堆栈内存溢出
  简体   繁体   English

创建WCF Rest服务以接受SAML并验证Windows用户

[英]Creating an WCF rest service to accept SAML and authenticate Windows users

 原文  2017-08-10 15:27:21       c#/ wcf/ azure/ saml-2.0/ adfs3.0

问题描述

I have to create a WCF service that will receive a request with SAML assertion. 我必须创建一个WCF服务,该服务将接收带有SAML断言的请求。 Internally it needs to get the Windows user (caller user) and then impersonate the next call to an application. 在内部,它需要获取Windows用户(调用者用户),然后模拟对应用程序的下一个调用。 This application only supports AD users. 此应用程序仅支持AD用户。

I tried to get a solution but in most cases I got the solution using Azure Service bus and ACS, but in my case I do not have that. 我试图获得解决方案,但是在大多数情况下,我是使用Azure Service总线和ACS获得解决方案的,但就我而言,我却没有。 My SAML is directly passed to the WCF service (exposed over internet) and this needs to validate the token, get the windows user and then proceed with the next steps using the impersonation of that user. 我的SAML直接传递给WCF服务(通过Internet公开),这需要验证令牌,获取Windows用户,然后使用该用户的模拟进行下一步。

My ADFS is set up with a Relaying Party (that my middle ware on cloud already is using to authenticate the user). 我的ADFS是由中继方设置的(我在云上的中间件已经在用于验证用户身份)。

My questions are: 我的问题是:

  1. Do I need to set up a trust with ADFS and WCF service? 我是否需要与ADFS和WCF服务建立信任关系? Are there any links for that? 是否有任何链接?
  2. The SAML encryption is all encrypted. SAML加密均已加密。 For decrypting this at y WCF do I need the same certificate which was used during ADFS setup? 为了在y WCF上解密此文件,我需要使用ADFS设置过程中使用的同一证书吗?
  3. Can I use the same relaying party that my middle ware uses in the setting up the trust between my WCF service and ADFS? 在建立WCF服务和ADFS之间的信任关系时,我可以使用与中间件相同的中继方吗?

Any links that provide a solution would be helpful. 提供解决方案的任何链接都将有所帮助。

The diagram flow is as shown in the picture: 图流程如图所示: 在此处输入图片说明

1 个解决方案

解决方案1
 0 已采纳  2017-08-10 19:16:26

You can't use WCF to Azure (unless by Azure you mean a VM in Azure). 您不能将WCF用于Azure(除非Azure表示Azure中的VM)。 It's all web API. 都是Web API。

WCF goes straight to ADFS. WCF直接进入ADFS。 This is the WS-Fed active profile eg this . 这是WS-Fed主动配置文件,例如this

If the SAML token is encrypted in ADFS, it means the RP owns the private key. 如果SAML令牌在ADFS中加密,则意味着RP拥有私钥。 ADFS (in the RP encryption tab) only has the public key. ADFS(在RP加密选项卡中)仅具有公共密钥。

Yes, you need a separate ADFS RP for this. 是的,您需要一个单独的ADFS RP。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 创建WCF PUT Rest服务 - Creating a WCF PUT Rest service 具有多个用户的WCF REST服务基本身份验证 - WCF REST service basic authentication with multiple users 将WCF REST服务托管为Windows服务 - Hosting WCF REST Service as Windows Service 如何使用REST Service-wcf WebHttpBindig对用户进行身份验证? - how to authenticate user with rest service-wcf WebHttpBindig? 在REST WCF Web API中使用Windows身份验证对用户进行身份验证 - Authenticate User using Windows Authentication in REST WCF Web API WCF Rest服务通过浏览器进行Windows身份验证 - WCF Rest service Windows authentication via Browser Windows Phone 8.0上的HTTPS WCF服务:无法验证 - HTTPS WCF Service on Windows Phone 8.0 : Cannot authenticate 从WCF服务验证dotnetnuke - Authenticate dotnetnuke from WCF Service 从PHP调用C#创建的REST WCF服务 - Call REST WCF-Service creating by C# from PHP 在同一应用程序下为不同的WCF服务分配不同的(Windows)用户 - Assign different (windows) users for different WCF service under same application
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM