foo让我失望了。

1 个答案:

答案 0 :(得分:5)

我发誓我花了几个小时试图在发布之前弄清楚这个...但显然发布正是我需要看到的答案。以下是我为SAML创建受众限制的代码:

//Create the SAML Assertion
SamlAssertion samlAssert = new SamlAssertion();
samlAssert.AssertionId = Convert
    .ToBase64String(
    encoding.GetBytes(System.Guid.NewGuid().ToString()));
samlAssert.Issuer = "http://www.example.com/";

// Set up the conditions of the assertion - Not Before and Not After
Uri[] approvedAudiences = {new Uri("http://www.example2.com")};
List<SamlCondition> conditions = new List<SamlCondition>();
conditions.Add(new SamlAudienceRestrictionCondition(approvedAudiences));
samlAssert.Conditions = new SamlConditions(
    DateTime.Now, 
    DateTime.Now.AddMinutes(5), 
    conditions
    );

如果有人发现任何错误,或者知道更好/更有效的方式,请告诉我。