我在身份模型中相当新鲜。情况紧接着。
我有2个mvc 5.1应用程序:
在RP的web.config中我已配置联邦身份验证以从STS获取声明
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:50473/" />
</audienceUris>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="..." name="WSFederationSTS" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<wsFederation
passiveRedirectEnabled="true"
issuer="http://localhost:50475/WSFederationSecurityTokenService.svc/Issue"
realm="http://localhost:50473/"
requireHttps="false" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
</system.identityModel.services>
它运作得很好。
现在我有另一个应用程序可以使用相同的STS。网址是本地主机:50474
所以联邦身份验证配置有
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:50474/" />
</audienceUris>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="..." name="WSFederationSTS" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<wsFederation
passiveRedirectEnabled="true"
issuer="http://localhost:50475/WSFederationSecurityTokenService.svc/Issue"
realm="http://localhost:50474/"
requireHttps="false" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
</system.identityModel.services>
但对于第二个应用程序,它不起作用。当它启动时,浏览器将请求重定向到STS,提供登录,但是当浏览器再次重定向到应用程序时,我收到错误:
[SecurityTokenException: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.]
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +634156
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +76
System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +417
System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +176
System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +116
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
我在STS登录后看到对应用程序的请求包含FedAuth cookie,但似乎应用程序无法识别它。为什么?我的配置错了吗?
TNX