Programatically Configuring federatedAuthenticatio

2019-03-30 19:04发布

站内问答 / C#
1704 2 6

I am trying to programatically generate the following configuration contained inside the microsoft.identityModel configuration. 

<federatedAuthentication>
   <wsFederation passiveRedirectEnabled="false" requireHttps="true" issuer="https://IssuedByFoo.com" realm="http://Foo.com/" />
   <cookieHandler requireSsl="true" path="/" />
</federatedAuthentication>

So far I have not been able to successfully configure this. I have tried setting the following in application_Start but I get an error message when I try to federate

"ID5002: The Issuer property on the FederatedPassiveSignIn control must be set to the address of an STS endpoint that can process WS-Federation passive protocol messages."

FederatedAuthentication.WSFederationAuthenticationModule.Realm = "http://Foo.com/";
FederatedAuthentication.WSFederationAuthenticationModule.Issuer = "https://IssuedByFoo.com";
FederatedAuthentication.WSFederationAuthenticationModule.PassiveRedirectEnabled = false;
FederatedAuthentication.WSFederationAuthenticationModule.RequireHttps = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.RequireSsl = true;
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Path = "/";

I am pretty sure that I am not configuring FederatedAuthentication correctly, and I am not sure where to configure it correctly. One thing I notice is that when I set a breakpoint on begin request, and inspect the FederatedAuthentication.WSFederationAuthenticationModule I do not see the properties set on it when the values are not present in the web.config

2条回答
Lonely孤独者°
2楼-- · 2019-03-30 19:55

I always manage all my wif config from code, and just use app settings for the rp and sts server names etc. This set up should work for you. btw - This is the set up for a relying party (the sts setup is simpler.)

 protected void Application_Start()
    {

      FederatedAuthentication.FederationConfigurationCreated += FederatedAuthentication_FederationConfigurationCreated;

      }

       private static void FederatedAuthentication_FederationConfigurationCreated(object sender, FederationConfigurationCreatedEventArgs e)
    {
        //from appsettings...
        const string allowedAudience = "http://audience1/user/get";
        const string rpRealm = "http://audience1/";
        const string domain = "";
        const bool requireSsl = false;
        const string issuer = "http://sts/token/create;
        const string certThumbprint = "mythumbprint";
        const string authCookieName = "StsAuth";

        var federationConfiguration = new FederationConfiguration();
                                 federationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(allowedAudience));

        var issuingAuthority = new IssuingAuthority(internalSts);
        issuingAuthority.Thumbprints.Add(certThumbprint);
        issuingAuthority.Issuers.Add(internalSts);
        var issuingAuthorities = new List<IssuingAuthority> {issuingAuthority};

        var validatingIssuerNameRegistry = new ValidatingIssuerNameRegistry {IssuingAuthorities = issuingAuthorities};
        federationConfiguration.IdentityConfiguration.IssuerNameRegistry = validatingIssuerNameRegistry;
        federationConfiguration.IdentityConfiguration.CertificateValidationMode = X509CertificateValidationMode.None;

        var chunkedCookieHandler = new ChunkedCookieHandler {RequireSsl = false, Name = authCookieName, Domain = domain, PersistentSessionLifetime = new TimeSpan(0, 0, 30, 0)};
        federationConfiguration.CookieHandler = chunkedCookieHandler;
        federationConfiguration.WsFederationConfiguration.Issuer = issuer;
        federationConfiguration.WsFederationConfiguration.Realm = rpRealm;
        federationConfiguration.WsFederationConfiguration.RequireHttps = requireSsl;

        e.FederationConfiguration = federationConfiguration;
查看更多
0人赞 添加讨论(0) 举报
闹够了就滚
3楼-- · 2019-03-30 19:55

I ended up going with this

Is it possible to get ACS claims without editing web.config?

This seems to work, and we were already usign a custom Module so it was easy to implement

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)