在 ASP.Net 核心上处理 ADFS 响应
[英]Handle ADFS Response on ASP.Net core
问题描述
I followed the asp docs about how to integrate WSFederation Authentification.
我遵循了有关如何集成 WSFederation 身份验证的 asp 文档。 Everythings seems to works fine, when I click on the login button I'm redirect to ADFS authentification, if I log successfully, I am redirected to a custom URL of my own site which is my-site/signin-federation and I have on the post form all the information I need :一切似乎都很好,当我单击登录按钮时,我将重定向到 ADFS 身份验证,如果我登录成功,我将被重定向到我自己的站点的自定义 URL,即my-site/signin-federation,并且我已打开帖子形成了我需要的所有信息:
wa: wsignin1.0
wresult: <t:RequestSecurityTokenResponse
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2018-05-23T11:08:47.185Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">2018-05-23T12:08:47.185Z
....
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
</t:RequestSecurityTokenResponse>
wctx: CfDJ8Lp0GPWDKXhKtxXAHQ4o3dnyz4eNuSpptiYpvV5V4p3k-
x0vqv5k3mUfURKB37wOgTPsPfT7ThPoS7fwQMDmZzgXDRcvKG5ZWrorGj3TZLBQew5rKtoU9vjP4_4O
AdvsySsre3GL9yycNirU6ld_Gn_YKVYguhRygMLKkajlM3vtbsM2XYiFdTgRIcPt_l1xJNwOD2KblRh-xTuiHnli0wVokPt-gokwP7uIbo7E50j2mL15oL802QF_c_U_-4nB81oBouZXJSw7rCY-ahzVIFc
I put the ID Name in the revendication just like explained by the docs.我把 ID 名称放在了复仇中,就像文档中解释的那样。 So now in my ASP.Net Core application on my custom URL, I got that :所以现在在我的自定义 URL 上的 ASP.Net Core 应用程序中,我得到了:
[HttpPost]
[AllowAnonymous]
[Route("/signin-federation")]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
return RedirectToAction(nameof(Login));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
return RedirectToAction(nameof(Login));
}
// Sign in the IdentityUser with this external login provider if the IdentityUser already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
if (result.Succeeded)
{
return Redirect(returnUrl);
}
return Ok();
}
but info is always null and I don't know how to force parsing the form data ...但 info 始终为空,我不知道如何强制解析表单数据...
1 个解决方案
解决方案1
0 2021-10-18 18:51:13
You just need to change the WS-Federation Passive Endpoint to be the same as you have as the identifier, doing this you will have access to the SecurityTokenValidated event;您只需要将 WS-Federation Passive Endpoint 更改为与标识符相同,这样做您将可以访问 SecurityTokenValidated 事件; the ticket and the claims will be accessible now from context.SecurityToken and context.Principal.Claims.现在可以从 context.SecurityToken 和 context.Principal.Claims 访问票证和声明。
On this page https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-5.0 you can see in the 'Configure Url' step this solution.在此页面https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-5.0 上,您可以在“配置 URL”步骤中看到此解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.