我正在尝试在MVC 4.0项目中主动查询ADFS。我们将拥有多个STS,并且无法理解我目前对“被动”身份验证配置的理解。
我能够从ADFS服务器获取令牌,但是当我尝试读取令牌时,我收到一条加密错误消息以及“数据无效”的内部异常
*关于ApplicationPool的建议不是我的问题。
EndpointAddress endpointAddress = new EndpointAddress(OtherStsAddress);
UserNameWSTrustBinding binding = new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential);
WSTrustChannelFactory factory = new WSTrustChannelFactory(binding, endpointAddress);
factory.Credentials.UserName.UserName = string.Concat(domain, "\\", username);
factory.Credentials.UserName.Password = password;
factory.TrustVersion = System.ServiceModel.Security.TrustVersion.WSTrust13;
WSTrustChannel channel = (WSTrustChannel)factory.CreateChannel();
RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue, KeyTypes.Symmetric);
rst.AppliesTo = new EndpointReference(YourStsAddress);
var genericToken = channel.Issue(rst) as GenericXmlSecurityToken;
var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers;
// blowing up here
var token = handlers.ReadToken(new XmlTextReader(new StringReader(genericToken.TokenXml.OuterXml)));
var identity = handlers.ValidateToken(token).First();
var sessionToken = new SessionSecurityToken(new ClaimsPrincipal(identity));
FederatedAuthentication.WSFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(sessionToken, true);
return token;
例外情况如下:
System.InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ---> System.Security.Cryptography.CryptographicException: The data is invalid.
at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)
--- End of inner exception stack trace ---
at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader)
at Compass.SupplyChain.UI.Controllers.Registration.RegistrationController.RequestSecurityToken(String domain, String username, String password)
即使您没有直接答案,任何方向都会受到赞赏。我甚至不确定接下来该做什么。在这一点上,谷歌搜索甚至没有返回有用的结果。或许我现在只是脑力不足。
答案 0 :(得分:0)
你可能采取了最大复杂性的路线:-)。你对“被动配置”有什么问题?它应该工作。
有很多MVC 4 / ADFS(或其他STS)的例子。
要查看的一些样本/资源: