ADFS错误 - 域名更改

时间:2017-01-04 18:03:29

标签: c# visual-studio iis adfs

我目前正在更改我在Visual Studio中开发的网站的名称。我已经更新了DNS,并且我在IIS(站点绑定)上更改了站点名称。我目前收到ADFS错误。我认为这与认证有关? 以下是我的web.config文件。该网站的新名称是“技术支持”。

enter image description here 

   <?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301880
  -->
<configuration>
  <configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
  </configSections>

  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <add key="owin:AutomaticAppStartup" value="false" />
    <add key="ida:FederationMetadataLocation" value="https://adfs.tech.com/federationmetadata/2007-06/federationmetadata.xml" />
    **<add key="ida:Realm" value="https://website.tech.com/" />
    <add key="ida:AudienceUri" value="https://website.tech.com/"** />
  </appSettings>
  <location path="Account">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Form/Form">
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
      <!--<customErrors mode="On" defaultRedirect="/ErrorMessages/Error" redirectMode="ResponseRedirect">
        <error statusCode="401" redirect="/ErrorMessage/Error"/>
      </customErrors>-->
    </system.web>
  </location>
  <location path="ReExport/ReExport">
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm" />
    <authentication mode="None" />
    <authorization>
    </authorization>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" requestValidationMode="4.5" maxQueryStringLength="32768" />
  </system.web>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="mssqllocaldb" />
      </parameters>
    </defaultConnectionFactory>
    <providers>
      <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
    </providers>
  </entityFramework>
  <system.webServer>
    <modules>
      <!--<remove name="FormsAuthentication" />-->
      <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
      <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    </modules>
    <validation validateIntegratedModeConfiguration="false" />
    <httpProtocol>
      <customHeaders>
        <clear />
        <add name="X-UA-Compatible" value="IE=edge" />
      </customHeaders>
    </httpProtocol>
    <security>
      <requestFiltering>
        <requestLimits maxQueryString="32768" />
      </requestFiltering>
    </security>
  </system.webServer>
  <system.identityModel>
    <identityConfiguration>
      **<audienceUris>
        <add value="https://website.tech.com/" />
      </audienceUris>**
      <securityTokenHandlers>
        <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
        <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </securityTokenHandlers>
      <certificateValidation certificateValidationMode="None" />
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="http://adfs.tech.com/adfs/services/trust">
          <keys>

          </keys>
          <validIssuers>
            <add name="http://adfs.tech.com/adfs/services/trust" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" />
      **<wsFederation passiveRedirectEnabled="true" issuer="https://adfs.tech.com/adfs/ls/" realm="https://website.tech.com/" requireHttps="true" />**
    </federationConfiguration>
  </system.identityModel.services>
</configuration>

1 个答案:

答案 0 :(得分:1)

您看到的错误很可能与您的应用配置无关,而是与ADFS端的配置

具体而言,您的网站在那里注册为所谓的依赖方。您应该参考配置并将站点标识符 ws-federation被动端点的值替换为指向新地址的新值。

显示配置的详细教程:

https://blogs.msdn.microsoft.com/card/2010/06/24/using-federation-metadata-to-establish-a-relying-party-trust-in-ad-fs-2-0/

当您的网站重定向到ADFS时,它会通过附加其ID或端点或两者来标识自己:

 https://adfs.site/adfs/ls/?wa=wsignin1.0&wtrealm=yourappid&wreply=https://yourapppassiveendpoint

虽然两个与存储在ADFS配置中的值不匹配,但您始终会收到此错误消息。

相关问题
最新问题