claims-based-identity | 易学教程

How to unit test code that uses FederatedAuthentication.SessionAuthenticationModule

阅读更多关于 How to unit test code that uses FederatedAuthentication.SessionAuthenticationModule

问题 How can I test this code (Login method in a ASP.NET MVC 4, .NET 4.5 web app): public ActionResult Login(LoginModel model, string returnUrl) { if (ModelState.IsValid && _userCredentialsService.ValidateUser(model.UserName, model.Password)) { SessionAuthentication.SetAuthCookie(model.UserName, _userCredentialsService.GetUserGroups(model.UserName), model.RememberMe); return RedirectToLocal(returnUrl); } } that uses this SetAuthCookie method: public static void SetAuthCookie(IEnumerable<Claim>

Is there a way to customize the Thinktecture.IdentityServer.v2 login page?

阅读更多关于 Is there a way to customize the Thinktecture.IdentityServer.v2 login page?

问题 I'm using the Thinktecture.IdentityServer.v2 app to perform SSO for a couple of internal apps but would like to customize the login page for each application to have a smoother user experience. I can't seem to find a way to do that. Can the login page be customized depending on the source application from where the client is comming? 回答1: "I can't seem to find a way to do that." - How hard have you tried? ;) The RP has the extra data fields - so you can hang like a CSS name off the RP in the

Roles vs Claims Authorization Asp.net web api-2 with WIF and OWIN Middleware

阅读更多关于 Roles vs Claims Authorization Asp.net web api-2 with WIF and OWIN Middleware

问题 I am trying to secure asp.net web-api 2.0 with Windows Identity Foundation 2. The choice I have to make is between role based authorization and claims based authorization. As a practice, I added a users in DbInitializer and assigned him two roles (Admin and Manager). When I log in with that user, I see that ClaimsPrincipal in debug mode, it already has those roles (Admin and Manager) associated as claims. So here are the questions: If roles are also treated as claims, what is the difference b

Claims without roles?

阅读更多关于 Claims without roles?

问题 I'm trying to understand ASP.NET Identity authentication and authorization mechanics. I understood what's a claim & what's a role. In almost every related blog post, or question on here it's advised to use claims and avoid roles. I'm confused at this point. How can I use claims without roles? (I normally assign roles to users after they are registered. ) Any help is appreciated. Thank you 回答1: Roles are claims too, claims are just more general. In almost every related blog post, or question

How do I read claims from my Oauth token?

阅读更多关于 How do I read claims from my Oauth token?

问题 I made a Security Token Service that connects to my identity store and returns an OAuth2 token with claims if valid. I'm using the Thinktecture.IdentityServer for this. Now I can pass the token to my API, but how do I use this token in my web services to make sure that it returns data that is filtered on the basis of the appropriate claims in the token? I think some samples might exist here: https://github.com/thinktecture/Thinktecture.IdentityModel.45/tree/master/Samples/Web%20API but I'm

Azure ACS without the generated code and HttpHandlers?

阅读更多关于 Azure ACS without the generated code and HttpHandlers?

问题 Azure's ACS service is pretty sweet, and I love all of the magic it can do, but I want a little less magic for my Web app (MVC). If you look at the code samples on CodePlex, it's easy enough to call the service and get a JSON list of login providers from an endpoint like this: https://.accesscontrol.windows.net/v2/metadata/IdentityProviders.js?protocol=wsfederation&realm=http%3a%2f%2flocalhost%3a7070%2f&version=1.0&callback=? From the resulting JSON, you can render some links to the providers

Why is User.Identity null after login with AspNet.Identity 3.0

阅读更多关于 Why is User.Identity null after login with AspNet.Identity 3.0

问题 I am using Microsofts AspNet.Identity 3.0 framework within the DNX RC1. With the help of some tutorials I have built a custom authentication system. After a successful password check some claims are created for the user and the Authentication will be set: var claimsPrincipal = await SignInManager.CreateUserPrincipalAsync(user); if (claimsPrincipal != null && claimsPrincipal.Identity != null) { // Set the claims to the user await HttpContext.Authentication.SignInAsync

SharePoint 2010 - Changing from Kerberos to Claims-Based Authentication

阅读更多关于 SharePoint 2010 - Changing from Kerberos to Claims-Based Authentication

I want to change the Authentication Provider from Kerberos to Claim-Based in my SharePoint 2010 Enterprise Edition environment. What problems can occur in my SharePoint environment? I heard that there are problems with the RSS Reader Webpart if the Webpart consumed a feed from my SharePoint. It will probably not be usable with Claim-Based Authentication. Are there other problems like this? You mean that you want to change from classic authentication to claims-based authentication. Claims-based authentication also supports Kerberos (as well as NTLM). Therefore, you shouldn't encounter the

How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors

阅读更多关于 How to avoid 'SamlAssertion.NotOnOrAfter condition is not satisfied' errors

Recently I have started using claim-based authentication on an existing web application. Because the application makes use of jQuery & more notably, the AJAX functions, I have had to alter the handlers not to attempt to redirect the XmlHTTPRequests , and instead return a 403 status which is easier to handle. Here is the FederatedAuthentication.WSFederationAuthenticationModule.AuthorizationFailed event hanlder: protected void WSFederationAuthenticationModule_AuthorizationFailed(object sender, AuthorizationFailedEventArgs e) { //WSFederationAuthenticationModule sam =

How to share authentication context between a SharePoint 2010 Site and ASP.NET applications

阅读更多关于 How to share authentication context between a SharePoint 2010 Site and ASP.NET applications

Is it possible to share the claims based authentication of a logged in Sharepoint 2010 user with a separate Asp.net application? The following article describes how it was done using Sharepoint 2007 and forms authentication through forms auth and sharing machine keys etc however I cannot find any information regarding the external application consuming the claims authentication that is now used in Sharepoint 2010? Who authenticates the user in SP in your app? In a claims based architecture, you normally would deploy an STS that will authenticate users and issue security tokens (e.g. ADFS).