AZURE ACS - Windows Live ID:如何识别唯一身份用户

时间:2013-04-08 06:00:20

标签: asp.net-mvc-3 authentication azure windows-live-id accesscontrolservice

对于我的Web应用程序,我使用Azure ACS进行身份验证。我跟着这个   [1]:http://msdn.microsoft.com/en-us/library/hh127794.aspx来实现我的代码。我只对Windows Live用户进行身份验证。我发现ACS不提供用户信息,如用户名,电子邮件等。

private static bool GetUrlFromContext(FormCollection form)
    {
        WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), form);

        return (message != null ? message.Context : null);
    }

此代码验证了身份验证。但我需要一些唯一的标识符来跟踪用户。

我正在寻找一个唯一ID来保留跟踪用户。

WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), form); 

这会返回一个如下所示的响应

<t:RequestSecurityTokenResponse Context="http://localhost:64000/"><t:Lifetime><wsu:Created>2013-03-19T09:31:49.237Z</wsu:Created><wsu:Expires>2013-03-19T10:31:49.237Z</wsu:Expires></t:Lifetime><wsp:AppliesTo><EndpointReference><Address>http://localhost:64000/</Address></EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><Assertion ID="_ad47777b-18da-4142-8bb5-198a724ccb29" IssueInstant="2013-03-19T09:31:49.268Z" Version="2.0"><Issuer>https://logintest.accesscontrol.windows.net/</Issuer><ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_ad47777b-18da-4142-8bb5-198a724ccb29"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>//gh2d9XZF9P7X4mqy/VxGamRMlH1Gt6xTI8BvcBbQg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>D/g5pZoyvTDxBZ4pvy4Pj3+GmnG8EgxHkAEtHHqYkD3DVNrOkwkd5+Ubg2jJBaHlzEcY6N+oGl+XsNvuMIyttk+lgnaCLTggYdcFJMkcBA/zaKdDdfG78tyV8ZU64hySRO5gSvZMIUBWRdryBNHzXuoGF2AsJkQzSTp3pZoutUQQ1Va3UsgE45hfEIoNzCG8t476F/p/njq0XB0+1Fl/87SN/oyYt58l8zX16R8sRTfAvN9DDFPaROyXMfDbRVF+T/6YCgZdRPtCtR+nZEYH8ss6QmZpd21nrgOYF0ASdxxe6bmq0gAT6VBiMhpO4B0FUzO30AezaGld1oYzi+nTYA==</ds:SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDFDCCAfygAwIBAgIQJK0cd7iVIoRMyjnvkkDLDjANBgkqhkiG9w0BAQUFADAuMSwwKgYDVQQDEyNsb2dpbnRlc3QuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDAeFw0xMzAzMTMwOTUzMjZaFw0xNDAzMTMxNTUzMjZaMC4xLDAqBgNVBAMTI2xvZ2ludGVzdC5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtio2R5cC28rleova/v928PzvoXXlnvllbQWbYpcxIfz8SQ6//+v3jqA07Zb4er6jpu697fQyR/qLJA3Xm0gwI2wj5nvGbOTLMTEo5tMy0RGeIpErHTEHFHgkPkvhwwehg18Ew+9h5Elsm+SAHfb1J2Bb3txhZ/ka02qeNWc2JRJeubnjTvOBHGPv9p3oeV0Wk5osZyg0bUOpbBAJamqcaeu2mrBt8zuPkH2jjHiJ2CqUv0/3BWwpeYzVQs8/PrWMsPgThgzaU/6toQLMyZRiJj16BkXNfimd4QjSwJZElyg2wHWmpn+WG4l7C1w3832eeMEBuyYX9XA/cY0j5wN+nQIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFIaS77q7MmvRIMIJRaCB6h70Bf31MA0GCSqGSIb3DQEBBQUAA4IBAQAgxGatpwdOaenf5hwZXtIOcdDW74wEGiOrqD7N5dhVslG0a9R0J6IqaLtWCnx9bUWobsJl0qohLBrnTfZfeOnFmPlqTNL80KrikW/x+Ay5zXF9RYXnqZCx80Ty0WoQDtb7ogCmtMG7WwdoFBIiv5XOMzNcoLgcx/sWxemOIfswuKNCaWnBV7ai2cPv+kkVNj7XcMLxPKCG9/RoY1yq7LIKx5UWygJX68p7fhBkMY4uHxkaJwIhLgHXF4ozifjxKd/kWoYi01VSzB2ald3f1arog7Y0BujKHveLc6f0+eZWu/Og+/Cann9M0e2f9NzBNVVee37cyp7faSHDA7XUOAoB</X509Certificate></X509Data></KeyInfo></ds:Signature><Subject><NameID>xWTQfgjexVZ4sturSHZmdppGj/am1IweOYHgc139TrE=</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></Subject><Conditions NotBefore="2013-03-19T09:31:49.237Z" NotOnOrAfter="2013-03-19T10:31:49.237Z"><AudienceRestriction><Audience>http://localhost:64000/</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"><AttributeValue>uri:WindowsLiveID</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2013-03-19T07:36:40.000Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></t:RequestedSecurityToken><t:RequestedAttachedReference><SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_ad47777b-18da-4142-8bb5-198a724ccb29</KeyIdentifier></SecurityTokenReference></t:RequestedAttachedReference><t:RequestedUnattachedReference><SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_ad47777b-18da-4142-8bb5-198a724ccb29</KeyIdentifier></SecurityTokenReference></t:RequestedUnattachedReference><t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>

我认为在此回复中<NameID>xWTQfgjexVZ4sturSHZmdppGj/am1IweOYHgc139TrE=</NameID>包含唯一值。但它似乎与PC不同。

请建议我实现这一目标的方法。

提前致谢!

2 个答案:

答案 0 :(得分:0)

没有。没有办法。 然而,唯一性不是从PC到PC,而是从应用程序到应用程序。从ACS NameSpace到ACS命名空间。 您应该检查NameIdentifier Claim,我认为它已映射到此NameID,但我非常确定在同一个依赖方的同一ACS名称空间上使用相同的LiveID登录将始终为您提供相同的NameIdentifier声明。 查看this StackOverflow question我的答案,因为我深刻解释了它的唯一性。

答案 1 :(得分:0)

最好的方法是使用自定义SMS提供商声明。 或直接使用Live connect,您可以查看这个代码示例

将云聚集在一起:Azure + Bing地图

http://blogs.msdn.com/b/windows-azure-support/archive/2010/08/11/bring-the-clouds-together-azure-bing-maps.aspx