ADFS错误-域名更改
[英]ADFS error - domain name change
问题描述
I'm currently changing the name of a website that I have developed with in Visual studio. 
我目前正在更改在Visual Studio中开发的网站的名称。 I have updated the DNS and i have changed the site name on IIS(site bindings). 我已经更新了DNS,并且更改了IIS(站点绑定)上的站点名称。 Im currently getting an ADFS error. 我目前收到ADFS错误。 Which i'm presuming is got something to do with authentication? 我认为与身份验证有关的内容是什么? The following is my web.config file. 以下是我的web.config文件。 The new name for the website is'TechnologySupport'. 该网站的新名称是“技术支持”。
<?xml version="1.0" encoding="utf-8"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=301880
-->
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="owin:AutomaticAppStartup" value="false" />
<add key="ida:FederationMetadataLocation" value="https://adfs.tech.com/federationmetadata/2007-06/federationmetadata.xml" />
**<add key="ida:Realm" value="https://website.tech.com/" />
<add key="ida:AudienceUri" value="https://website.tech.com/"** />
</appSettings>
<location path="Account">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Form/Form">
<system.web>
<authorization>
<deny users="*" />
</authorization>
<!--<customErrors mode="On" defaultRedirect="/ErrorMessages/Error" redirectMode="ResponseRedirect">
<error statusCode="401" redirect="/ErrorMessage/Error"/>
</customErrors>-->
</system.web>
</location>
<location path="ReExport/ReExport">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm" />
<authentication mode="None" />
<authorization>
</authorization>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" maxQueryStringLength="32768" />
</system.web>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
<parameters>
<parameter value="mssqllocaldb" />
</parameters>
</defaultConnectionFactory>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
<system.webServer>
<modules>
<!--<remove name="FormsAuthentication" />-->
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
<validation validateIntegratedModeConfiguration="false" />
<httpProtocol>
<customHeaders>
<clear />
<add name="X-UA-Compatible" value="IE=edge" />
</customHeaders>
</httpProtocol>
<security>
<requestFiltering>
<requestLimits maxQueryString="32768" />
</requestFiltering>
</security>
</system.webServer>
<system.identityModel>
<identityConfiguration>
**<audienceUris>
<add value="https://website.tech.com/" />
</audienceUris>**
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None" />
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://adfs.tech.com/adfs/services/trust">
<keys>
</keys>
<validIssuers>
<add name="http://adfs.tech.com/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" />
**<wsFederation passiveRedirectEnabled="true" issuer="https://adfs.tech.com/adfs/ls/" realm="https://website.tech.com/" requireHttps="true" />**
</federationConfiguration>
</system.identityModel.services>
</configuration>
1 个解决方案
解决方案1
1 已采纳 2017-01-04 18:26:19
The error you see most likely has nothing to do with your app configuration but rather with the configuration at the ADFS side . 您看到的错误很可能与您的应用程序配置无关,而与ADFS端的配置无关。
Specifically, your website is registered as so called relying party there. 具体来说,您的网站在那注册为所谓的依赖方 。 You should consult the configuration and replace values of both site identitier and ws-federation passive endpoint to a new value pointing to your new address. 您应该查阅配置,并将站点标识符和ws-federation被动端点的值替换为指向您的新地址的新值。
A detailed tutorial that shows the configuration: 显示配置的详细教程:
https://blogs.msdn.microsoft.com/card/2010/06/24/using-federation-metadata-to-establish-a-relying-party-trust-in-ad-fs-2-0/ https://blogs.msdn.microsoft.com/card/2010/06/24/using-federation-metadata-to- Establishment-a-relying-party-trust-in-ad-fs-2-0 /
When your site redirects to ADFS, it identifies itself by appending either its id or endpoint or both: 当您的站点重定向到ADFS时,它通过附加其ID或终结点或同时附加这两者来标识自身:
https://adfs.site/adfs/ls/?wa=wsignin1.0&wtrealm=yourappid&wreply=https://yourapppassiveendpoint
While the two do not match with values stored in ADFS config , you will always get this error message. 尽管两者与ADFS config中存储的值不匹配 ,但您始终会收到此错误消息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.