wif

问题 Now this is odd. After completing some research on claims based solutions in .NET, found that different authors refer to different classes in .NET namespace when actually speaking on the same matter. Claim class (not to mention other Identity, Principal, Manager, Helper classes around) is defined in 3 different namespaces. It is clear that WIF is separate add-on for .NET 3.5 and 4.0 and that it is rewritten and made part of core in 4.5. However it could really help to have clear directions on

问题 Now this is odd. After completing some research on claims based solutions in .NET, found that different authors refer to different classes in .NET namespace when actually speaking on the same matter. Claim class (not to mention other Identity, Principal, Manager, Helper classes around) is defined in 3 different namespaces. It is clear that WIF is separate add-on for .NET 3.5 and 4.0 and that it is rewritten and made part of core in 4.5. However it could really help to have clear directions on

问题 I'd like to do something like outputIdentity.Claims.Add(new Claim("Claim1", "<test>Hi</test>")) However the security node within the response header itself shows it as <Attribute Name="Claim1"><AttributeValue><test>Hi</test></AttributeValue></Attribute> I know they are reserved XML characters getting translated but can't I specify that I want that node structure in my attribute? NOTE: I've also tried wrapping it in CDATA however it serializes that tag too. When I replace the translated

问题 I've been researching a way of changing IssuedTokenAuthentication certs in a WCF after the service has started listening to its connection. I know that I could change the certs just by going into the web.config and then resetting the service so it loads the new settings, but I need to do it on the fly without any downtime. I know that I could get the current ServiceHost instance by doing: ServiceHost host = (ServiceHost)OperationContext.Current.Host; and then I could access its service certs

问题 Using Windows Identity Foundation (WIF) in tandem with a Security Token Service (STS), is it possible to create complex claims that could satisfy a question such as: For a user with a claim to a role "Support", that user: Can only view and use resource1 CAN NOT update, create, or delete resource2 CAN NOT create, or delete resource3 Can only use and update resources with a "resource" tag. It's a necessarily contrived example but is this possible? I'm thinking I want to authorize the

问题 I have a web application written in ASP .NET MVC 3. I'm using ACS for authenticating my users and I defined Google, Windows Live, Yahoo! and Facebook as identity providers. Now I want to expose a REST API for the application (I want to create an app for WP7). Some of the calls require that the user is authenticated so I thought I should pass a token in the authentication header of the request. What is the best approach to do this with ACS? Is the ACS able to provide me these kind of tokens or

问题 I have what I think is a fairly complicated question so I will do my best to articulate it here. I am looking for a single sign on (SSO) solution. I am aware of many of the options out there but have ruled most of them out as I add criteria that they need to meet. Here are the criteria: 1.) The SSO must be added to an existing "system". 2.) The existing "system" consists of "X" number of websites. 3.) All of the "x" websites are e-commerce. 4.) The websites are all owned by company Y, for

问题 I am playing with windows identity foundation and I am trying to create an MVC.NET based Security Token Service and use it as the Single Sign On application. My only problem is that I don't know how to generate the federationmetadata.xml file. Is there any tool to generate this file manually? 回答1: I created a custom metadata generator that does what VS does when you create the STS project. I had to use Reflection to call the code because as usual everything useful is internal in Microsoft's

问题 The error: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer. The situation: I have 3 or 4 asp.net apps running on a single IIS server (my QA environment), that this morning began returning this error. I start out on an anonymous site, click a link to a secure section, get redirected to my federation services proxy, authenticate, and am

问题 I have a wcf webservice that uses WIF for authentication. Part of the responsibility of this webservice is to generate a report and email it. If I render the report with data only everything is fine. If I include any report parameters, report constants, or even just DateTime.Now I get the following exception: An error occurred during local report processing.Failed to load expression host assembly. Details: Request for the permission of type 'System.Security.Permissions.SecurityPermission,