问题
I'm trying to setup integrated OWIN WS-Federation (ADFS) authentication in a new MVC 5 project in Visual Studio 2013. WsFederation in Startup.Auth is configured as follows:
app.UseWsFederationAuthentication(wtrealm: "MyRealm",
metadataAddress: "https://myADFSInstanceHost/FederationMetadata/2007-06/FederationMetadata.xml");
Federation button at login page works fine. ADFS login page is achievable, i can log in there. Required cookies seems to being set properly. At least there is passed .AspNet.ExternalCookie cookie. But when callback to mvc app is performed, in ExternalLoginCallback controller AuthenticationManager.GetExternalLoginInfoAsync() returns always null.
回答1:
I know this is an extremely old post, but I've been working on this issue for a week and this is the ONLY resource I've found that provided any sort of help.
The comments on the original post provided exactly what I needed. In order for GetExternalLoginInfo to work, a claim of type NameIdentifier must be present. I was able to mock one of these in Startup.Auth.cs using the following code:
app.UserWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm, //defined earlier
MetadataAddress = adfsMetadata, //also defined earlier
Notifications = new WsFederationAuthenticationNotifications()
{
SecurityTokenValidated = notification =>
{
ClaimsIdentity identity = notification.AuthenticationTicket.Identity;
//loop through all the claims returned (this should return everything set up in ADFS)
foreach (var claim in notification.AuthenticationTicket.Identity.Claims)
{
if (claim.Type == ClaimTypes.Upn) //or whatever claim type you want to use as your name identifier
{
//This line will add a duplicate claim, giving it the specified type. This NEEDS TO BE `NameIdentifier`
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claim.Value));
}
}
return Task.FromResult(0);
}
}
});
来源:https://stackoverflow.com/questions/27506913/mvc5-owin-ws-federation-authenticationmanager-getexternallogininfoasync-return