wif

问题 I'm working on federating an application with various areas and extremely fine-grained permissions. Each of the various areas has a federated WCF endpoint to communicate back to the server. Because of the fine grained permissions, a single token containing all of the permissions can be as large as 1MB, maybe more. Requirements dictate that the user's username and password credentials must not be held within our code base after the initial log in process. The permissions cannot be combined to

问题 I need to use Windows authentication in my application along with claim-based authorization using Windows Identity Foundation. I have used following configuration for my service. <system.identityModel> <identityConfiguration> <claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/> </identityConfiguration> </system.identityModel> <system.serviceModel> <bindings> <customBinding> <binding name="CustomTcpBinding" maxConnections="50"

问题 I'm facing an exception when trying to create a JWT token in C# Web API application. Test environment Platform: Windows 10 x64 with .net framework: 4.6.1 jwt NuGet package: System.IdentityModel.Tokens.Jwt version: 4.0.2.206221351 Here is the code responsible for generating RSA keys: public SignatureInformation CreateNewSignatureInformation(int length = 0) { try { var signatureInformation = new SignatureInformation(); var rsaProvider = new RSACryptoServiceProvider(length); var publicKey =

问题 I'm facing an exception when trying to create a JWT token in C# Web API application. Test environment Platform: Windows 10 x64 with .net framework: 4.6.1 jwt NuGet package: System.IdentityModel.Tokens.Jwt version: 4.0.2.206221351 Here is the code responsible for generating RSA keys: public SignatureInformation CreateNewSignatureInformation(int length = 0) { try { var signatureInformation = new SignatureInformation(); var rsaProvider = new RSACryptoServiceProvider(length); var publicKey =

问题 Maybe this question highlights how little I know about claims identity management, but here it goes. If using WIF within an application that uses a third party STS for Identity and that uses custom claims for authorization ( something pertinent and specificto the application like CanCreateFooBar ) 1) How do I manage the users? Ie, the users from say AD or other membership provider can be identified, but internally in my system i need to know about them and have more user information that has

问题 We've built a Relying Party application based on the Windows Identity Foundation. We followed the advice in Vittorio's book and created a custom set of cookie transforms to use RSA to encrypt/sign the token. private void OnServiceConfigurationCreated( object sender, ServiceConfigurationCreatedEventArgs e ) { List<CookieTransform> sessionTransforms = new List<CookieTransform>( new CookieTransform[] { new DeflateCookieTransform(), new RsaEncryptionCookieTransform( e.ServiceConfiguration

问题 ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how

问题 I'm writing a custom implementation of SessionSecurityTokenCache and I'm somewhat confused as to what the purpose of expiryTime is in the AddOrUpdate method. As far as I can tell, the default implementation for SessionSecurityTokenCache used by WIF is the internal class MruSessionSecurityTokenCache (mentioned here). In its implementation, expiryTime is completely ignored. Also, I notice while debugging that the value that gets passed in to AddOrUpdate appears to always be token.ValidTo plus 5

问题 Consider the below Sample Scenario: I have a Single Active Directory Domain for Production, Test and for development (each separated at OU level). I want to install ADFS at test OU level and I do not want users authenticated at test OU ADFS to have access (both read and write) to other OU's. Can this be possible ? Can we restrict ADFS 2.0 to work only under a particular OU ? 回答1: Though restricting ADFS 2.0 to work under a specific OU is not feasible (from the resources I read and IMHO), we

问题 We are having problems with Safari(and Opera) and from what I have read the FedAuth cookies are just too big. There is an "neat trick" to fix this: "WIF RTM added a property to the SessionAuthenticationModule, IsSessionMode. When flipped to true, IsSessionMode has the effect of ensuring that the SessionSecurityToken remains in the cache for the whole duration of the session and generating a cookie which contains just a session identifier rather than the content of the session itself." I have