根据此链接https://blogs.technet.microsoft.com/askpfeplat/2015/03/01/adfs-deep-dive-onboarding-applications/
我已在依赖方上设置了令牌加密证书,并将公钥导出到ADFS提供程序
我需要在asp.net web.config中进行哪些更改才能解密这些声明。我目前使用System.Security.Claims.ClaimsPrincipal类来获取声明
答案 0 :(得分:2)
现在让它为任何其他人工作。需要在web.config中更改以下内容。将XXXX替换为您的证书指纹
latLngToBeFound = L.latLng( 48, 2 );
latLngArray = [
L.latlng( 58, 9 ),
L.latlng( 32, 14 ),
L.latlng( 48, 2 ),
L.latlng( 0, 15 )
];
var exists = !!latLngArray.find( function(i){
return latLngToBeFound.equals(i);
} );
答案 1 :(得分:1)
在将ADFS作为身份提供程序启用时,对web.config进行了大量更改。我经常发现简单地创建一个新的MVC项目更容易,并使用更改身份验证向导来选择ADFS。输入详细信息后,它将自动使用所需的设置更新web.config,然后您可以将其复制到另一个项目。
下面我试图列出所需的所有条目,但我可能错过了一些。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<appSettings>
<add key="ida:FederationMetadataLocation" value="https://YOURADFS/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://YOURURL/" />
<add key="ida:AudienceUri" value="https://YOURURL/" />
</appSettings>
<system.web>
<machineKey validationKey="YOURMACHINEKEY" decryptionKey="YOURDECRYPTIONKEY" validation="SHA1" decryption="AES" />
</system.web>
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://YOURURL/" />
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://YOURADFS/adfs/services/trust">
<keys>
<add thumbprint="YOURCERTIFICATETHUMB" />
</keys>
<validIssuers>
<add name="http://YOURADFS/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" name="YOURCOOKIENAME" />
<wsFederation passiveRedirectEnabled="true" issuer="https://YOURADFS/adfs/ls/" realm="https://YOURURL/" requireHttps="true" />
</federationConfiguration>
</system.identityModel.services>
</configuration>
您当然必须将这些值替换为您自己环境的相应值。