我有一个Silverlight应用程序,它使用Identity Training Kit中的WSTrust实现从STS请求SAML令牌。
private void Application_Startup(object sender, StartupEventArgs e)
{
WSTrustClient wsTrustClient = new WSTrustClient(new WSTrustBindingUsernameMixed(), new EndpointAddress("https://localhost/SecurityTokenService/Service.svc/IWSTrust13"), new UsernameCredentials("user", "password"));
wsTrustClient.IssueCompleted += new EventHandler<IssueCompletedEventArgs>(wsTrustClient_IssueCompleted);
RequestSecurityToken rst = new RequestSecurityToken()
{
AppliesTo = new EndpointAddress("https://localhost/SilverlightApplication.Web")
};
wsTrustClient.IssueAsync(rst);
}
private void wsTrustClient_IssueCompleted(object sender, IssueCompletedEventArgs e)
{
this.Resources.Add("SamlToken", e.Result);
this.RootVisual = new MainPage();
}
然后,Silverlight应用程序将SAML令牌放入对我的ASP.NET Web API服务的请求的Authorization标头中;再次,使用相同的WSTrust实现。
string uri ="https://localhost/WebApi/api/resource";
WebRequest request = WebRequest.Create(uri);
request.Method = "GET";
RequestSecurityTokenResponse rstr = (RequestSecurityTokenResponse)Application.Current.Resources["SamlToken"];
request.Headers[HttpRequestHeader.Authorization] = "SAML " + rstr.RequestedSecurityToken.RawToken;
request.BeginGetResponse((result) =>
{
using (WebResponse response = request.EndGetResponse(result))
{
// Process Response
}
}, null);
首先,我是以正确的方式来做这件事的吗?其次,如果是这样,我如何让我的ASP.NET Web API服务检测SAML令牌并将其转换为IClaimsPrincipal服务器端?
答案 0 :(得分:2)
不是Silverlight大师,但是这里有关于WebAPI服务和WIF的一系列文章(以及一些自定义类) - ASP.NET WebAPI Security 1: Introducing Thinktecture.IdentityModel.Http。
这可能有帮助吗?