因此,我尝试与this Microsoft Doc一起使用WS-Federation对用户进行身份验证。我相信本文基于现有的应用程序,但我是从头开始的。我的客户端盒上有VS 2019,ADFS 3.0实例在Windows Server 2012R2上。
因此,按照教程中的说明,我首先注册了我的应用程序。由于我正在测试,因此我将localhost用于URL(因此https:// localhost:5001 /)。我计划使用Kestrel,因此在我的情况下,端口5001将有效。
然后在VS2019中,我首先使用Angular创建一个新的.NET Core Web应用程序。我选择“个人身份验证”选项。该应用现在称为ADFSFED。
我执行“将WS-Federation添加为ASP.NET Core身份的外部登录提供程序”部分,并且我的Startup.cs文件现在看起来像这样:
using ADFSFED.Data;
using ADFSFED.Models;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.SpaServices.AngularCli;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace ADFSFED
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity<ApplicationUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication()
.AddIdentityServerJwt();
//From Tutorial
services.AddIdentity<IdentityUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication()
.AddWsFederation(options =>
{
// MetadataAddress represents the Active Directory instance used to authenticate users.
options.MetadataAddress = "https://federation.etrak.com/federationmetadata/2007-06/federationmetadata.xml";
// Wtrealm is the app's identifier in the Active Directory instance.
// For ADFS, use the relying party's identifier, its WS-Federation Passive protocol URL:
options.Wtrealm = "https://localhost:5001/";
});
services.AddMvc(options => options.EnableEndpointRouting = false);
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseAuthentication();
app.UseIdentityServer();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
// To learn more about options for serving an Angular SPA from ASP.NET Core,
// see https://go.microsoft.com/fwlink/?linkid=864501
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseAngularCliServer(npmScript: "start");
}
});
}
}
}
这给了我“ System.InvalidOperationException:'方案已存在:Identity.Application'
“代表app.UseIdentityServer();在Configure方法中。文档没有说明会发生这种情况,我对如何解决此问题一无所知。如果有人需要,我可以根据需要添加更多代码。我想您可以如果您想要更多的动手方法,也可以像我一样重新创建该项目,并按照教程进行操作,此外,根据我所显示的内容,我的设置甚至对于使用WS-Federation还是正确的呢?我计划使用Angular使用SPA提供安全的.NET Core Web API,并且双方都需要进行身份验证。