wif

I have implementation of a custom STS. After being authenticated and redirected but before the page was loaded I would receive this error: [CryptographicException: Digest verification failed for Reference '#_8e0aea1a-713d-4536-8fac-a768073395e9'.] The reference number would change every time I tried. I eventually found out that the claims, I had loaded from the database, had carriage return line feeds. Once I replaced those I had no more issues. 来源： https://stackoverflow.com/questions/19013666/digest-verification-failed-for-reference

I'm trying to put together FederatedAuthentication with .NET 4.5, MVC 4, and active redirect using a custom server-side login page, using code from this tutorial, and from this code sample. Redirecting to the LogOn method of my AccountController works fine, and the method looks like this: public ActionResult LogOn() { HrdClient hrdClient = new HrdClient(); WSFederationAuthenticationModule fam = FederatedAuthentication.WSFederationAuthenticationModule; /*** Fails here because this is null **/ HrdRequest request = new HrdRequest(fam.Issuer, fam.Realm, context: Request.QueryString["ReturnUrl"]);

In the Windows Identity Foundation (WIF) 4.5 config, what is the relationship between issuerNameRegistry and certificateValidation ? What portion of a SAML 2.0 assertion is validated by each? For example: the code & config below will verify that the issuer cert has the given thumbprint. But I assume a certificateValidationMode other than "None" will validate some additional details? var handlers = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers; var token = handlers.ReadToken( myxmlReader ); var identities = handlers.ValidateToken( token ); config:

I downloaded the sample login page from the ACS portal for my application, which is a html file. I then configured my application with WIF, and everything worked perfectly. Since we need to handle and save an incoming querystring, so that querystring can be used later after the user had been logged in, we needed to move the html login page to a aspx page. The problem is that when I change the issuer for WIF in the web.config file to the aspx file, it stops working. When it works it looks like this: <certificateValidation certificateValidationMode="None" /> <federatedAuthentication>

I have 2 ASP.Net applications: App1 and App2. Both applications are standard web apps that use WIF with the same ADFS server to authenticate the user, but App2 also exposes some WebAPI services. When the user goes to App1, App1 calls a service on App2 and I need to somehow call the App2 service with the user's token. If the user, themselves, were calling the service on App2, they would go through the same ADFS authentication and everything would work, but it's App1 that's calling the service on App2, not the user. Any thoughts on how this might be done? Thanks! You can use WS-Trust (ActAs) to

In our MVC5-application with OWIN, we use additional to the local accounts also external logins (google). When the user logs in with its local account, he can activate the option to remember him, so he has not to log-in every time newly. When he logs in with his Google-account, he every time must click newly on the external login-button for google. Is there a built-in option to activate the “remember me”-option also for external logins? Or is there a secure way to add this feature? You just need to set IsPersistent to true to accomplish this when you sign in the user identity (you would want

I'd like to move a site that currently uses the standard ASP.NET membership provider to use claims-based authentication through Windows Identity Foundation and Azure ACS. We're going to surface the site using OAuth 2.0 secured REST services so this seems a sensible approach to follow. We also have a need to federate our authentication with external third-party ADFS and other systems, which is precisely the problem that ACS solves very well. However, I would also like to retain the ability for our existing users to use their existing credentials. To do this I think I need a custom STS that