我有使用WIF 4.5进行身份验证的ASP.NET MVC 4应用程序(STS和RP)。 STS应用程序有自定义安全令牌服务,依赖方调用STS来获取身份验证,该部分正常工作,但我不想使用cookie来存储我的令牌数据,所以我在Global.asax中设置事件以便使用session存储数据,但我无法获得可以完成工作的FederatedAuthentication事件。
在调试模式下,调用Global.asax Application_Start方法并注册我需要的所有事件,但是当它们被调用时,它们都不会被调用。奇怪的是,他们曾经工作,但突然他们只是停止射击,我不知道为什么,因为我没有改变任何东西。我在Global.asax中设置了Application_Error方法,根本没有任何错误,Windows事件日志也没有。
我的配置有什么问题?我该如何调查这个问题?
的Web.config
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="None"></authentication>
<httpRuntime targetFramework="4.5" />
<httpModules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<certificateValidation certificateValidationMode="None" />
<audienceUris>
<add value="http://www.rp.com/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="*thumbprint*" name="CertificateName" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
<wsFederation passiveRedirectEnabled="true" issuer="http://www.sts.com/" realm="http://www.rp.com/" reply="http://www.rp.com/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
Global.asax中
protected void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
}
答案 0 :(得分:0)
问题解决了。这是我的错。
我在一个单独的库中创建了一个共享的Global.asax类,所有依赖方网站都引用它(只是为了减少代码重复)。 RP网站开始运行,调用自己的Global.asax Application_Start,然后调用基类的Application_Start,事件被注册。
public class GlobalHttpApplication : HttpApplication
{
protected virtual void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
}
}
public class RelyingPartyHttpApplication : GlobalHttpApplication
{
protected override void Application_Start(object sender, EventArgs e)
{
base.Application_Start(sender, e);
}
}
我真的不明白为什么事件不会发生,因为联邦模块没有丢失或修改,但由于某些原因,在不同的图书馆注册的事件不会触发
所以我工作的Global.asax类看起来如下:
public class RelyingPartyHttpApplication : HttpApplication
{
protected void Application_Start()
{
FederatedAuthentication.FederationConfigurationCreated += OnServiceConfigurationCreated;
FederatedAuthentication.WSFederationAuthenticationModule.SessionSecurityTokenCreated += OnSessionSecurityTokenCreated;
}
private void OnServiceConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
}
private void OnSessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
}
}
答案 1 :(得分:0)
要注意的重要事项是如何处理 WSFederationAuthenticationModule 类的 SecurityTokenValidated 和 SessionSecurityTokenCreated 事件: https://stackoverflow.com/a/58561136/5557538