问题
Completely new to ADFS, WIF, claims.. I followed the code in the question: ASP.NET web forms - how to combine WIF authentification with membership provider and role provider and was able to use it to passively authenticate user logged in against AD FS. However, I'm at a lost as to how tp query AD FS for this user to retrieve some of its LDAP attributes as I've configured them through the Relying Party Trust's Claims Rules as I configured within the ADFS Server. Any ideas? Was hoping to use similar code as I've referenced above to retrieve the claims instead of authenticating.
回答1:
Biggest part of the problem is that the mentioned code doesn't rely on ADFS at all. Rather, it creates the identity locally.
I believe you should rather use a passive flow with ADFS, i.e. you want your browser to be redirected to ADFS and then you want user claims back. One of the easiest ways is described here, in one of my tutorials:
http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html
来源:https://stackoverflow.com/questions/29084449/asp-net-wif-retrieve-ldap-attributes-as-claims-from-ad-fs-server