All geek questions in one place

Microsoft.IdentityModel ASP.NET - ,

Microsoft.IdentityModel web.config .

federatedAuthentication, web.config:

<federatedAuthentication>
    <wsFederation passiveRedirectEnabled="true" issuer="trust" realm="real" requireHttps="false" />
    <cookieHandler requireSsl="true" />
</federatedAuthentication>

EventHandler Application_Start() web.config:

    protected void Application_Start()
    {
        FederatedAuthentication.ServiceConfigurationCreated += new EventHandler<ServiceConfigurationCreatedEventArgs>(FederatedAuthentication_ServiceConfigurationCreated);
    }

    private static void FederatedAuthentication_ServiceConfigurationCreated(Object sender, ServiceConfigurationCreatedEventArgs e)
    {
        const string rpRealm = "realm";
        const bool requireSsl = false;
        const bool requireHttps = false;
        const bool passRedirect = true;
        const string issuer = "trust";

        ...

        FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = passRedirect;
        FederatedAuthentication.WSFederationAuthenticationModule.Issuer = issuer;
        FederatedAuthentication.WSFederationAuthenticationModule.Realm = rpRealm;
        FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = requireHttps;

        ...
    }

web.config , , URL- , PassiveRedirectEnabled true.

, , ; .

P.S. WIF 3.5; Microsoft.IdentityModel.dll

+4
2

@jonho ! WIF 4.5, WIF 3.5, ...

http://social.msdn.microsoft.com/forums/vstudio/en-US/41b9a137-faca-43c6-b965-01d5322df5f0/change-microsoftidentitymodel-configuration.

, , :

  • ServiceConfiguration :

    protected void Application_Start()
{
    FederatedAuthentication.ServiceConfigurationCreated += 
                new EventHandler<ServiceConfigurationCreatedEventArgs>(FederatedAuthentication_ServiceConfigurationCreated);
}

private static void FederatedAuthentication_ServiceConfigurationCreated(Object sender, ServiceConfigurationCreatedEventArgs e)
{
    const string allowedAudience = "allowed_aud";
    const string certThumbprint = "thumb";
    const string certName = "name";

    var serviceConfiguration = new ServiceConfiguration();

    serviceConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

    var issuerNameRegistry = new ConfigurationBasedIssuerNameRegistry();
    issuerNameRegistry.AddTrustedIssuer(certThumbprint, certName);
    serviceConfiguration.IssuerNameRegistry = issuerNameRegistry;
    serviceConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

    e.ServiceConfiguration = serviceConfiguration;
}

  • Application_AuthenticateRequest() ASP.NET. :

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = requireSsl;
    FederatedAuthentication.WSFederationAuthenticationModule.Issuer = issuer;
    FederatedAuthentication.WSFederationAuthenticationModule.Realm = rpRealm;
    FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = passRedirect;
    FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = requireHttps;
}

, ASP.NET WIF 3.5

+4

: FederationConfiguration, WsFederationConfiguration, .

  private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
{
    //from appsettings...
    const string allowedAudience = "http://audience1/user/get";
    const string rpRealm = "http://audience1/";
    const string domain = "";
    const bool requireSsl = false;
    const string issuer = "http://sts/token/create;
    const string certThumbprint = "mythumbprint";
    const string authCookieName = "StsAuth";

    var federationConfiguration = new FederationConfiguration();
                             federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

    var issuingAuthority = new IssuingAuthority(internalSts);
    issuingAuthority.Thumbprints.Add(certThumbprint);
    issuingAuthority.Issuers.Add(internalSts);
    var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};

    var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
    federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
    federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

    var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
    federationConfiguration.CookieHandler = chunkedCookieHandler;
    federationConfiguration.WsFederationConfiguration.Issuer = issuer;
    federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
    federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

    e.FederationConfiguration = federationConfiguration;
+2

Source: https://habr.com/ru/post/1546197/

More articles:


All Articles