从未经授权的页面重定向用户

时间:2015-05-14 15:02:22

标签: asp.net-mvc authorization forms-authentication federated-identity

我有一个MVC应用程序,我最近将身份验证/授权方法从表单转换为联合。一切正常,但在主页上我必须创建一个cookie,以授权我的网站的其余部分正常工作。当用户首先导航到主页时,它可以很好地工作,如果他们首先导航到需要授权的不同页面,他们将获得401未经授权的错误页面。

当我实现表单身份验证时,它会将未经授权的用户重定向到登录页面,联盟我不再拥有登录页面,因此我想重定向到主页。使用表单身份验证时,重定向是自动的,我如何为联合应用程序设置类似的东西?

以下是我的web.config的相关联合部分。同样,联合身份验证/授权可以正常工作,只是未经授权的重定向。

  <system.web>
    <customErrors mode="Off"/>
    <authentication mode="None"/>
    <authorization>
      <deny users="?"/>
    </authorization>

    <membership defaultProvider="ADMembershipProvider">
      <providers>
        <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionProtection="Secure" attributeMapUsername="sAMAccountName" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" />
      </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider" cacheRolesInCookie="true" cookieName=".ADLibraryROLES" cookiePath="/" cookieTimeout="1440" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="true" cookieProtection="All">
      <providers>
        <clear />
        <add name="ActiveDirectoryRoleProvider" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" attributeMapUsername="sAMAccountName" type="MyApp.ActiveDirectoryRoleProvider" />
      </providers>
    </roleManager>
  </system.web>
  <system.webServer>
      <modules>
        <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
        <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
      </modules>
  </system.webServer>
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://fed.example.com/"/>
      </audienceUris>
      <securityTokenHandlers>
        <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
        <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
      </securityTokenHandlers>
      <certificateValidation certificateValidationMode="None"/>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://myfedservice.example.com/adfs/services/trust">
          <keys>
            <add thumbprint="mythumb"/>
          </keys>
          <validIssuers>
            <add name="http://fed.example.com/adfs/services/trust"/>
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true"/>
      <wsFederation passiveRedirectEnabled="true" issuer="https://fed.example.com/adfs/ls/" realm="https://fed.example.com/" reply="https://fed.example.com/" requireHttps="true" persistentCookiesOnPassiveRedirects="true"/>
    </federationConfiguration>
  </system.identityModel.services>

1 个答案:

答案 0 :(得分:1)

您可以在wsFederation部分进行配置,有关详细信息,请参阅MSDN。通过将“passiveRedirectEnabled”设置为true,WSFederationAuthenticationModule将查看所有传出响应,尝试查找HTTP 401。如果找到401,它将修改响应并将其转换为重定向到STS。请注意,在制作中,您要将requireHttps更改为true

<system.identityModel.services>
<federationConfiguration>
  <wsFederation passiveRedirectEnabled="true" 
    issuer="http://localhost:15839/wsFederationSTS/Issue" 
    realm="http://localhost:50969/" reply="http://localhost:50969/" 
    requireHttps="false" 
    signOutReply="http://localhost:50969/SignedOutPage.html" 
    signOutQueryString="Param1=value2&amp;Param2=value2" 
    persistentCookiesOnPassiveRedirects="true" />
  <cookieHandler requireSsl="false" />
</federationConfiguration>

请注意,您还需要添加这些模块:

<modules>
  <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
  <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>

以及以下配置部分:

<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

相关问题
最新问题