问题
Is it possible to set up the realm URL, claim types, etc for azure ACS without editing the web.config? Can you set up these required elements programmatically somehow?
EDIT: Specifically I want to get rid of this:
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://mynamespace.accesscontrol.windows.net/v2/wsfederation" realm="http://localhost:81/" requireHttps="false" />
</federatedAuthentication>
Basically, I don't want the realm being specified in the web config, but rather in code somewhere. I've tried overriding ClaimsAuthenticationManager and commenting out the portions to the code related to FederatedAuthentication. My overridden authenticate code is hit, but it doesn't contain any claims. I'm assuming that this is because FederatedAuthentication is an intermediary which performs its own authentication before it gets to the overridden ClaimsAuthenticationManager normally. Is there a way to override the FederatedAuthentication portion in a similar manner? Or is there information passed into the overridden authenticate method that I can use to perform my own authentication?
回答1:
To remove that xml line from the web config, I made my own WSFederationAuthenticationModule overriding the old one, like so:
public class CustomWSFederationAuthenticationModule : WSFederationAuthenticationModule
{
protected override void InitializePropertiesFromConfiguration(string serviceName)
{
this.Realm = "http://localhost:81/";
this.Issuer = "https://acsnamespace.accesscontrol.windows.net/v2/wsfederation";
this.RequireHttps = false;
this.PassiveRedirectEnabled = true;
}
}
And the important part of the web.config:
<modules runAllManagedModulesForAllRequests="true">
<add name="WSFederationAuthenticationModule" type="CustomModuleLocation.CustomWSFederationAuthenticationModule, CustomModuleLocation" preCondition="managedHandler"/>
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="managedHandler" />
</modules>
Also the federatedAuthentication section of the XML is removed entirely.
回答2:
Yes, FedUtil does this. It's a utility that comes with the Windows Identity Foundation (WIF) SDK and you can invoke it from visual studio.
http://msdn.microsoft.com/en-us/library/ee517285.aspx
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4451
EDIT: I may have misunderstood your question. FedUtil is a utility that configures your web.config for you. If instead you want to configure your application in code, that's also possible. The WIF documentation on MSDN should demonstrate how to do this:
http://msdn.microsoft.com/en-us/library/ee766446.aspx
回答3:
Handle FederationConfigurationCreated event of FederatedAuthentication class, e.g. in Application_Start of Global.asax:
void Application_Start(object sender, EventArgs e)
{
FederatedAuthentication.FederationConfigurationCreated += FCC;
}
private void FCC(object sender, FederationConfigurationCreatedEventArgs e)
{
e.FederationConfiguration.WsFederationConfiguration.PassiveRedirectEnabled = true;
e.FederationConfiguration.WsFederationConfiguration.Issuer = "https://mynamespace.accesscontrol.windows.net/v2/wsfederation";
e.FederationConfiguration.WsFederationConfiguration.Realm = "http://localhost:81/";
e.FederationConfiguration.WsFederationConfiguration.RequireHttps = false;
}
来源:https://stackoverflow.com/questions/9473188/is-it-possible-to-get-acs-claims-without-editing-web-config