Question

我正在通过本教程使用WIF构建声明感知的MVC Web应用程序。链接：https://msdn.microsoft.com/en-us/library/hh291061(v=vs.110).aspx

遗憾的是，教程没有提及如何实际验证获得的令牌。我试图在网上搜索，但找不到任何东西。

有人可以帮助我吗？

Answer 1

看看我的教程

http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html

您应该注意的代码很简单

       var securityToken = fam.GetSecurityToken( request );

        var config = new SecurityTokenHandlerConfiguration
        {
            CertificateValidator = X509CertificateValidator.None,
            IssuerNameRegistry   = new CustomIssuerNameRegistry()
        };
        config.AudienceRestriction.AudienceMode = AudienceUriMode.Never;

        var tokenHandler = new SamlSecurityTokenHandler
        {
            CertificateValidator = X509CertificateValidator.None,
            Configuration        = config
        };

        // validate the token and get the ClaimsIdentity out of it
        var identity  = tokenHandler.ValidateToken( securityToken );

        var principal = new ClaimsPrincipal( identity );

为此，您还需要一个自定义颁发者名称注册表，用于识别或拒绝使用

签名的证书

public override string GetIssuerName( SecurityToken securityToken )
{
    X509SecurityToken x509Token = securityToken as X509SecurityToken;

    if ( accept the cert ? )
       return x509Token.Certificate.Subject;
    else
       return string.Empty; // rejects it
}

Windows Identity Foundation：如何验证令牌以进行签名和到期？

1 个答案: