以编程方式在asp.net应用程序上的microsoft.identityModel中配置federatedAuthentication元素
我试图以编程方式生成microsoft.identityModel配置中包含的以下配置。
到目前为止,我还没能成功配置它。 我尝试在application_Start中设置以下内容,但在尝试联合时收到错误消息
“ID5002:FederatedPassiveSignIn控件上的Issuer属性必须设置为可以处理WS-Federation被动协议消息的STS端点的地址。”
FederatedAuthentication.WSFederationAuthenticationModule.Realm = "http://Foo.com/"; FederatedAuthentication.WSFederationAuthenticationModule.Issuer = "https://IssuedByFoo.com"; FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = false; FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = true; FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = true; FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Path = "/";
我很确定我没有正确配置FederatedAuthentication,我不确定在哪里正确配置它。 我注意到的一件事是,当我在开始请求上设置断点并检查FederatedAuthentication.WSFederationAuthenticationModule时,当web.config中不存在值时,我看不到设置的属性。
我总是从代码管理我所有的wif配置,只需使用rp和sts服务器名称的应用程序设置等。这个设置应该适合你。 顺便说一句 – 这是依赖方的设置(sts设置更简单。)
protected void Application_Start() { FederatedAuthentication.FederationConfigurationCreated += FederatedAuthentication_FederationConfigurationCreated; } private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e) { //from appsettings... const string allowedAudience = "http://audience1/user/get"; const string rpRealm = "http://audience1/"; const string domain = ""; const bool requireSsl = false; const string issuer = "http://sts/token/create; const string certThumbprint = "mythumbprint"; const string authCookieName = "StsAuth"; var federationConfiguration = new FederationConfiguration(); federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience)); var issuingAuthority = new IssuingAuthority(internalSts); issuingAuthority.Thumbprints.Add(certThumbprint); issuingAuthority.Issuers.Add(internalSts); var issuingAuthorities = new List {issuingAuthority}; var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities}; federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry; federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None; var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)}; federationConfiguration.CookieHandler = chunkedCookieHandler; federationConfiguration.WsFederationConfiguration.Issuer = issuer; federationConfiguration.WsFederationConfiguration.Realm = rpRealm; federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl; e.FederationConfiguration = federationConfiguration;
我结束了这个
是否可以在不编辑web.config的情况下获得ACS声明?
这似乎有效,我们已经使用了自定义模块,因此很容易实现