我关注了这篇文章,以使用WIF创建单点登录。 http://www.primaryobjects.com/2013/08/08/using-single-sign-on-with-windows-identity-foundation-in-mvc-net/
单点登录工作正常,但是我只能在依赖的网站上检索用户名。我想传递一些其他信息,例如EmplId,Name等,但是除了用户名之外,其他都无法检索。
我尝试将Forms Authenciation转换为SessionAuthenticationModule。像下面一样
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, loginModel.Username));
claims.Add(new Claim(ClaimTypes.Email, "john@doe.com"));
claims.Add(new Claim("EmplId", "1234"));
var claimsIdentity = new ClaimsIdentity(claims, "Forms");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
var sam = FederatedAuthentication.SessionAuthenticationModule;
var token = new SessionSecurityToken(claimsPrincipal, new TimeSpan(0, 30, 0));
token.IsPersistent = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.PersistentCookiesOnPassiveRedirects;
token.IsReferenceMode = sam.IsReferenceMode;
sam.WriteSessionTokenToCookie(token);
还将索赔主体传递给ProcessSignInRequest方法
private static string ProcessSignIn(Uri url, ClaimsPrincipal user)
{
var requestMessage = (SignInRequestMessage)WSFederationMessage.CreateFromUri(url);
var signingCredentials = new X509SigningCredentials(CustomSecurityTokenService.GetCertificate(ConfigurationManager.AppSettings["SigningCertificateName"]));
// Cache?
var config = new SecurityTokenServiceConfiguration(ConfigurationManager.AppSettings["IssuerName"], signingCredentials);
var sts = new CustomSecurityTokenService(config);
var responseMessage = FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(requestMessage, user, sts);
return responseMessage.WriteFormPost();
}