1. 技术文章
  2. How to grab serialized in http request claims in a code using WIF?

How to grab serialized in http request claims in a code using WIF?

僤鯓⒐⒋嵵緔 提交于 2020-01-15 11:54:48

问题


ADFS 2.0, WIF (WS-Federation), ASP.NET: There is no http modules or any IdentityFoundation configuration defined in a web.config (like most WIF SDK samples show), instead everything is done via program code manually using WSFederationAuthenticationModule, ServiceConfiguration and SignInRequestMessage classes. I do http redirect to ADFS in a code and it seems to work fine, returning claims and redirecting user back to my web site with serialized claims in http request. So the question is how to parse this request using WIF classes, properties and methods and extract claims values from there? Thanks


回答1:


Just in case want to share my experience, it might help somebody in the future. Well, solution I finally came to looks like this:

 var message = SignInResponseMessage.CreateFromFormPost(Request) as SignInResponseMessage;

 var rstr = new WSFederationSerializer().CreateResponse(message, new WSTrustSerializationContext(SecurityTokenHandlerCollectionManager.CreateDefaultSecurityTokenHandlerCollectionManager()));

 var issuers = new ConfigurationBasedIssuerNameRegistry();
 issuers.AddTrustedIssuer("630AF999EA69AF4917362D30C9EEA00C22D9A343", @"http://MyADFSServer/adfs/services/trust");

 var tokenHandler = new Saml11SecurityTokenHandler {CertificateValidator = X509CertificateValidator.None};   
 var config = new SecurityTokenHandlerConfiguration{
     CertificateValidator = X509CertificateValidator.None,
     IssuerNameRegistry = issuers};

 config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("MyUri"));
 tokenHandler.Configuration = config;
 using(var reader=XmlReader.Create(new StringReader(rstr.RequestedSecurityToken.SecurityTokenXml.OuterXml)))
   {
     token = tokenHandler.ReadToken(reader);
   }
 ClaimsIdentityCollection claimsIdentity = tokenHandler.ValidateToken(token);

I found few similar code that uses SecurityTokenServiceConfiguration (it contains token handlers) instead of Saml11SecurityTokenHandler to read and parse token, however it did not work for me because of certificate validation failure. Setting SecurityTokenServiceConfiguration.CertificateValidator to X509CertificateValidator.None did not help coz Security Token Handler classes uses their own handler configuration and ignores STS configuration values, at least if you specify configuration parameters through the code like I did, however it works fine in case configuration is defined in web.config.



来源:https://stackoverflow.com/questions/8526300/how-to-grab-serialized-in-http-request-claims-in-a-code-using-wif

标签
single-sign-on
wif
adfs2.0
ws-federation
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!