问题
I am trying to create an application that requires user authentication over active directory to return a token, but I am not sure how to use it correctly.
I've been looking at Authenticate user by ADFS (Active Directory Federation Service) but I am not sure how to create a Request Security Token or how to use it correctly.
Are there any working examples for this available? Any help is appreciated.
回答1:
It depends on whether you're using WIF or .NET 4.5 System.IdentityModel.
Using WIF:
string endpointUri = string.Format("https://{0}/adfs/services/trust/13/usernamemixed", _serverName);
var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(
new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(endpointUri));
factory.TrustVersion = TrustVersion.WSTrust13;
if (factory.Credentials != null)
{
factory.Credentials.UserName.UserName = "UserName";
factory.Credentials.UserName.Password = "password";
}
var rst = new RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(_relyingPartyUri),
KeyType = WSTrust13Constants.KeyTypes.Bearer,
};
var channel = factory.CreateChannel();
SecurityToken token = channel.Issue(rst);
return token;
回答2:
Using .NET 4.5 System.IdentityModel, you'll need to define the UserNameWSTrustBinding yourself:
public class UserNameWSTrustBinding : WS2007HttpBinding
{
public UserNameWSTrustBinding()
{
Security.Mode = SecurityMode.TransportWithMessageCredential;
Security.Message.EstablishSecurityContext = false;
Security.Message.ClientCredentialType = MessageCredentialType.UserName;
}
}
string endpointUri = string.Format("https://{0}/adfs/services/trust/13/usernamemixed", _serverName);
var factory = new WSTrustChannelFactory(new UserNameWSTrustBinding(), endpointUri)
{
TrustVersion = TrustVersion.WSTrust13
};
factory.Credentials.UserName.UserName = "UserName";
factory.Credentials.UserName.Password = "password";
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointReference(_relyingPartyUri),
KeyType = KeyTypes.Symmetric
};
var channel = factory.CreateChannel();
return channel.Issue(rst);
回答3:
It depends on which type of application you are using. Authentication over ADFS using WIF comes in two flavors: - Passive authentication using Asp.net web form or MVC. You can refer to this article: Claims Aware MVC4 App using WIF Identity and Access tool in .Net 4.5
- Active authentication when the application is a Web Service like WCF. This article can help: Claims Aware WCF using WIF in .Net 4.5
Also depending on the .NET framework you are using, you will need to download either one of the following: - WIF Runtime and WIF SDK for .NET 4.0 - Identity and Access Tool for .NET 4.5
来源:https://stackoverflow.com/questions/29481611/authentication-in-c-sharp-with-active-directory