MVC 5联合身份验证配置2 RP

时间:2014-05-23 14:14:47

标签: asp.net-mvc authentication wif federated-identity

我在身份模型中相当新鲜。情况紧接着。

我有2个mvc 5.1应用程序:

  • localhost:50475 - STS
  • localhost:50473 - RP(使用身份声明的应用程序)

在RP的web.config中我已配置联邦身份验证以从STS获取声明

  <system.identityModel>
            <identityConfiguration>
                <audienceUris>
                    <add value="http://localhost:50473/" />
                </audienceUris>
                <certificateValidation certificateValidationMode="None" />
                <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
                    <trustedIssuers>
                        <add thumbprint="..." name="WSFederationSTS" />
                    </trustedIssuers>
                </issuerNameRegistry>
            </identityConfiguration>
        </system.identityModel>
        <system.identityModel.services>
            <federationConfiguration>
                <wsFederation
                    passiveRedirectEnabled="true"
                    issuer="http://localhost:50475/WSFederationSecurityTokenService.svc/Issue"
                    realm="http://localhost:50473/"
                    requireHttps="false" />
                    <cookieHandler requireSsl="false" />
            </federationConfiguration>
        </system.identityModel.services>

它运作得很好。

现在我有另一个应用程序可以使用相同的STS。网址是本地主机:50474

所以联邦身份验证配置有

<system.identityModel>
        <identityConfiguration>
            <audienceUris>
                <add value="http://localhost:50474/" />
            </audienceUris>
            <certificateValidation certificateValidationMode="None" />
            <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
                <trustedIssuers>
                    <add thumbprint="..." name="WSFederationSTS" />
                </trustedIssuers>
            </issuerNameRegistry>
        </identityConfiguration>
    </system.identityModel>
    <system.identityModel.services>
        <federationConfiguration>
            <wsFederation
                passiveRedirectEnabled="true"
                issuer="http://localhost:50475/WSFederationSecurityTokenService.svc/Issue"
                realm="http://localhost:50474/"
                requireHttps="false" />
            <cookieHandler requireSsl="false" />
        </federationConfiguration>
    </system.identityModel.services>

但对于第二个应用程序,它不起作用。当它启动时,浏览器将请求重定向到STS,提供登录,但是当浏览器再次重定向到应用程序时,我收到错误:

[SecurityTokenException: ID4243: Could not create a SecurityToken. A token was not found in the token cache and no cookie was found in the context.]
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +634156
   System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver) +76
   System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie) +417
   System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken) +176
   System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs) +116
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +136
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

我在STS登录后看到对应用程序的请求包含FedAuth cookie,但似乎应用程序无法识别它。为什么?我的配置错了吗?

TNX

0 个答案:

没有答案