堆栈内存溢出
  简体   繁体   English

Azure ACS + MVC + WCF

[英]Azure ACS + MVC + WCF

 原文  2013-07-07 13:21:10       asp.net-mvc/ wcf/ azure/ acs

问题描述

I got a MVC web application that authorizes users through Azure ACS. 我有一个MVC Web应用程序,通过Azure ACS授权用户。 Now I want my web application to make calls to my WCF services. 现在我希望我的Web应用程序调用我的WCF服务。 Since these services can be called by other applications I want them to be secured through ACS also. 由于这些服务可以被其他应用程序调用,我希望它们也可以通过ACS进行保护。 I'm at a loss on how to set this up. 我对如何设置它感到茫然。 Can I reuse the security tokens in my WCF service calls somehow? 我可以以某种方式在WCF服务调用中重用安全令牌吗?

1 个解决方案

解决方案1
 4 已采纳  2013-07-07 17:35:39

Formally you can't because these are 2 different (autonomous) "apps". 正式你不能,因为这些是两个不同的(自治)“应用程序”。 Tokens are issued for a specific app (or "Relying Party"). 代币是针对特定应用程序(或“依赖方”)颁发的。 Your website should request a second token for the web service. 您的网站应该为Web服务请求第二个令牌。 You have 2 options: 你有2个选择:

1- Simply get a token under a service identity (that is the identity the web site is assuming) and attach it to your calls to the web service. 1-只需在服务标识(即网站所假定的标识)下获取令牌,并将其附加到您对Web服务的调用。 WCF bindings support this out of the box (albeit complex, as any WCF configuration),. WCF绑定支持这种开箱即用(尽管很复杂,与任何WCF配置一样)。

2- Get a token for WCF "on behalf" of the original user. 2-“代表”原始用户获取WCF令牌。 This is a delegation scenario, in which the identity of the original caller to the web app is transferred to the service. 这是一个委派方案,其中Web应用程序的原始调用方的身份将传输到服务。

The first option is rather simple (putting aside the WCF specifics). 第一个选项相当简单(放弃WCF细节)。 The second option is more complex one and not supported in ACS (as far as I know), because it requires a special endpoint that understands and issues ActAs tokens. 第二个选项是更复杂的选项,在ACS中不受支持(据我所知),因为它需要一个能够理解并发布ActAs令牌的特殊端点。

You could use the same token for both the web site and the service if you own both and are "the same app". 如果你自己都和“相同的应用程序”你可以用同样的网站和服务并重。 This is a pragmatic shortcut and not a pure implementation, and might have other implications (eg the same app in ACS, the WCF can't easily distinguish that it is being called from your website or external parties, etc). 这是一个实用的快捷方式而不是纯粹的实现,并且可能具有其他含义(例如,ACS中的相同应用程序,WCF无法轻易区分它是从您的网站或外部方进行调用等)。

In that case, the MVC app must keep the token that was sent to it. 在这种情况下,MVC应用程序必须保留发送给它的令牌。 There's a setting for that (bootstraptoken=true). 有一个设置(bootstraptoken = true)。 The WIF API in .NET 4.5 changed a little bit, so there might be something else. .NET 4.5中的WIF API稍有改动,因此可能还有其他内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 扩展针对MVC会话的Azure ACS声明 - Extending Azure ACS Claims for MVC Sessions 从MVC站点调用使用ACS的WCF服务 - Calling a WCF service that uses ACS from a MVC site Azure ACS WIF从MVC客户端访问原始SSO令牌 - Azure ACS WIF accessing the original SSO Token from an MVC client 带有ADFS服务器的Azure ACS - Azure ACS with ADFS Server Azure ACS 2 自定义域 - Azure ACS 2 Custom Domain MVC 4 ACS和表单身份验证 - MVC 4 ACS and Forms Authentication 身份验证表单时MVC4 Windows Azure ACS 500内部服务器错误 - MVC4 Windows Azure ACS 500 Internal Server Error when Authentication Forms 使用Firefox和Chrome时,使用Azure ACS和ADFS的MVC3站点会不断提示输入凭据 - MVC3 site using Azure ACS & ADFS continually prompts for credentials when using Firefox and Chrome 为什么在MVC Azure ACS联合身份验证中FederatedAuthentication.WSFederationAuthenticationModule为null? - Why would FederatedAuthentication.WSFederationAuthenticationModule be null in MVC Azure ACS Federated Authentication? 续订Azure ACS发行的JWT - Renew a JWT issued by Azure ACS
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM