adfs

问题 Consider the below Sample Scenario: I have a Single Active Directory Domain for Production, Test and for development (each separated at OU level). I want to install ADFS at test OU level and I do not want users authenticated at test OU ADFS to have access (both read and write) to other OU's. Can this be possible ? Can we restrict ADFS 2.0 to work only under a particular OU ? 回答1: Though restricting ADFS 2.0 to work under a specific OU is not feasible (from the resources I read and IMHO), we

问题 I have a c# console application that references the ADAL.net library (Microsoft.IdentityModel.Clients.ActiveDirectory version 2.19.208020213) The purpose of the console app is to consume a HTTP endpoint which is protected with ADFS. The implementation of the ADFS auth is as follows.... var uc = new UserCredential("user", "password"); var ctx = new AuthenticationContext("https://sts.example.com/adfs", false); var token = ctx.AcquireToken(ClientResourceUri, ClientId, uc); The call to

问题 Using Windows Identity Foundation (WIF) in tandem with a Security Token Service (STS), is it possible to create complex claims that could satisfy a question such as: For a user with a claim to a role "Support", that user: Can only view and use resource1 CAN NOT update, create, or delete resource2 CAN NOT create, or delete resource3 Can only use and update resources with a "resource" tag. It's a necessarily contrived example but is this possible? I'm thinking I want to authorize the

问题 On my MVC site, I redirect to an ADFS login page if I detect an ADFS account is being used. After the user enters their ADFS credentials, the ADFS site posts a WsFederationMessage back to my site. How can I validate the ADFS token that is presented to my site as part of this WsFederationMessage ? Inside of an AuthenticationHandler middleware class, I have the following relevant code which calls the ValidateToken method: IFormCollection form = await Request.ReadFormAsync(); WsFederationMessage

问题 I have this Windows console application which is trying to perform windows authentication against ADFS. I'm already able to authenticate by using username/password but I don't want to do it this way since the user has already been authenticated in Windows. I have this code: //Setup the connection to ADFS const string adfsEndpoint = "https://iis.dev.lab/adfs/services/trust/13/windowsmixed"; var factory = new WSTrustChannelFactory(new WindowsWSTrustBinding(SecurityMode

问题 I am working on a asp.net web application that has is a part of TFS and is used by the development team. Recently as part of the project we setup ADFS and are now attempting to enforce authentication of the project to an ADFS server. On my development machine I have gone through the steps of adding STS reference which generates the Federation Meta-Data as well as updates the web.config file for the project. Authorization within the web.config uses thumbprint certification which requires me to

问题 I am trying to write an WPF client which uses ADAL to authenticate against ADFS on a Windows Server 2012 R2. I have successfully implemented this using "Forms Authentication" where the user is prompted for the domain username and password. However, I want to take advantage of SSO and use the currently logged on domain user to authenticate against the ADFS. Unfortunately, I'm only getting an error message saying: This method overload is not supported by '< ADFS servername>' I have done a lot

问题 I am trying to write an WPF client which uses ADAL to authenticate against ADFS on a Windows Server 2012 R2. I have successfully implemented this using "Forms Authentication" where the user is prompted for the domain username and password. However, I want to take advantage of SSO and use the currently logged on domain user to authenticate against the ADFS. Unfortunately, I'm only getting an error message saying: This method overload is not supported by '< ADFS servername>' I have done a lot

问题 I am currently generating SAML tokens from ADFS like this: WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://adfs.company.com/adfs/services/trust/13/usernamemixed")); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "user"; factory.Credentials.UserName.Password =

问题 I am currently generating SAML tokens from ADFS like this: WSTrustChannelFactory factory = null; try { // use a UserName Trust Binding for username authentication factory = new WSTrustChannelFactory( new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential), new EndpointAddress("https://adfs.company.com/adfs/services/trust/13/usernamemixed")); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.UserName.UserName = "user"; factory.Credentials.UserName.Password =