wif

问题 While i started to explore WIF, i have a doubt on the following: In the Windows Identification Foundation[WIF],looking on to Security Token Service[STS], i wish to know where the federation authentication token is being saved? I think its in browser cookie, if so can anyone please give me a insight about it? 回答1: I used the 'Fiddler' Web debugger to find the answer to this question. Here's what happens: Let's suppose that the name of your application is SecureApp and the name of your STS is

问题 We have a lot of domains running on one IIS WebSite/AppPool. Right now we are in the process of implementing SSO with Windows Identity Foundation. in web.config the realm has to be set with <wsFederation passiveRedirectEnabled="true" issuer="http://issuer.com" realm="http://realm.com" requireHttps="false" /> My problem is that the realm is dependent on which domain the user accessed the website on so what I did is that I set it in an global action filter like this var module = context

问题 I'm using the Session Authentication Module to store the user claims in the authentication cookie. What is the recommended approach to update the user's claims whilst they are logged in? An example would be if they update their profile (First Name/Last Name) and we want to update the associated claims. I don't want to log the user out when this happens so DeleteSessionTokenCookie is not an option. 回答1: Set a new session cookie with SAM.WriteSessionTokenToCookie. 回答2: Leastprivilege's answer

问题 I have problem sending jwt token too a wcf service. Have followed this and it almost works. Delivering a JWT SecurityToken to a WCF client So i send a GenericXmlSecurityToken as in the link above. And have created the following handler: public class CustomJwtSecurityTokenHandler : JwtSecurityTokenHandler { public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token) { var jwtToken = (JwtSecurityToken)(token); SecurityToken securityToken; var principal = ValidateToken

问题 I have an HR web application built in ASP.Net MVC split into areas, for example Manager, Employee. These areas represent different types of users in the system who are able to to different tasks. There is a legacy database involved and information for each user type is stored in a different table. Also, The the type of information stored for each user type is different so it makes sense that the tables are separate. I am looking to implement claims based authentication for a couple reasons:

问题 I have an ASP.NET application which uses claims bases authentication against ADFS. I also map it to a WindowsClaimsIdentity by using the Claims to Windows Identity Service. That works fine. But now I need to impersonate the current request/thread so I can access a service which is not claims aware. How should I do that? Should I acquired a WindowsImpersonationContext in the Application_PostAuthenticate event and save that in the HttpContext.Items and then in the Application_EndRequest call

问题 Is it possible to share the claims based authentication of a logged in Sharepoint 2010 user with a separate Asp.net application? The following article describes how it was done using Sharepoint 2007 and forms authentication through forms auth and sharing machine keys etc however I cannot find any information regarding the external application consuming the claims authentication that is now used in Sharepoint 2010? 回答1: Who authenticates the user in SP in your app? In a claims based

问题 I have my configuration in web.config and it works fine. <configuration> <system.identityModel.services> <federationConfiguration> .... </federationConfiguration> </system.identityModel.services> </configuration> How do I move this out of web.config to a custom config file and load it from code? I want to use the same structure of this configuration so that I do not have to change anything in code if I have to change this configuration file. 回答1: You can tap into the WIF event from your

问题 I'm in the process of getting my head round using AD FS to authenticate a user in a .NET 4.5 app. I can't find any examples of requesting/receiving the token from a console app and converting that token into a ClaimsPrinciple. The only examples I can find are WCF configuration based and I would really like to see the actual code that can do this in it's simplest form. I've installed AD FS and think I've got it configured ready to receive requests. I've created a relying party, given it a key

问题 Can anyone point to sample code for actively issuing a RequestSecurityToken using the NT credentials of the Thread.CurrentPrincipal as ClaimsPrincipal ? The scenario is an asp.net web app with windows authentication enabled (so there is an authenticated WindowsIdentity). My desire is to call the STS actively rather than enabling passiveRedirect, and to do this using the .Net 4.5 identity libraries. Most code samples, such as Claims Helper for Windows Phone or Using an Active STS set the