上下文:
1个Web服务器:具有网站https://WebApp.g1.my-web-domain.com的IIS(已购买真实证书)。服务器位于域my-web-domain.com
1测试ADFS服务器(2.0):adfs元数据:https://fs.vt.test/federationmetadata/2007-06/federationmetadata.xml(自签名证书)
1在vt.test域中测试客户端
工作:
通缉:
只是一个无声的失败,在ADFS事件中没有任何事情,没有异常或http错误......
我为OWIN尝试了很多配置,这是我的最后一个代码:
app.SetLoggerFactory(new NLogFactory());
app.UseErrorPage(new ErrorPageOptions()
{
//Shows the OWIN environment dictionary keys and values. This detail is enabled by default if you are running your app from VS unless disabled in code.
ShowEnvironment = true,
//Hides cookie details
ShowCookies = false,
//Shows the lines of code throwing this exception. This detail is enabled by default if you are running your app from VS unless disabled in code.
ShowSourceCode = true,
});
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
CookieManager = new SystemWebCookieManager(container.GetInstance<ILoggingService>())
});
app.Use(async (Context, next) =>
{
new NLogLoggingService("Owin after cookie log").Debug(JsonConvert.SerializeObject(Context.Authentication, Formatting.None,
new JsonSerializerSettings()
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore
}));
await next.Invoke();
new NLogLoggingService("Owin after cookie log").Debug(JsonConvert.SerializeObject(Context.Authentication, Formatting.None,
new JsonSerializerSettings()
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore
}));
});
//AppBuilderLoggerExtensions
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = adfsMetadata,
AuthenticationMode = AuthenticationMode.Passive,
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("Home/Unauthorized?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
app.Use(async (Context, next) =>
{
new NLogLoggingService("Owin after federation log").Debug(JsonConvert.SerializeObject(Context.Authentication, Formatting.None,
new JsonSerializerSettings()
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore
}));
await next.Invoke();
new NLogLoggingService("Owin after federation log").Debug(JsonConvert.SerializeObject(Context.Authentication, Formatting.None,
new JsonSerializerSettings()
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore
}));
});
// This makes any middleware defined above this line run before the Authorization rule is applied in web.config
app.UseStageMarker(PipelineStage.Authenticate);
我按照这样的帖子来配置我在ADFS管理方面的信任度: http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/
我的配置是:
ida:ADFSMetadata:https://fs.vt.test/federationmetadata/2007-06/federationmetadata.xml&#34;
ida:Wtrealm:https://WebApp.g1.my-web-domain.com/&#34;
我一直在搜索博客,stackoverflow几天但我无法使我的身份验证工作。可能是证书问题或......
我无法找到调试配置错误的方法。
我的Nlog中没有OWIN的任何内容。