claims-based-identity

问题 I have a new Claims Provider Trust successfully configured in ADFS 3.0 that allows us to use a separate SAML IdP and let ADFS 3.0 be the SP. We now see "You are signed in" when we go through our SAML IdP. So this part works fine (SSO into ADFS 3.0). However, attempting to access Office 365 apps now returns the following error by at https://login.microsoftonline.com/login.srf: AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials. Any

问题 What the claim of type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier should be used for? This is the main question, and here are additional ones. How does it differ from http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim? Is it permanent for particular user as opposed to name claim? Is it globally-scoped or IdP-scoped? 回答1: Name , is just that a name. If we're talking person, think "Eric"; a server "file01". A NameIdentifier is the ID for an object.

问题 I have an MVC app that I would like to add claims-based authorization to. In the near future we will use ADFS2 for federated identity but for now we will used forms auth locally. Has anyone seen a tutorial or blog post about the best way to use WIF without an external identity provider? I have seen the following but it is a year old now and I think there should be an easier solution: http://geekswithblogs.net/shahed/archive/2010/02/05/137795.aspx 回答1: You can use WIF in MVC without an STS. I

问题 In a Web API project I am overriding the normal authentication process to check tokens instead. The code looks something like this: if ( true ) // validate the token or whatever here { var claims = new List<Claim>(); claims.Add( new Claim( ClaimTypes.Name, "MyUser" ) ); claims.Add( new Claim( ClaimTypes.NameIdentifier, "MyUserID" ) ); claims.Add( new Claim( ClaimTypes.Role, "MyRole" ) ); var claimsIdentity = new ClaimsIdentity( claims ); var principal = new ClaimsPrincipal( new[] {

问题 I add a claim in GenerateUserIdentityAsync method: public class ApplicationUser : IdentityUser { public async Task<ClaimsIdentity> GenerateUserIdentityAsync(UserManager<ApplicationUser> manager) { var userIdentity = await manager.CreateIdentityAsync(this, DefaultAuthenticationTypes.ApplicationCookie); userIdentity.AddClaim(new Claim(ClaimsStaticStrings.Inactivity, company.Inactivity.ToString())); return userIdentity; } } Then I try to get it in Account/Login method: [HttpPost] [AllowAnonymous

问题 After following Dominick Baier's Pluralsight courses and blogs around WIF 4.5, I'm still stuck with problem that I'm unable to resolve. I am using WCF Data Services with claims based authorization using WIF 4.5. I have my ClaimsAuthenticationManager and ClaimsAuthorizationManager set up in the web.config: <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken

问题 We have two existing legacy web applications, one for the intranet using windows authentication within the domain, and one internet application, performing a custom web forms username + password based authentication. Now a new web applications is developed and will be available in the internet to both internet and intranet users, handling both authentication models. Therefore we decided to use WIF. We're going for ASP.NET 4.5 MVC 4 on Windows Server 2012. The intranet authentication shouldn't

问题 I am now working on a web project where the authentication mechanism chosen is windows authentication(intranet application). Once the project goes live, after a gap of two months or so, an STS will be set up. Then the web project should start using it with out much change to the code. How to do it? I plan to use claims based authentication using WIF 4.5 with my own STS ( a WCF project/web application) and take it to live. once the STS is setup in intranet(ADFS)/cloud(WAAD). I simply change

问题 I am following this tutorial which shows how to build a claims aware ASP.NET WebForms app, with a page that "displays the claims in the token that was issued to you by the Security Token Service". Note that the tutorial "does not have detailed instructions for creating a Security Token Service (STS), and assumes you have already configured an STS." Now I followed the tutorial but I did not setup an STS myself. When I ran the web app I saw a claim on that page, specifically: Claim Type: http:/

问题 I'm trying to do a really simple implementation of JWT bearer authentication with ASP.NET Core. I return a response from a controller a bit like this: var identity = new ClaimsIdentity(); identity.AddClaim(new Claim(ClaimTypes.Name, applicationUser.UserName)); var jwt = new JwtSecurityToken( _jwtOptions.Issuer, _jwtOptions.Audience, identity.Claims, _jwtOptions.NotBefore, _jwtOptions.Expiration, _jwtOptions.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);