Question

我正在寻找有关将现有Web窗体asp.net应用程序转换为使用Windows Azure Active Directory身份验证（WAAD）的分步指南。

我们可以假设我们没有必要将用户转换/迁移到Azure AD。

仅供参考：我在使用VS2013连接到WAAD创建空白WebApplication时没有任何问题，但我不清楚为什么现有Webform / MVC混合应用程序需要进行更改。

由于

Answer 1

我使用http://www.cloudidentity.com/blog/2014/02/20/ws-federation-in-microsoft-owin-componentsa-quick-start/

概述的步骤创建了一个空白项目

从空白项目中移动/复制web.config部分

<configuration>
  <configSections>
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>
  <appSettings>
    <add key="ida:FederationMetadataLocation" value="https://login.windows.net/myorganizationdomain.com/FederationMetadata/2007-06/FederationMetadata.xml" />
    <add key="ida:Realm" value="https://mywebsite.com/myproject" />
    <add key="ida:AudienceUri" value="https://localhost:44318/" />
  </appSettings>
    <connectionStrings>
    <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-myproject.mdf;Initial Catalog=aspnet-myproject;Integrated Security=True" providerName="System.Data.SqlClient" />
  </connectionStrings>
    <system.web>
    <authentication mode="None" />
    <authorization>
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1" requestValidationMode="4.5" />
  </system.web>

<system.identityModel>
  <identityConfiguration>
    <issuerNameRegistry type="myproject.Utils.DatabaseIssuerNameRegistry, myProject" />
    <audienceUris>
      <add value="https://mywebsite.com/myproject" />
    </audienceUris>
    <securityTokenHandlers>
      <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    </securityTokenHandlers>
    <certificateValidation certificateValidationMode="None" />
  </identityConfiguration>
</system.identityModel>
<system.webServer>
  <modules>
    <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  </modules>
</system.webServer>
<system.identityModel.services>
  <federationConfiguration>
    <cookieHandler requireSsl="true" />
    <wsFederation passiveRedirectEnabled="true" issuer="https://login.windows.net/myorganizationdomain.com/wsfed" realm="https://mywebsite.com/myproject" requireHttps="true" reply="https://localhost:44318/" persistentCookiesOnPassiveRedirects="true" />
  </federationConfiguration>
</system.identityModel.services>

从Utils复制生成的代码DatabaseIssuerNameRegistry.cs 文件夹，从“空白”项目进入现有项目。
从“空白”复制theTenantRegistrationModels.cs和TenantDbContext.cs 项目进入现有项目
将IdentityConfig.cs从“空白”项目复制到现有项目

在Global.asx.cs中添加以下内容

IdentityConfig.ConfigureIdentity();

在现有的Webform asp.net上集成WAAD

1 个答案: